Defining risk management is easy -- it's the process of identifying, assessing and controlling threats. Putting a risk management strategy into practice, however, is another story.
To be successful in security management, it's critical to understand not only what risk management is, but also how to create and implement a plan that will help your organization counter risks and prepare to expect the unexpected.
ISACA's Certified Information Security Manager (CISM) certification was created to help security pros validate they have what it takes to handle risk management.
"The certification is really a demonstration that you have the knowledge and experience already and that you're serious about career growth in the field and want to go further with it," said Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, published by McGraw-Hill.
Ready to go for your CISM to become a security or risk manager? Gregory readily admits it's a difficult exam -- even for a security pro. But, with some hard work and a lot of studying, test-takers can master the topics and prove their skills.
The following excerpt from Gregory's book offers CISM practice exam questions from Chapter 3, "Information Risk Management." This area constitutes 30% of the CISM exam, with questions on developing a risk management strategy, integrating risk management into an organization's practices and culture, and monitoring and reporting risk.
Before taking the exam, test your CISM knowledge here. Download an excerpt of the book for even more questions.
About the author
Peter H. Gregory, CISM, CISA, CRISC, CISSP, CIPM, CCISO, CCSK, PCI-QSA, is a 30-year career technologist and an executive director at Optiv Security. He has been developing and managing information security management programs since 2002 and has been leading the development and testing of secure IT environments since 1990. In addition, he spent many years as a software engineer and architect, systems engineer, network engineer and security engineer. Throughout his career, he has written many articles, white papers, user manuals, processes and procedures and has conducted numerous lectures, training classes, seminars and university courses.
Gregory is the author of more than 40 books about information security and technology. He is an advisory board member at the University of Washington's certificate program in information security and risk management and the lead instructor (emeritus) and advisory board member for the University of Washington certificate program in cybersecurity. He is an advisory board member and instructor at the University of South Florida's Cybersecurity for Executives program, a former board member of the Washington State chapter of InfraGard and a founding member of the Pacific CISO Forum. He is a 2008 graduate of the FBI Citizens' Academy and a member of the FBI Citizens' Academy Alumni Association.
Peter resides with his family in the Seattle area and can be contacted at www.peterhgregory.com.