Looking to compare notes with someone who has official ISACA CISM Guide
First disclaimer: I am NOT l wanting to trade pdfs of the books. I don't want to violate any copyright laws.
I have the AIO by Peter Gregory and while reading and answering questions I would like some 'sanity checks' on the notes I am taking, because there are some terms that aren't clear to me, or a question in the book doesn't seem to have the correct answer, or contradicts my understanding of the term. I have examples that I can provide and someone who has the book can give me the 'ISACA definition', or the Isaca explanation.
First:
My understanding of a 'leading indicator' from the AIO and other sources is that leading indicators are metrics given to senior management that helps them predict or prevent a future risk.
This is a very straight forward definition; easy to understand and remember. The problem is I had a question in Domain 1 that asks which if these metrics is the best example of a leading indicator. I did not get the question right.
Can someone give me some tips on what sort of metrics are great leading indicators, or any tips on recognizing them?
The second has to do with chain of command. What does Isaca think the chain of command should be? According to Sean Hanna - COO-CIO-CISO-Information Security Manager. However I think I've seen a Q&A that does not have the CIO reporting to the COO, it has them reporting to the CEO.
If there is anyone studying for the test and does not have the AIO, but has the Isaca book I would be happy to provide some explanations from the AIO book. I will not send pdfs, or violate copyright laws. Thanks
-Harry
hmj8469 at gmail com
I have the AIO by Peter Gregory and while reading and answering questions I would like some 'sanity checks' on the notes I am taking, because there are some terms that aren't clear to me, or a question in the book doesn't seem to have the correct answer, or contradicts my understanding of the term. I have examples that I can provide and someone who has the book can give me the 'ISACA definition', or the Isaca explanation.
First:
My understanding of a 'leading indicator' from the AIO and other sources is that leading indicators are metrics given to senior management that helps them predict or prevent a future risk.
This is a very straight forward definition; easy to understand and remember. The problem is I had a question in Domain 1 that asks which if these metrics is the best example of a leading indicator. I did not get the question right.
Can someone give me some tips on what sort of metrics are great leading indicators, or any tips on recognizing them?
The second has to do with chain of command. What does Isaca think the chain of command should be? According to Sean Hanna - COO-CIO-CISO-Information Security Manager. However I think I've seen a Q&A that does not have the CIO reporting to the COO, it has them reporting to the CEO.
If there is anyone studying for the test and does not have the AIO, but has the Isaca book I would be happy to provide some explanations from the AIO book. I will not send pdfs, or violate copyright laws. Thanks
-Harry
hmj8469 at gmail com