[ISN] REVIEW: "The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines

From: InfoSec News (isn@private)
Date: Wed Mar 15 2006 - 00:23:41 PST


Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade@private>

BKCISMPG.RVW   20051204

"The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2003,
0-471-45598-9, U$60.00/C$92.95/UK#41,95
%A   Ronald L. Krutz
%A   Russell Dean Vines
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2003
%G   0-471-45598-9
%I   John Wiley & Sons, Inc.
%O   U$60.00/C$92.95/UK#41,95 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471455989/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0471455989/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0471455989/robsladesin03-20
%O   Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   433 p. + CD-ROM
%T   "The CISM Prep Guide"

The CISM (Certified Information Systems Manager) is ISACA's
(Information Systems Audit and Control Association) extension to its
more widely known CISA (Certified Information Systems Auditor) (cf.
BKCISAPG.RVW) designation.  It basically covers the material addressed
in the CISSP (Certified Information Systems Security Professional)
security management domain, with additional material on incident
response.

The chapters in this book follow the five domains of the CISM. 
Chapter one deals with information security governance, also passing
quickly over some of the areas of technical security controls.  Risk
management is addressed in chapter two, with a concentration on the
NIST (US National Institute of Standards and Technology) risk
assessment framework: an indication of the concentration on US
standards in this work and certification.  Information security
program management, in chapter three, includes topics such as formal
models, project management, and the system development life cycle. 
(There is a lack of clarity in some of the explanations of specific
models that may lead readers into error.)  Information security
management, in chapter four, is even more of a grab bag, looking at US
regulations, contracts, auditing, and security reviews.  Chapter five
covers incident response, disaster recovery, and forensics.

The book also contains a set of questions.  They are quite vague, and,
if representative of the CISM itself, that certification is only
looking for familiarity with topics.

copyright Robert M. Slade, 2005   BKCISMPG.RVW   20051204


======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
In a real dark night of the soul it is always three o'clock in
the morning, day after day.                    - F. Scott Fitzgerald
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Wed Mar 15 2006 - 00:51:34 PST