- This + 400k other summaries
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding

A snapshot of the summary - CISM Notes
-
1 GOVERNANCE
-
1.0.2 Priorities for the CISM p1
This is a preview. There are 5 more flashcards available for chapter 1.0.2
Show more cards here -
Difference between accountability and reponsibilityA: ultimate control/legally liable R: contributions to end result
-
1.0.6 Evaluating the security environment
This is a preview. There are 4 more flashcards available for chapter 1.0.6
Show more cards here -
Difference between auditing and testing
A: compliance
T: effficiency -
SEIM stands for (SEM, SIM)Security Event and Incident Monitoring
-
1.0.7 The information security program
This is a preview. There are 5 more flashcards available for chapter 1.0.7
Show more cards here -
ISO 27001 PDCA Cycle entails:Plan - Do - Check - Act -
Which key areas of IS are measured with a balanced scorecard?
- Financial metrics
- Customer metrics
- Internal process measures
- Measures of learning and growth
-
1.0.8 Information security strategy
This is a preview. There are 6 more flashcards available for chapter 1.0.8
Show more cards here -
What is the goal of information security?To protect the
organization's assets, individuals, mission and vision -
How is the goal of information security achieved (3 areas)?
- Asset identification
- Classification
- Application of controls
-
What does an ISRM strategy provide?It provides an organization with a roadmap for information and and information infrastructure protection with goals and objectives that ensure capabilities provided are aligned to business goals and the organization's risk profile.
-
What do long-term objectives describe?"Desired state" -
1.0.9 Roles and responsibilities
This is a preview. There are 7 more flashcards available for chapter 1.0.9
Show more cards here -
Executive management is responsible for:
Implementing effectivegovernance - Defining strategic security objectives
- Budget and support
- Monitoring regulatory compliance
- Higher grades + faster learning
- Don't study anything twice
- 100% sure, 100% understanding
The following topics are covered in this summary
-
responsible, security, risk
-
security, information, role
-
security, risk, policies
-
security, responsibility, senior
-
role, ism, ciso
-
business, risk, securitystrategic
-
risk, included, critical
-
security, business, architecture
-
control, cobit, objectives
-
bia, consequences, support
-
lines, risk, oversee
-
risk, analysis, assessment
-
risk, rm, management
-
risk, information, value