BKCISMPG.RVW 20051204 "The CISM Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2003, 0-471-45598-9, U$60.00/C$92.95/UK#41,95 %A Ronald L. Krutz %A Russell Dean Vines %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2003 %G 0-471-45598-9 %I John Wiley & Sons, Inc. %O U$60.00/C$92.95/UK#41,95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0471455989/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0471455989/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0471455989/robsladesin03-20 %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation) %P 433 p. + CD-ROM %T "The CISM Prep Guide" The CISM (Certified Information Systems Manager) is ISACA's (Information Systems Audit and Control Association) extension to its more widely known CISA (Certified Information Systems Auditor) (cf. BKCISAPG.RVW) designation. It basically covers the material addressed in the CISSP (Certified Information Systems Security Professional) security management domain, with additional material on incident response. The chapters in this book follow the five domains of the CISM. Chapter one deals with information security governance, also passing quickly over some of the areas of technical security controls. Risk management is addressed in chapter two, with a concentration on the NIST (US National Institute of Standards and Technology) risk assessment framework: an indication of the concentration on US standards in this work and certification. Information security program management, in chapter three, includes topics such as formal models, project management, and the system development life cycle. (There is a lack of clarity in some of the explanations of specific models that may lead readers into error.) Information security management, in chapter four, is even more of a grab bag, looking at US regulations, contracts, auditing, and security reviews. Chapter five covers incident response, disaster recovery, and forensics. The book also contains a set of questions. They are quite vague, and, if representative of the CISM itself, that certification is only looking for familiarity with topics. copyright Robert M. Slade, 2005 BKCISMPG.RVW 20051204