[ISN] REVIEW: "The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines

InfoSec News isn at c4i.org
Wed Mar 15 03:23:41 EST 2006

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade at shaw.ca>

BKCISMPG.RVW   20051204

"The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2003,
0-471-45598-9, U$60.00/C$92.95/UK#41,95
%A   Ronald L. Krutz
%A   Russell Dean Vines
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2003
%G   0-471-45598-9
%I   John Wiley & Sons, Inc.
%O   U$60.00/C$92.95/UK#41,95 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471455989/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/0471455989/robsladesin03-20
%O   Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   433 p. + CD-ROM
%T   "The CISM Prep Guide"

The CISM (Certified Information Systems Manager) is ISACA's
(Information Systems Audit and Control Association) extension to its
more widely known CISA (Certified Information Systems Auditor) (cf.
BKCISAPG.RVW) designation.  It basically covers the material addressed
in the CISSP (Certified Information Systems Security Professional)
security management domain, with additional material on incident

The chapters in this book follow the five domains of the CISM. 
Chapter one deals with information security governance, also passing
quickly over some of the areas of technical security controls.  Risk
management is addressed in chapter two, with a concentration on the
NIST (US National Institute of Standards and Technology) risk
assessment framework: an indication of the concentration on US
standards in this work and certification.  Information security
program management, in chapter three, includes topics such as formal
models, project management, and the system development life cycle. 
(There is a lack of clarity in some of the explanations of specific
models that may lead readers into error.)  Information security
management, in chapter four, is even more of a grab bag, looking at US
regulations, contracts, auditing, and security reviews.  Chapter five
covers incident response, disaster recovery, and forensics.

The book also contains a set of questions.  They are quite vague, and,
if representative of the CISM itself, that certification is only
looking for familiarity with topics.

copyright Robert M. Slade, 2005   BKCISMPG.RVW   20051204

======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca      slade at victoria.tc.ca      rslade at sun.soci.niu.edu
In a real dark night of the soul it is always three o'clock in
the morning, day after day.                    - F. Scott Fitzgerald
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

More information about the ISN mailing list