ISACA® CISM® study guide mind map

Iniziamo. È gratuito!
o registrati con il tuo indirizzo email
ISACA® CISM® study guide mind map da Mind Map: ISACA® CISM® study guide mind map

1. CISM Exam Passing Principles

2. The job profile of the CISM® (Certified Information Security Manager) published at the autumn of 2002 is a reaction to the continuously changing market requirements and is addressed to individuals who are responsible for managing information security.

2.1. Covers

2.1.1. It covers 4 domains, 37 tasks and 60 knowledge statements (statements covering the required technical knowledge).

2.2. Designation

2.2.1. The CISM® certification / designation reflects a solid achievement record in managing information security, as well as in such areas as risk analyses, risk management, security strategy, security organisation etc.

2.3. The CISM® job profile was published at the end of 2002 and was revised for a second time for the 2012 examination.

3. Official Recommended exam study materials

3.1. Glossary

3.1.1. http://www.isaca.org/Knowledge-Center/Documents/Glossary/cism_glossary.pdf

3.2. Development Guides

3.2.1. ISACA® CISM® Item Development Guide

3.2.1.1. http://www.isaca.org/Certification/Write-an-Exam-Question/Documents/CISM-Item-Development-Guide-2013.pdf

3.2.2. ISACA® CISM® QAE Item Development Guide

3.2.2.1. https://www.isaca.org/Certification/Write-an-Exam-Question/Documents/CISM-QAE-Item-Development-Guide.pdf

3.3. ISACA® CISM® Review Manual 2015

3.3.1. https://www.isaca.org/bookstore/Pages/Product-Detail.aspx?Product_code=CM15

3.4. ISACA® CISM® Review Questions, Answers & Explanations Manual 2014

3.4.1. https://svpr-isg-a1.isaca.org/ISGweb/Purchase/ProductDetail.aspx?Product_code=CQA15

3.5. ISACA® CISM® Review Questions, Answers & Explanations Manual 2015 Supplement

3.5.1. https://www.isaca.org/bookstore/Pages/Product-Detail.aspx?Product_code=CQA15ES

3.6. ISACA® CISM® Practice Question Database

3.6.1. https://www.isaca.org/bookstore/Pages/Product-Detail.aspx?Product_code=XMXCM15-12M

4. CISM® Official website

4.1. http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx

5. Basic security related definitions (from ISACA® CISM® perspective)

5.1. Access

5.2. Architecture

5.3. Attacks

5.4. Auditability

5.5. Authentication

5.6. Authorization

5.7. Availability

5.8. Business Model for Information Security (BMIS)

5.8.1. Has 4 elements

5.8.1.1. Organization Design and Strategy

5.8.1.2. People

5.8.1.3. Process

5.8.1.4. Technology

5.9. Business dependency analysis

5.10. Business impact analysis

5.11. Confidentiality

5.12. Countermeasures

5.13. Criticality

5.14. Data classification

5.15. Enterprise Architecture

5.16. Exposures

5.17. Gap analysis

5.18. Governance

5.19. Identification

5.20. Impact

5.21. Integrity

5.22. Layered security

5.23. Management

5.24. Nonrepudiation

5.25. Risk / Residual risk

5.26. Security

5.26.1. A structured deployment of risk-based controls related to

5.26.1.1. People

5.26.1.2. Processes

5.26.1.3. Technology

5.26.2. Security is a business-driven activity.

5.27. Security domains

5.28. Security metrics

5.29. Sensitivity

5.30. Standards

5.31. Strategy

5.32. Threats

5.33. Trust models

5.34. Vulnerabilities

6. Domain 1: Information Security (InfoSec) Governance

6.1. Domain 1 - CISM® Exam Relevance

6.1.1. The content area for Domain 1 will represent ...

6.1.1.1. 24% of the CISM® examination

6.1.1.2. 62 questions

6.2. Security is here to support the interests and needs of the organization – not just the desires of security

6.3. Security is always a balance between cost and benefit; security and productivity

6.4. Corporate Governance

6.4.1. What is it?

6.4.1.1. Corporate governance is the set of responsibilities and practices exercised by the board and executive management

