xi
© 2011 by Taylor & Francis Group, LLC
Foreword
Information security is a complex eld that requires not only a strong technical
acumen, but also the ability to apply management principles to the development
and implementation of an eective information security management program.
Information security executives—chief information security ocers, senior secu-
rity executives, chief information ocers, and chief technology ocers—must be
able to understand risks to organizational assets and determine how to best allo-
cate nancial and personnel resources to achieve information security management
goals and fulll all compliance requirements. We have an unprecedented need for
leaders in this eld who are equipped with the knowledge and experience necessary
to ensure that our systems and networks are operating securely and reliably.
Information security managers and executives are entrusted with ensuring
that their organization’s proprietary information is secure. Failure to achieve and
maintain compliance with government and industry regulations can disrupt criti-
cal business operations, ultimately devastating the company, its stakeholders, and
its business partners. We believe that eective information security management
begins with certifying and educating the information security workforce—from
top security executives building the foundation for an organization’s security
framework to security practitioners who are down in the trenches, actively protect-
ing our systems and networks.
e Certied Information Systems Security Professional-Information Systems
Security Management Professional (CISSP-ISSMP) assesses an individual’s under-
standing of security management practices, management of compliance initiatives,
business continuity and disaster recovery planning, and legal issues. Obtaining
the CISSP-ISSMP validates that you have the knowledge to create and implement
eective information security management programs to meet the security needs of
your organization.
As the recognized global leader in the eld of information security education
and certication, (ISC)
2
’s mission is to promote the development of information
security professionals throughout the world. It is our pleasure to provide you with
this comprehensive reference. We believe you will nd the CISSP-ISSMP to be an
informative and challenging step in advancing your career development.