From zero-day to CISM book

From zero-day to CISM Certified Information Security Manager is designed as a comprehensive support tool for professionals pursuing the CISM certification, a globally recognized credential in information security management. CISM, offered by ISACA, emphasizes strategic security management and is held by over 45,000 professionals worldwide since its inception in 2002. Achieving CISM validates one’s expertise in governing and managing enterprise information security programs. The primary purpose of this book is twofold: firstly, to help readers master the knowledge required to pass the CISM exam; and secondly, to serve as a managerial guideline that practitioners can reference in real-world cybersecurity roles. By blending exam-focused content with practical insights, the book bridges the gap between certification objectives and on-the-job security management practices. It aims to not only prepare candidates for the exam but also to equip security managers with frameworks and strategies that can be applied in their organizations’ security programs.
Managerial Cybersecurity Guide: Beyond exam preparation, this book functions as a management guide for cybersecurity professionals. It aligns with the challenges faced by security managers and IT leaders in today’s complex threat landscape. Readers will find guidance on establishing governance structures, aligning security initiatives with business goals, managing risks at an enterprise level, developing robust security programs, and responding to incidents effectively.

Target Audience
The target audience for this book includes a broad range of professionals in the cybersecurity and risk management fields who aspire to leadership and management roles. It is written with the following readers in mind:

• Aspiring CISM Candidates
• Information Security Managers
• IT and Security Leaders
• Risk Management Professionals
• Consultants and Advisors

• Chapter 1 – Information Security Governance: Covers how to establish and maintain governance frameworks that align information security with business objectives and regulatory requirements. This chapter explores governance structures, roles and responsibilities, and policies. It introduces frameworks like COBIT for IT governance and standards such as ISO/IEC 27001 for security management.
• Chapter 2 – Information Risk Management: Focuses on risk identification, assessment, evaluation, and response strategies. It presents both qualitative and quantitative risk assessment methodologies, referencing standards like ISO 31000:2018 for risk management and frameworks like NIST’s Risk Management Framework (RMF).
• Chapter 3-4 – Information Security Program Development and Management: Provides a comprehensive look at building and running an enterprise security program. These chapters address how to design security architecture and controls in alignment with business goals and risk assessments.
• Chapter 5 – Information Security Incident Management: Discusses the preparation for and management of security incidents to minimize business impact. It outlines the entire incident management life cycle: preparation, detection, analysis, containment, eradication, recovery, and post-incident learning.