6.4.2. Goals

6.4.2.1. Providing strategic direction

6.4.2.2. Reaching security and business objectives

6.4.2.3. Ensure that risks are managed appropriately

6.4.2.4. Verify that the enterprise’s resources are used responsibly

6.5. Goal of Information Security

6.5.1. The goal of information security is to protect the organization’s assets, individuals and mission

6.5.1.1. requires

6.5.1.1.1. Asset identification

6.5.1.1.2. Classification of data and systems according to criticality and sensitivity

6.5.1.1.3. Application of appropriate controls

6.6. Business Case Development

6.6.1. The Business case for initiating a project must be captured and communicated:

6.6.1.1. Reference

6.6.1.2. Context

6.6.1.3. Value Proposition

6.6.1.4. Focus

6.6.1.5. Deliverables

6.6.1.6. Dependencies

6.6.1.7. Project metrics

6.6.1.8. Workload

6.6.1.9. Required resources

6.6.1.10. Commitments

6.6.1.11. The Business case for Security must address the same criteria

6.7. Security Integration

6.7.1. Security needs to be integrated INTO the business processes

6.7.2. Goal

6.7.2.1. The goal is to reduce security gaps through organizational-wide security programs

6.7.3. Integrate IT with

6.7.3.1. Physical security

6.7.3.2. Risk Management

6.7.3.3. Privacy and Compliance

6.7.3.4. Business Continuity Management

6.8. Information Security Governance

6.8.1. Outcomes of effective InfoSec Governance

6.8.1.1. Strategic alignment

6.8.1.2. Risk management

6.8.1.3. Value delivery

6.8.1.4. Resource management

6.8.1.5. Performance measurement

6.8.1.6. Integration

6.8.2. Benefits of effective InfoSec Governance

6.8.2.1. Compliance and protection from litigation or penalties

6.8.2.2. Cost savings through better risk management

6.8.2.3. Avoid risk of lost opportunities

6.8.2.4. Better oversight of systems and business operations

6.8.2.5. Opportunity to leverage new technologies to business advantage

6.8.2.6. Improved trust in customer relationships

6.8.2.7. Protecting the organization’s reputation

6.8.2.8. Better accountability for safeguarding information during critical business activities

6.8.2.9. Reduction in loss through better incident handling and disaster recovery

6.9. Information Security Architecture

6.9.1. Information security architecture is similar physical architecture

6.9.1.1. Requirements definition

6.9.1.2. Design / Modeling

6.9.1.3. Creation of detailed blueprints

6.9.1.4. Development, deployment

6.9.2. Architecture is planning and design to meet the needs of the stakeholders

6.9.3. Security architecture is one of the greatest needs for most organizations

6.10. Information Security Frameworks

6.10.1. Effective information security is provided through adoption of a security framework

6.10.1.1. Defines information security objectives

6.10.1.2. Aligns with business objectives

6.10.1.3. Provides metrics to measure compliance and trends

6.10.1.4. Standardizes baseline security activities enterprise-wide

6.10.2. Examples of Other Security Frameworks

6.10.2.1. SABSA (Sherwood Applied Business Security Architecture)

6.10.2.2. Business Model for Information Security

6.10.2.2.1. Model originated at the Institute for Critical

6.10.2.2.2. Information Infrastructure Protection

6.10.2.3. COBIT

6.10.2.4. COSO

6.10.2.5. ISO27001:2013

6.10.2.5.1. Goal

6.10.2.5.2. Contains

6.11. Information Security Program

6.11.1. Objectives

6.11.1.1. Ensure the availability of systems and data

6.11.1.1.1. e.g.

6.11.1.2. Protect the integrity of data and business processes

6.11.1.2.1. e.g.

6.11.1.3. Protect confidentiality of information

6.11.1.3.1. e.g.

