Certified Information Security Manager Exam Prep Guide

Second Edition

Gain the confidence to pass the CISM exam using test-oriented study material

Hemang Doshi

BIRMINGHAM—MUMBAI

Certified Information Security Manager Exam Prep Guide

Second Edition

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Author: Hemang Doshi

Reviewers: Zeshan Ahmad, Pushkar Nagle, Kartik Sharma, and Wei Tschang

Publishing Product Manager: Anindya Sil

Acquisitions Editor: Sneha Shinde

Development Editor: Shubhra Mayuri

Production Editor: Shantanu Zagade

Editorial Board: Vijin Boricha, Megan Carlisle, Elliot Dallow, Ketan Giri, Heather Gopsill, Akin Babu Joseph, Bridget Kenningham, Alex Mazonowicz, Monesh Mirpuri, Aaron Nash, Abhishek Rane, Ankita Thakur, Nitesh Thakur, and Jonathan Wray

First published: November 2021

Second edition: December 2022

Production reference: 1141222

ISBN 978-1-80461-063-3

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

• Spend less time learning and more time coding with practical eBooks and videos from over 4,000 industry professionals
• Improve your learning with Skill Plans built especially for you
• Get a free eBook or video every month
• Fully searchable for easy access to vital information
• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.

About the reviewers

Zeshan Ahmad is a specialist in cybersecurity who has worked with Fortune 500 companies and clients across banking and finance, life sciences, telecom, and technology sectors on application security, project management, program design and maturity, risk management, and information security governance.

He presently works as a senior analyst for a Fortune 100 financial services company and is certified as a CISM, CISA and ISO 27001:2013 Lead Auditor.

Pushkar Nagle is an InfoSec professional with 12 years of experience, holding professional IT certifications including CISM, CISSP, CEH, and CCNA. Pushkar attained a Licentiate Diploma in Electronics from VJTI, a B.Engg. in Electronics from Mumbai University, and currently pursuing an M.Sc. in Cyber Security from the University of York. Pushkar has held several positions, including penetration tester, vulnerability manager, risk management advisor, and application security consultant. Pushkar has experience in handling large and complex penetration testing projects, providing risk advisory to businesses, and assisting organizations in vulnerability remediation.

Pushkar has managed 500+ onsite/offsite Web Application pentests, Mobile applications, Infrastructure, Build & Code reviews, and other risk-based security testing projects.

"I would like to thank my parents, Sanjay and Kavita, and my wife, Ashvini for their motivation and support."

– Pushkar

Kartik Sharma has over 18 years of experience in information technology. He holds certifications like CISSP, CISM, CRISC, CDPSE, and Security certifications from all major cloud providers like AWS, Google, Azure, Oracle, and Alibaba. He has contributed to the development of various certification exams for ISC2, AWS, and Adobe, by serving as a subject matter expert (SME). He is currently working as a Director, Solution Architect at Wiley. His areas of expertise include Cloud Technologies, Cloud Security, Information Security, Data Privacy, Marketing Technologies, Identity & Access Management, and Microservices.

He can be reached via LinkedIn at https://www.linkedin.com/in/kartiksharma84. You can find more about him at his personal site http://www.kartiksharma.us.

"I would like to thank my wife, Punima Sharma, for her support, understanding, and patience during the long hours of work. I would also like to thank my parents, siblings, and friends for their constant encouragement."

– Kartik

Wei Tschang has more than 20 years of experience spanning various information technology disciplines within the banking, legal, and manufacturing industries. He is a passionate member of the ISACA Community, serving as a board member in various leadership roles for his local ISACA chapter since 2013. He has received multiple volunteer awards for his contributions to the chapter. He presented at conferences on cybersecurity topics. Wei holds the following certifications: CISA, CISM, CGEIT, CISSP, CIPP, SSCP, and ABCP. Wei lives in New Jersey with his wife, daughter, and golden retriever.

Packt is searching for authors like you

If you are interested in becoming an author for Packt, please visit authors. packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.