Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCISMPG.RVW 20051204 The CISM Prep Guide , Ronald L. Krutz/Russell Dean Vines, 2003, 0-471-45598-9, U$60.00/C$92.95/UK#41,95 %A Ronald L. Krutz %A
    Message 1 of 1 , Mar 13, 2006
    • 0 Attachment
      BKCISMPG.RVW 20051204

      "The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2003,
      0-471-45598-9, U$60.00/C$92.95/UK#41,95
      %A Ronald L. Krutz
      %A Russell Dean Vines
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2003
      %G 0-471-45598-9
      %I John Wiley & Sons, Inc.
      %O U$60.00/C$92.95/UK#41,95 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0471455989/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0471455989/robsladesin03-20
      %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 433 p. + CD-ROM
      %T "The CISM Prep Guide"

      The CISM (Certified Information Systems Manager) is ISACA's
      (Information Systems Audit and Control Association) extension to its
      more widely known CISA (Certified Information Systems Auditor) (cf.
      BKCISAPG.RVW) designation. It basically covers the material addressed
      in the CISSP (Certified Information Systems Security Professional)
      security management domain, with additional material on incident

      The chapters in this book follow the five domains of the CISM.
      Chapter one deals with information security governance, also passing
      quickly over some of the areas of technical security controls. Risk
      management is addressed in chapter two, with a concentration on the
      NIST (US National Institute of Standards and Technology) risk
      assessment framework: an indication of the concentration on US
      standards in this work and certification. Information security
      program management, in chapter three, includes topics such as formal
      models, project management, and the system development life cycle.
      (There is a lack of clarity in some of the explanations of specific
      models that may lead readers into error.) Information security
      management, in chapter four, is even more of a grab bag, looking at US
      regulations, contracts, auditing, and security reviews. Chapter five
      covers incident response, disaster recovery, and forensics.

      The book also contains a set of questions. They are quite vague, and,
      if representative of the CISM itself, that certification is only
      looking for familiarity with topics.

      copyright Robert M. Slade, 2005 BKCISMPG.RVW 20051204

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      You can observe a lot by just watching. - Yogi Berra
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.