6.11.2. Priorities

6.11.2.1. Achieve high standards of corporate governance

6.11.2.2. Treat information security as a critical business issue

6.11.2.3. Create a security positive environment

6.11.2.4. Have declared responsibilities

6.11.3. Security versus Business

6.11.3.1. Security must be aligned with business needs and direction

6.11.3.2. Security is woven into the business functions

6.11.3.2.1. Strength

6.11.3.2.2. Resilience

6.11.3.2.3. Protection

6.11.3.2.4. Stability

6.11.3.2.5. Consistency

6.11.4. Starts with theory and concepts

6.11.4.1. Policy

6.11.5. Interpreted through

6.11.5.1. Procedures

6.11.5.2. Baselines

6.11.5.3. Standards

6.11.6. Measured through audit

6.11.7. Information Security Concepts

6.11.8. Evaluating the Security Program

6.11.8.1. Audit and Assurance of Security

6.11.8.2. Metrics are used to measure results

6.11.8.3. Measure security concepts that are important to the business

6.11.8.4. Use metrics that can be used for each reporting period

6.11.8.4.1. Compare results and detect trends

6.11.8.5. Key Performance Indicators (KPIs)

6.11.8.5.1. Thresholds to measure

6.11.8.5.2. A KPI is set at a level that indicates action should / must be taken

6.11.9. End to End Security

6.11.9.1. Security must be enabled across the organization – not just on a system by system basis

6.11.9.2. Performance measures should ensure that security systems are integrated with each other

6.11.9.2.1. Layered defenses

6.12. Information Security Strategy

6.12.1. Developing Information Security Strategy

6.12.1.1. Long term perspective

6.12.1.2. Standard across the organization

6.12.1.3. Aligned with business strategy / direction

6.12.1.4. Understands the culture of the organization

6.12.1.5. Reflects business priorities

6.12.2. Achieving the desired state is a long-term goal of a series of projects

6.12.3. Goal

6.12.3.1. Protect the organization’s information assets

6.12.4. Objectives

6.12.4.1. 6 defined outcomes of security governance will provide high-level guidance to Information Security Strategy

6.12.4.2. Defined

6.12.4.3. Supported by metrics (measurable)

6.12.4.4. Provide guidance

6.12.4.5. The long-term objectives describe the “desired state”

6.12.4.6. Should describe a well-articulated vision of the desired outcomes for a security program

6.12.4.7. Security strategy objectives should be stated in terms of specific goals directly aimed at supporting business activities

