The three primary goals of an information security program are to prevent the loss of confidentiality, the loss of integrity, and the loss of availability for any IT systems and data.
“Problem management is the IT function that is used to analyze chronic and recurring incidents to discover their root cause and prevent further occurrences.”
― CISM Certified Information Security Manager All-in-One Exam Guide
― CISM Certified Information Security Manager All-in-One Exam Guide
“A risk consists of the intersection of threats, vulnerabilities, probabilities, asset value, and impact.”
― CISM Certified Information Security Manager All-in-One Exam Guide
― CISM Certified Information Security Manager All-in-One Exam Guide
“ultimate responsibility or ownership for protecting information is at the executive leadership and board of directors level.”
― CISM Certified Information Security Manager All-in-One Exam Guide
― CISM Certified Information Security Manager All-in-One Exam Guide
“The concept of security by design is one in which security and risk are incorporated in every level of product development, from inception to development, testing, implementation, maintenance, and operations.”
― CISM Certified Information Security Manager All-in-One Exam Guide
― CISM Certified Information Security Manager All-in-One Exam Guide
“The key business record in risk management is the risk register, which is a log of historic and newly identified risks.”
― CISM Certified Information Security Manager All-in-One Exam Guide
― CISM Certified Information Security Manager All-in-One Exam Guide
Johnson’s 2025 Year in Books
Take a look at Johnson’s Year in Books, including some fun facts about their reading.
More friends…
Favorite Genres
Polls voted on by Johnson
Lists liked by Johnson






























