Thomas R. Peltier, Justin Peltier.
 |
| Complete Guide to CISM Certification |
Thomas R. Peltier is in his fifth decade in the field of computer technology.
During this time he has shared his experiences with fellow
professionals and because of this work he has been awarded the 1993
Computer Security Institute’s (CSI) Lifetime Achievement Award. In 1999
the Information Systems Security Association (ISSA®) bestowed its Individual
Contribution to the Profession Award on him and in 2001 he was
inducted into the ISSA®
Hall of Fame. Tom was also awarded the CSI
Lifetime Emeritus Membership Award. Currently he is the president of
Thomas R. Peltier Associates, LLC, which is an information security training
firm. Prior to this he was director of policies and administration for the
Netigy Corporation’s Global Security Practice. Tom was the national director
for consulting services for CyberSafe Corporation, and the corporate
information protection coordinator for Detroit Edison. The security program
at Detroit Edison was recognized for excellence in the field of computer
and information security by winning the Computer Security Institute’s Information
Security Program of the Year for 1996. Previously Tom was the
information security specialist for General Motors Corporation responsible
for implementing an information security program for GM’s worldwide activities.
Over the past decade, he has averaged five published articles a year
on various computer and information security issues, including developing
policies and procedures, disaster recovery planning, copyright compliance,
virus management, and security controls. He has had published:
Policies, Standards, Guidelines and Procedures, Editions 1 and 2; Information Security
Risk Analysis, Editions, 1 and 2; Information System Security Policies
and Procedures: A Practitioners’ Reference; The Complete Manual of Policies
and Procedures for Data Security; How to Manage a Network Vulnerability
Assessment; and Information Security Fundamentals, and is the co-editor
and contributing author for the CISSP® Prep for Success Handbook ; and is
a contributing author for the Computer Security Handbook, Third
and Fifth Editions and Data Security Management.
Tom has been the technical advisor on a number of security films
from Commonwealth Films. He is the past chairman of the Computer
Security Institute Advisory Council, the chairman of the 18th Annual
CSI Conference, founder and past president of the Southeast Michigan
Computer Security Special Interest Group, and a former member of
the board of directors for (ISC) 2®, the security professional certification
organization. He has conducted numerous seminars and workshops
on various security topics and has led seminars for CSI, Crisis Management,
American Institute of Banking, the American Institute of Certified
Public Accountants, Institute of Internal Auditors (ISACA®), and Sungard
Planning Solutions. He was also an instructor at the graduate level
for Eastern Michigan University. He is currently an adjunct professor in
the information assurance master’s degree program at Norwich University.
Justin Peltier is a senior security consultant with Peltier Associates
with over eleven years of experience in information security technologies.
As a consultant, Justin has been involved in implementing, supporting,
and developing security solutions, and has taught courses on
many facets including vulnerability assessment and CISSP preparation.
Formerly with Suntel Services, Justin directed its security practice development.
Prior to that he was with Netigy where he was involved with
the corporate training effort. Justin has led classes for MIS, Netigy, Suntel
Services, and Sherwood Associates. Justin currently holds ten certifications
in an array of technical products.
Justin has led classes across the United States as well as in Europe
and Asia, for Peltier Associates, Sherwood Associates, Computer Security
Institute, (ISC) 2, Mark I. Sobell Training Institute, Netigy Corporation,
and Suntel Services. Justin has developed or led the following courses:
Introduction to Windows NT Security
Intermediate Windows NT Security
Advanced Windows NT Security
Installation and Configuration of Red Hat Linux
Business Benefits of Virtual Private Networks
Developing Policies and Procedures
Risk Assessment Processes
Conducting a Penetration Test
Introduction to CheckPoint Firewall-1™ Administration
Advanced CheckPoint Firewall-1™ Administration
Conducting a Vulnerability Assessment
WinX versus Linux: Which Is More Secure?