6.12.5. Elements

6.12.5.1. Road map

6.12.5.1.1. Includes people, processes, technologies and other resources

6.12.5.1.2. A security architecture: defining business drivers, resource relationships and process flows

6.12.5.2. Resources

6.12.5.2.1. Policies

6.12.5.2.2. Standards

6.12.5.2.3. Procedures

6.12.5.2.4. Guidelines

6.12.5.2.5. Architectire

6.12.5.2.6. Controls

6.12.5.2.7. Countermeasures

6.12.5.2.8. Layered defenses

6.12.5.2.9. Technologies

6.12.5.2.10. Personnel security

6.12.5.2.11. Organizational structure

6.12.5.2.12. Roles and responsibilities

6.12.5.2.13. Skills

6.12.5.2.14. Training

6.12.5.2.15. Awareness and education

6.12.5.2.16. Audits

6.12.5.2.17. Compliance enforcement

6.12.5.2.18. Vulnerability analysis

6.12.5.2.19. Risk assessment

6.12.5.2.20. Business impact assessment

6.12.5.2.21. Resource dependency analysis

6.12.5.2.22. Third party service providers

6.12.5.2.23. Other organizational support and assurance providers

6.12.5.2.24. Facilities

6.12.5.2.25. Environmental security

6.12.5.3. Constraints

6.12.5.3.1. Legal

6.12.5.3.2. Physical

6.12.5.3.3. Ethics

6.12.5.3.4. Culture

6.12.5.3.5. Costs

6.12.5.3.6. Personnel

6.12.5.3.7. Organizational structure

6.12.5.3.8. Resources

6.12.5.3.9. Capabilities

6.12.5.3.10. Time

6.12.5.3.11. Risk tolerance

6.12.6. Information Security Strategy Business Linkages

6.12.6.1. Start with understanding the specific objectives of a particular line of business

6.12.6.2. Take into consideration all information flows and processes that are critical to ensuring continued operations

6.12.6.3. Enable security to be aligned with and support business at strategic, tactical and operational levels

6.12.7. Desired State of Security

6.12.7.1. The “desired state of security” must be defined in terms of attributes, characteristics and outcomes

6.12.7.1.1. It should be clear to all stakeholders what the intended security state is

6.12.7.2. Available approaches to provide a framework to achieve a well-defined “desired state“

6.12.7.2.1. COBIT (Control Objectives for Information and related Technology)

6.12.7.2.2. Capability Maturity Model (CMM)

6.12.7.2.3. Balanced Scorecard (BSC)

6.12.7.2.4. Enterprise Architecture approaches

6.13. Effective Security Metrics

6.13.1. Criteria

6.13.1.1. Meaningful

6.13.1.2. Accurate

6.13.1.3. Cost-effective

6.13.1.4. Repeatable

6.13.1.5. Predictive

6.13.1.6. Actionable

6.13.1.7. Genuine

6.13.2. Types

6.13.2.1. Performance metrics

6.13.2.2. Risk management metrics

6.13.2.3. Value delivery metrics

6.13.2.4. Resource management metrics

6.13.2.5. Strategic alignment metrics

6.13.3. Set metrics that will indicate the health of the security program

6.13.3.1. Incident management

6.13.3.2. Degree of alignment between security and business development

6.13.3.3. Was security consulted

6.13.3.4. Were controls designed in the systems or added later

6.13.4. Choose metrics that can be controlled

6.13.4.1. Measure items that can be influenced or managed by local managers / security

6.13.4.2. Not external factors such as number of viruses released in the past year

6.13.4.3. Have clear reporting guidelines

6.13.4.4. Monitor on a regular scheduled basis

6.14. The Maturity of the Security Program Using CMM

6.14.1. 0: Nonexistent—No recognition by organization of need for security

6.14.2. 1: Ad hoc—Risks are considered on an ad hoc basis—no formal processes

6.14.3. 2: Repeatable but intuitive—Emerging understanding of risk and need for security

6.14.4. 3: Defined process—Companywide risk management policy/security awareness

6.14.5. 4: Managed and measurable—Risk assessment standard procedure, roles and responsibilities assigned, policies and standards in place

6.14.6. 5: Optimized—Organization-wide processes implemented, monitored and managed

6.15. Roles and Responsibilities

6.15.1. Senior Management

6.15.1.1. Senior Management Commitment / Buy in

6.15.1.1.1. To be successful, information security must have the support of senior management (top-down)

6.15.1.1.2. A bottom-up management approach to information security activities is much less likely to be successful

6.15.1.2. Give tone at the top

6.15.2. Board of directors / Senior Management

6.15.2.1. Information security governance / Accountability

6.15.3. Steering committee

6.15.3.1. Ensuring that all stakeholders impacted by security considerations are involved

6.15.3.2. Oversight and monitoring of Information Security Program

6.15.3.3. Acts as Liaison between Management, Business, Information Technology, and Information Security

6.15.3.4. Ensures all stakeholder interests are addressed

6.15.3.5. Oversees compliance activities

6.15.4. Executive management

6.15.4.1. Implementing effective security governance

6.15.4.2. Defining the strategic security objectives

6.15.4.3. Developing an effective information security strategy

6.15.4.4. Budget and Support

6.15.5. Chief Information Security Officer (CISO)

6.15.5.1. Responsible for Information security related activity

6.15.5.2. Compliance

6.15.5.3. Investigation

6.15.5.4. Testing

6.15.5.5. Policy

6.15.6. Business Manager

6.15.6.1. Responsible for security enforcement and direction in their area

6.15.6.2. Day to day monitoring

6.15.6.3. Reporting

6.15.6.4. Disciplinary actions

6.15.6.5. Compliance

6.15.7. IT Staff

6.15.7.1. Responsible for security design, deployment and maintenance

6.15.7.2. System and Network monitoring

6.15.7.3. Reporting

6.15.7.4. Operations of security controls

6.15.7.5. Compliance

6.16. Reporting and Compliance

6.16.1. Reporting, Performance

6.16.2. Privacy

6.16.3. Regulations

6.16.4. Laws

6.16.5. Industry standards

6.16.5.1. Payment Card Industry (PCI)

6.16.5.2. BASEL II

6.16.6. Effect of Regulations

6.16.6.1. Potential impact of breach

6.16.6.1.1. Cost

6.16.6.1.2. Reputation

6.16.6.2. Scheduled reporting requirements

6.16.6.2.1. Frequency

6.16.6.2.2. Format

6.16.7. Reporting and Analysis

6.16.7.1. Data gathering at source

6.16.7.1.1. Accuracy

6.16.7.1.2. Identification

6.16.7.2. Reports signed by Organizational Officer

6.17. Ethics

6.17.1. Rules of behaviour

6.17.1.1. Legal

6.17.1.2. Corporate

6.17.1.3. Industry

6.17.1.4. Personal

6.17.2. Ethical Responsibility

6.17.2.1. Responsibility to all stakeholders

6.17.2.1.1. Customers

6.17.2.1.2. Suppliers

6.17.2.1.3. Management

6.17.2.1.4. Owners

6.17.2.1.5. Employees

6.17.2.1.6. Community

6.17.3. ISACA Code of Ethics

6.17.3.1. Required for all ISACA certification holders

6.17.3.1.1. Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.

