Certified Information Security Manager Exam Prep Guide: Gain the confidence to pass the CISM exam using test-oriented study material 2nd ed. Edition

Top CISM Boooks/Material is this, and ISACA's test question book. This is all you need to pass (coupled with experience of course).

I passed on 1st attempt using this as my primary reading material. The questions after each topic and the chapter tests are a great way to learn the ISACA way of thinking in regards to making decisions.I cant praise this book enough. Highly recommended! 💯

The latest CISM study guide still provides a good foundational knowledge for required expertise but I am find it missing the following key concepts in emerging trends and technologies:1. FIDO and Passkey for password-less connections in authentication. Considering almost 70% of the data breach is due to stolen credentials or phishing (again in order to impersonate) according to 2023 DBIR report from Verizon. There should be some alignment to the need of getting away from the traditional username/password login mechanism.2. Risk based access control (aka adaptive MFA) is also not mentioned. Pretty important stuff.3. Open source code adoption risks. The need of SBOM (software bill of materials) cannot be more clear since the entire world just went through the log4j fun last holiday break at the end of 2022. It's not practical to not use open source assets so dependency management through SBOM is quite important.4. Machine learning and data set management. Whether it's to manage it through some sort of DBOM (data bill of materials) or proprietary tracking method, evidence of ownership or attribution is key. Also need to know when the model is producing hallucination or misinformation, how to bring it down quickly and prevent it from happening again, etc., etc., etc.5. ML process and operational protection. Again, since AI is all in the rage, what are we Info Sec and data privacy advocates going to do to make sure a. data does not get intercepted, b. nothing gets masqueraded intentionally or by accident, c. no data modification to induce fraud.Two cents.

Doshi's expertise shines through, steering readers with precision towards CISM exam objectives. The guide, hands down, is the most exam-ready material I have seen, offering a wealth of knowledge and a robust reinforcement of concepts through well-crafted study materials including questions, flashcards and exam tips. I wholeheartedly recommend this guide to aspiring CISM exam takers.🤨 However, my journey through this book sparked thoughts on steering clear of becoming an "academic" security leader. I want to emphasizes the importance of avoiding pitfalls of only taking an academic approach and want to add some of my own personal lessons from a practitioner's standpoint.💪🏽 The initial focus on governance is a crucial reminder. Establishing governance may seem daunting initially, but my experience underscores its pivotal role. CISOs in poor governance structures rarely succeed, making it imperative to study and apply best practice patterns when considering a CISO role.📊 Chapters on risk management, change management, and vulnerability management set a strong baseline. I encourage you to also ensure you are building in a DevOps perspective is vital to prevent creating obstacles and blockers. Automation should be leveraged for early detection, education, and rectification in the development process, steering clear of end-stage gates.👷🏽‍♀️ As the book delves into control frameworks and asset management, my advice is not to get stuck rigidly aligning to standards and controls but to set best practices but govern by risk. Allow flexibility to choose between control and mitigations that move you to an acceptance level of risk, giving you agility to meet business needs.📕 While the infrastructure section is information is outdated, it prepares you for exam questions. However, I do appreciate the emphasis on incident management, emphasizing its dynamic nature, especially with evolving technologies like cloud computing and adapting to new technologies like GenAI.In conclusion, the Packt CISM Exam Prep Guide is a stellar resource for exam preparation and an invaluable tool for honing leadership skills as a security practitioner.