Hands-On Wireless
Hands-On Hacking
Justin has written books on many dif ferent subjects related to
computer security. His works include two books that ar e privately
owned on Intermediate Windows NT Security and Advanced Windows
NT Security. He is co-author of the book
How to Manage a Network
Vulnerability Assessment
. He is also a contributing author of the first edition of
The Total CISSP Exam Prep Book: Practice Questions, Answers,
and Test Taking Tips and Techniques and editor of the second edition
of the same book. In 2003, Justin co-authored Information Security
Fundamentals, a set of new sample questions for CISSP and CISM exam
preparation. In 2007, Justin is slated to write Security Testing: Practices,
Guidelines, and Examinations and to edit Secure Coding and Practices
.
Preface
The Certified Information Security Manager® (CISM®) certification program
was developed by the Information Systems Audit and Controls
Association (ISACA®). It has been designed specifically for experienced
information security managers and those who have information security
management responsibilities. The CISM® certification is for the
person who manages, designs, oversees, or assesses an organization’s
information security program. The CISM® certification references international
practices such as ISO guidelines, NIST guidelines, and others.
Certification has provided a positive effect on many careers as well
as providing many benefits for employers. The Certified Information
Security Manager is designed to provide executive management with
assurance that those earning the designation have the required knowledge
and ability to provide effective security management and consulting.
The certification process examines the qualifications for the
candidate in five functional areas (security governance, risk management,
information security program management, information security
management, and response management).
The CISM is not an entry-level certification, it is specifically developed
for the information security professional who has acquired
proven experience working on the “front lines.” Information security
individuals with five years or more experience managing the information
security function of an enterprise or performing such duties will
find the CISM most tailored to their knowledge and skills.
This book is the result of requests from attendees of our five-day
exam preparation course. The book has been structured along the same
lines as the class; each of the five key areas is discussed in detail. The
reader is given the terms and concepts, along with discussions of their
application. At the end of each key area, the reader is given a quiz on
the materials just presented. At the end of the key area material, we
have included a workbook to allow the reader to go back over the
materials to reinforce the concepts presented. After the workbook, the
reader is presented with a thirty-question final exam.
Preparing for an exam is hard work. The goal of this book is to
present the reader with the knowledge and skills necessary to be successful.
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 17,711 KB |
Pages
|
476 p |
File Type
|
PDF format |
ISBN
| 0-8493-5356-4 (alk. paper) |
Copyright
| 2007 by Taylor & Francis Group, LLC |
Table of Contents
Preface .......................xv
About the Authors ................ xvii
Information Security Governance
Functional Area Overview.
Mapping
Introduction
Developing an Information Security
Strategy in Support of Business Strategy and Direction
Obtain Senior Management Commitment and Support
Definitions of Roles and Responsibilities
Obtaining Senior Management Commitment
Change in Focus
Responsibilities and Functional Roles
Where Not to Report
Recommendation
Establish Reporting Communications That Support Information
Security Governance Activities
Mission Statement
Legal and Regulatory Issues
Establish and Maintain Information Security Policies
Global Policy (Tier 1)
Topic
Scope
Responsibilities
Compliance or Consequences
Topic-Specific Policy (Tier 2)
Thesis Statement
Relevance
Responsibilities
Compliance
Supplementary Information
Application-Specific Policy (Tier 3)
Key Security Concepts
Ensure the Development of Procedures and Guidelines That
Support the Information Security Policy
Develop Business Case and Enterprise Value Analysis Support
Summary
What Was Covered in This Chapter
Questions
Information Security Risk Management
Functional Area Overview
CISM Mapping
Introduction
Develop a Systematic and Continuous Risk Management Process
Ensure Risk Identification, Analysis, and Mitigation Activities
Are Integrated Into the Life Cycle Process
Apply Risk Identification and Analysis Methods
Step 1: Asset Definition
Step 2: Threat Identification
Step 3: Determine Probability of Occurrence
Step 4: Determine the Impact of the Threat
Step 5: Controls Recommended
Step 6: Documentation
Cost-Benefit Analysis.