6.17.3.1.2. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices.

6.17.3.1.3. Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.

6.17.3.1.4. Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

6.17.3.1.5. Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.

6.17.3.1.6. Inform appropriate parties of the results of work performed; revealing all significant facts known to them.

6.17.3.1.7. Support the professional education of stakeholders in enhancing their understanding of information systems security and control.

7. Domain 2: Information Risk Management and Compliance

7.1. Domain 2 - CISM® Exam Relevance

7.1.1. The content area for Domain 1 will represent ...

7.1.1.1. 33% of the CISM® examination

7.1.1.2. 62 questions

7.2. Risk Management

7.2.1. Risk is a function of the likelihood of a threat-source exercising a vulnerability and the resulting impact of that adverse event on the mission of the organization

7.2.2. Risk Management objective

7.2.2.1. The objective of risk management is to identify, quantify and manage information security risk

7.2.2.2. Reduce risk to an acceptable level through the application of risk-based, cost-effective controls

7.2.3. Risk terms

7.2.3.1. Asset

7.2.3.2. Threat

7.2.3.3. Vulnerability

7.2.3.3.1. Weaknesses in security controls

7.2.3.4. Likelihood (probability)

7.2.3.5. Impact (consequence)

7.2.3.5.1. An exploit of a vulnerability by a threat may lead to an exposure

7.2.3.5.2. An exposure is measured by the impact it has on the organization or the ability of the organization to meet its mission

7.2.3.5.3. Examples of direct and indirect financial losses

7.2.3.6. Aggregate risk

7.2.3.6.1. Aggregate risk is where a several smaller risk factors combine to create a larger risk (the perfect storm scenario)

7.2.3.7. Cascading Risk

7.2.3.7.1. Cascading risks are the effect of one incident leading to a chain of adverse events (domino effect)

7.2.4. Defining the Risk Environment/Context

7.2.4.1. The most critical prerequisite to a successful risk management program is understanding the organization including

7.2.4.1.1. Key business drivers

7.2.4.1.2. The organization’s SWOT (strengths, weaknesses, opportunities and threats)

7.2.4.1.3. The organization’s PESTLE

7.2.4.1.4. Internal and external stakeholders

7.2.4.1.5. Organizational structure and culture

7.2.4.1.6. Assets (resources, information, customers, equipment)

7.2.4.1.7. Goals and objectives, and the strategies already in place to achieve them

7.2.5. Threats to information and information systems are related to

7.2.5.1. Confidentiality

7.2.5.2. Availability

7.2.5.3. Authentication

7.2.5.4. Integrity

7.2.5.5. Access control

7.2.5.6. Privacy

7.2.5.7. Nonrepudiation

7.2.5.8. Compliance

7.2.6. Risk Assessment Methodology

7.2.7. Data Gathering Techniques

7.2.7.1. Checklists

7.2.7.2. Prompt list (Risk breakdown structure (RBS))

7.2.7.3. Cause and effect diagrams

7.2.7.4. Surveys/Questionnaires

7.2.7.5. Observation

7.2.7.6. Workshops

7.2.7.7. Group techniques

7.2.7.7.1. Brainstorming

7.2.7.7.2. Nominal group

7.2.7.7.3. Delphi

7.2.7.8. Individual interviews

7.2.7.9. Assumption analysis

7.2.7.10. Constraints analysis

7.2.8. Risk Assessment

7.2.8.1. Risk Assessment measures Impact and Likelihood

7.2.8.2. Business Impact Analysis measures Impact over Time

7.2.8.3. Related disciplines - but not the same

7.2.8.4. BIA must be done periodically to determine how risk and impact levels increase over time

7.2.8.4.1. Set priorities for critical business functions

7.2.9. Risk Treatment

7.2.9.1. Risk Treatment takes the recommendations from the risk assessment process and selects the best choice for managing risk at an acceptable level

