CISM Certified Information Security Manager All-in-One Exam Guide Quotes

“The majority of security incidents happen because of human error.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“A digital certificate is a digital credential that consists of a public key and a block of information that identifies the owner of the certificate.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Digital Envelopes   One aspect of symmetric (private key) and asymmetric (public key) cryptography that has not been discussed yet is the computing requirements and performance implications of these two types of cryptosystems”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“A digital signature is a cryptographic operation where a sender “seals” a message or file using her identity.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Personnel are the primary weak point in information security.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“An activity review is a corrective control that helps reduce accumulation of privileges.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Access recertification is a corrective control that helps reduce accumulation of privileges.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“The Cable of Fear”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Netflow This is a network anomaly detection protocol developed by Cisco Systems and is available on Cisco Systems routers.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“It is said that a roof is best repaired on a sunny day.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“An audit generally requires the presentation of evidence of control design and effectiveness, where a review often does not.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Original Risk – Mitigated Risk – Transferred Risk = Residual Risk”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“The aspect of risk treatment of utmost importance to the ongoing success of an organization’s security management program is who makes the risk treatment decisions.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“In an impact analysis, the impact can be expressed as a rating such as H-M-L (High-Medium-Low) or as a numeric scale, and it can also be expressed in financial terms.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“A risk consists of the intersection of threats, vulnerabilities, probabilities, asset value, and impact.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“An organization’s risk management program should be documented in a charter. A charter is a formal document that defines and describes a business program and becomes part of the organization’s record.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“ultimate responsibility or ownership for protecting information is at the executive leadership and board of directors level.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Understanding and changing aspects of an organization’s culture is one of the most important success factors in an organization and also one of the most difficult.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Problem management is the IT function that is used to analyze chronic and recurring incidents to discover their root cause and prevent further occurrences.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“Incident management is the IT function that is used to analyze service outages, service slowdowns, service errors, security incidents, and software bugs, as well as to restore the agreed-on service as soon as possible.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“The concept of security by design is one in which security and risk are incorporated in every level of product development, from inception to development, testing, implementation, maintenance, and operations.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“The leftover risk, known as residual risk, should be entered into the risk register for its own round of risk treatment.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“The key business record in risk management is the risk register, which is a log of historic and newly identified risks.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide

“The best solution for these “unknown unknowns” is to have an external, competent firm perform an organization’s risk assessment every few years or for such an organization to thoroughly examine an organization’s risk assessment for the purpose of discovering opportunities for improvement, including expanding the span of threats, threat actors, and vulnerabilities so that there are fewer or no unknown risks.”
― Peter H. Gregory, CISM Certified Information Security Manager All-in-One Exam Guide