Define Strategies and Prioritize Options to Mitigate Risks to
Levels Acceptable to the Enterprise
Step 1: Threat Identification
Step 2: Threat Vulnerability.
Step 3: Controls and Safeguards
Step 4: Cost-Benefit Analysis
Step 5: Documentation
Quantitative Versus Qualitative Risk Assessment
Report Significant Changes in Risk
Knowledge Statements
Gap Analysis
Recovery Time Objectives
Data (Information) Classification
Summary
What Was Covered in This Chapter
Questions
Information Security Program Management
Functional Area Overview
CISM Mapping
Introduction
The OSI Model
Layer 1: Physical
Layer 2: Data Link
Layer 3: Network
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Application
The TCP/IP Model
IP Addressing
Protocols
Internet Protocol (IP) Details
Internet Protocol (IP) Network and Host
Subnet Masks and Internet Protocol (IP) Classes
Class A Networks
Class B Networks
Class C Networks
Beyond Class C Networks
IP Address Availability and Internet Protocol (IP) Version 6
IP Hosts
Private Internet Protocol (IP) Networks
Network Address Translation (NAT)
The Internet Protocol (IP) Header
Datagram Structure
Transmission Control Protocol (TCP)
TCP Ports
Well-Known Ports
Registered Ports
Dynamic Ports
Port Scanning
The TCP Header
The TCP Three-Way Handshake
The First Shake: The SYN Packet
The Second Shake: The SYN/ACK Packet
The Third Shake: The ACK Packet
After the Shaking
TCP Summary
User Datagram Protocol (UDP)
UDP Error Messages
Internet Control Message Protocol (ICMP)
ICMP Header
ICMP Packet Structure
ICMP Common Examples
Risks and Vulnerabilities Associated with IP Protocols
Common Threats
CIA Triad
PPPN
Process
Physical
Platform
Network
Threats
Malicious Hackers
Attacking Methodology
Malicious Code
Virus
Worms
Trojan Horses
Logic Bomb
Denial-of-Service Attacks
Distributed Denial-of-Service Attacks
Social Engineering
Attacks Against Access Control Systems
Man-in-the-Middle (MITM)
Threats Summary
Controls
Access Control
Mandatory Access Control
Discretionary Access Control
Lattice-Based Access Control
Rule-Based Access Control
Role-Based Access Control
Access Control Lists
Single Sign-On
Script-Based Single Sign-On
Host-Based Single Sign-On
Access Control Methods
One-Time Passwords
Password Selection
Access Control Goals
Two-Factor Authentication
RADIUS
802.1x
The Role of RADIUS in 802.1x
TACACS
Access Control Zone of Control
Firewalls
Types of Firewalls
Caching
Proxy Firewall Recap
Network Segmentation/Subdomain Isolation
Virtual Local Area Networks (VLANs)
Physical Distance
Subnetting for Isolation
Routing for Isolation
Firewall for Isolation
Intrusion Detection Systems
Types of Intrusions
Network- Versus Host-Based Intrusion Detection Systems
IDS Information Processing
IDS Versus IPS
Cryptography
Goals of Cryptography
Nonrepudiation
Cryptographic Definitions
Kerckhoff’s Principle
Private or Secret Key Cryptography
The Advanced Encryption Standard
Public Key Cryptography
Stream Ciphers
Block Ciphers
The Initialization Vector
Methods of Attack
One-Way Functions
Digital Signatures
Classic Cryptographic Systems
Substitution Ciphers
Transposition Ciphers
Poly-Alphabetic Cipher
Running Key Cipher
Concealment
Steganography
Codes
Encryption Machines
Secure Sockets Layer (SSL)
Message Authentication Codes
Public Key Infrastructure
Certificate Authority (CA)
Registration Authority (RA)
Certificate Repository
Certificate Revocation System
IPSEC
Project Management for Information Security Managers
Baselines
Wireless
How It Works
The Alphabet Soup
Securing Wireless—The Early Days
RC4 and the One-Time Pad
WEP’s Implementation of RC4
Weakness: Key Management and Key Size
Help! My IV Is Too Small
The ICV and Its Weakness
RC4
The Problems With Message Authentication