7.2.9.1.1. Risk Appetite

7.2.9.1.2. Risk Tolerance

7.2.9.1.3. Risk Acceptance

7.2.9.1.4. Residual Risk

7.2.9.1.5. Cost/Benefit

7.2.9.1.6. Priorities

7.2.9.2. Risk Treatment Options

7.2.9.2.1. for Threats (-)

7.2.9.2.2. for Opportunities (+)

7.2.9.2.3. for Threats & Opportunities

7.2.9.2.4. Effect of responses

7.2.9.3. Risk mitigation and controls

7.2.9.3.1. Controls (safeguards/countermeasures) are implemented in order to reduce a specified risk

7.2.9.3.2. Control recommendations

7.2.9.3.3. Cost Benefit Analysis of Controls

7.2.9.3.4. Categories of Security Controls

7.2.9.3.5. Security Control types

7.2.9.3.6. Security Control Baselines

7.3. Training, Education and Awareness

7.3.1. Training and Awareness

7.3.1.1. The most effective control to mitigate risk is training of all personnel

7.3.1.2. Educate on policies, standards, practices

7.3.1.3. Creates accountability

7.3.1.4. End users should receive training on

7.3.1.4.1. The importance of adhering to information security policies, standards, and procedures

7.3.1.4.2. Clean desk policy

7.3.1.4.3. Responding to incidents and emergencies

7.3.1.4.4. Privacy and confidentiality requirements

7.3.1.4.5. The security implications of logical access in an IT environment

7.3.2. National Initiative for Cybersecurity Education (NICE)

7.3.2.1. Reference: http://csrc.nist.gov/nice/

7.3.2.2. NICE is a part of Comprehensive National Cybersecurity Initiative (CNCI) where government and industry collaborated to create a training & educational framework for cybersecurity workforce

7.3.3. Security Education, Training and Awareness (SETA)

7.3.3.1. Reference: NIST SP800-50, Building an IT Security Awareness and Training Program.

7.3.3.2. Awareness

7.3.3.2.1. Orientation briefs and materials to inform and remind employees of their security responsibilities and management’s expectation

7.3.3.3. Training

7.3.3.3.1. Course and materials to provide employees the necessary skills to perform their job functions

7.3.3.4. Education

7.3.3.4.1. Course and materials to provide employees the necessary decision-making and management skills to improve their promotional ability and mobility

8. Domain 3: Information Security (InfoSec) Program Development and Management

8.1. Domain 3 - CISM® Exam Relevance

8.1.1. The content area for Domain 1 will represent ...

8.1.1.1. 25% of the CISM® examination

8.1.1.2. 62 questions

9. Domain 4: Information Security (InfoSec) Incident Management

9.1. Domain 4 - CISM® Exam Relevance

9.1.1. The content area for Domain 1 will represent ...

9.1.1.1. 18% of the CISM® examination

9.1.1.2. 62 questions

10. Overview of the CISM® certification

10.1. About the CISM® exam

10.1.1. CISM® exam questions are developed with the intent of measuring and testing practical knowledge and the application of general concepts and standards.

10.1.2. PBE & CBE (only pencil & eraser are allowed).

10.1.2.1. PBE - Paper based exam.

10.1.2.2. CBE - Closed book exam.

10.1.3. 4 hour exam.

10.1.4. 200 multiple choice questions designed with one best answer.

10.1.5. No negative points.

10.1.6. Pre-requisite for exam:

10.1.6.1. none

10.1.7. Pre-requisite for certification:

10.1.7.1. Read CISM® Application Form

10.1.7.1.1. https://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Apply-for-certification/Documents/CISM-application.pdf

11. Interactive Glossary

11.1. Interactive CISM® Glossary

12. This freeware, non-commercial mind map (aligned with the newest version of CISM® exam) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the CISM® qualification and as a learning tool for candidates wanting to gain CISM® qualification. (please share and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

12.1. Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Feel free to visit my website: www.miroslawdabrowski.com

12.1.1. http://www.miroslawdabrowski.com

12.1.2. http://www.linkedin.com/in/miroslawdabrowski

12.1.3. https://www.google.com/+MiroslawDabrowski

12.1.4. https://play.spotify.com/user/miroslawdabrowski/

12.1.5. https://twitter.com/mirodabrowski

12.1.6. miroslaw_dabrowski