Building A Practical Information Security Program

Building a Practical Information Security Program

CISM Certified Information Security Manager Bundle

This cost-effective study bundle contains two books and bonus online content to use in preparation for the CISM exam Take ISACA’s challenging Certified Information Security Manager exam with confidence using this comprehensive self-study package. Comprised of CISM Certified Information Security Manager All-in-One Exam Guide, CISM Certified Information Security Manager Practice Exams, and bonus digital content, this bundle contains 100% coverage of every domain on the current exam. Readers will get real-world examples, professional insights, and concise explanations. CISM Certified Information Security Manager Bundle contains practice questions that match those on the live exam in content, style, tone, format, and difficulty. Every domain on the test is covered, including information security governance, information risk management, security program development and management, and information security incident management. This authoritative bundle serves both as a study tool AND a valuable on-the-job reference for security professionals. Readers will save 22% compared to buying the two books separately Online content includes 550 accurate practice exam questions and a quick review guide Written by an IT expert and experienced author

A Practical Guide to Managing Information Security

This groundbreaking book helps you master the management of information security, concentrating on the recognition and resolution of the practical issues of developing and implementing IT security for the enterprise. Drawing upon the authors' wealth of valuable experience in high-risk commercial environments, the work focuses on the need to align the information security process as a whole with the requirements of the modern enterprise, which involves empowering business managers to manage information security-related risk. Throughout, the book places emphasis on the use of simple, pragmatic risk management as a tool for decision-making. The first book to cover the strategic issues of IT security, it helps you to: understand the difference between more theoretical treatments of information security and operational reality; learn how information security risk can be measured and subsequently managed; define and execute an information security strategy design and implement a security architecture; and ensure that limited resources are used optimally. Illustrated by practical examples, this topical volume reveals the current problem areas in IT security deployment and management. Moreover, it offers guidelines for writing scalable and flexible procedures for developing an IT security strategy and monitoring its implementation. You discover an approach for reducing complexity and risk, and find tips for building a successful team and managing communications issues within the organization. This essential resource provides practical insight into contradictions in the current approach to securing enterprise-wide IT infrastructures, recognizes the need to continually challenge dated concepts, demonstrates the necessity of using appropriate risk management techniques, and evaluates whether or not a given risk is acceptable in pursuit of future business opportunities.