Another Standard 802.1x
The 802.1x Function
The Relationship between EAP and 802.1x
More on 802.1x
802.1x Doesn’t Work Alone
802.1x – Making Wireless Better
802.1x’s Partner TKIP
Back to the Alphabet Soup One Last Time—802.11i
Wireless Summary
Buffer Overflows versus Application Security
Virtual Private Networks (VPNs)
Web Server Security versus Internet Security
Security Testing
Vulnerability Assessment
Vulnerability Assessment
Penetration Testing
Risk Assessment
Hybrid Approach to Security Testing
Summary
What Was Covered in This Chapter
Questions
Information Security Management
Functional Area Overview
CISM Mapping
Introduction
Information Systems Compliance
Administrative Procedures
Ensure Services Outsourced Are Consistent
Measure, Monitor, and Report Effectiveness and Efficiency
of the Controls and Compliance Policies
Ensure That Information Security Is Not Compromised
Throughout the Change Management Process
Perform Vulnerability Assessments to Evaluate Effectiveness of
Existing Controls
Ensure That Noncompliance Issues and Other Variances Are
Resolved in a Timely Manner
Information Security Awareness and Education
Introduction
Key Security Requirements
Believe in What You Are Doing
Program Goals
Segmenting the Audience
Current Level of Computer Usage
What Does the Audience Really Want to Learn?
Determine How Receptive the Audience Is
Seek Out Ways to Gain Acceptance
Possible Allies
Program Development
Methods to Convey the Message
Presentation Keys
Presentation Format
Effective Communication
When to Do Awareness
Presentation Styles
Senior Management
Manager
Line Supervisors and Employees
The Message
Summary
What Was Covered in This Chapter
Questions
Response Management
Functional Area Overview
CISM Mapping
Introduction
Threat Source Information
The Role of Intrusion Detection and Anti-Virus Systems
IDS Properties
Business Continuity Planning and Disaster Recovery Planning
The Planning
Business Continuity Planning and Disaster Recovery Planning
BCP Resources
Stages of BCP
Reasons for BCP
BCP Responsibilities
Types of Plans
Business Continuity Plan (BCP)
Business Recovery Plan (BRP), also Business Resumption Plan
Continuity of Operations Plan (COOP)
Continuity of Support Plan/IT Contingency Plan/Network
Contingency Plan
Crisis Communications Plan
Cyber Incident Response Plan
Disaster Recovery Plan (DRP)
Occupant Emergency Plan (OEP)
Business Impact Analysis (BIA)
Performing a BIA
Business Impact Analysis Results
Reasons for BIA
Finding Resources and Dependencies
Alternate Sites
Cold Sites
Warm Sites
Hot Sites
Mobile Sites
Mirrored Sites
Reciprocal Agreements
Implementation and Writing
Team Training
Testing the Plan
Exercising and Testing the BCP/DRP
Improve the Plan
Updating the Plan
Three Phases of BCP
Incident Response
Discovery
Notification
Preliminary Investigation
Goals of the Investigation
Disclosure
Conducting Surveillance
Electronic Surveillance
Physical Surveillance
Running the Investigation
Factors of Investigation
Most Likely Suspects—Insiders, Outsiders, and Collaboration
Suspects/Witnesses/Interview
Freezing the Environment
Team Members
Post-Incident Access
Seizing the System
Forensic Processes
Inventory Internal Devices
Forensic Processing—Imaging
Live System Variation
Forensic Processing—Imaging
Forensic Reporting
Criminal and Civil Courts
Types of Evidence
Exclusionary Rule
Evidence Life Cycle
Incident Post Mortems.
Incident Response Training
Difficulties with Following the Plan
Containment
Government Facilities to Assist in Planning for a Disaster
Escalation Procedures and Notification
Help Desk Training
Summary
What Was Covered in This Chapter
Questions
Index
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
