Books Under Development


CIMA is in the progress of writing a series of books that are intended to serve as study guides for students attending certification training courses we offer. Our books are written in a Common Body of Knowledge fashion, to capture in-depth information on topics, and published through the Information Security Leadership Forum. First edition publications are written collaboratively between CIMA and other subject matter experts, while second and subsequent editions are a collaboration by the Forum's members participating in official Forum working groups.

The topics that we are currently working on include:

  • ISO 27001 Common Body of Knowledge: An Authoritative Guide for the Design, Development, Implementation and Maintenance of an Information Security Management System. The forecast for the publication of this eBook is Q2 (2020)
  • Developing an Information Security Risk Assessment Process: An Authoritative Guide for a Program Level Approach for the Identification and Management of Information Security Risks. The forecast for the publication of this eBook is Q2 (2020)
  • Information Security Architecture: An Authoritative Guide for the Alignment of an Information Security Program with the Business Strategy & More. The forecast for the publication of this eBook is Q3 (2020)

Other topics on our 2020 / 2021 radar include:

Developing an ISO 27001 Audit Program:

An Authoritative Guide for the Development and Management of an Internal Audit Program for an ISO 27001 Information Security Management System, based on ISO 19011. The forecast for the publication of this eBook is Q3 (2020)

Developing Organizational Information Security Governance

An Authoritative Guide for the Development of an Organizational Information Security Program Charter, policy, standards, and more. The forecast for the publication of this eBook is Q3 (2020)

Developing an Information Security Metrics Program

An Authoritative Guide for the Development of a Performance Management Program to support an ISO 27001-based Information Security Management System, based on ISO 27004. The forecast for the publication of this eBook is Q3 (2020)

Developing an organizational Information Security Incident Management Program

An Authoritative Guide for the Proactive Development and Management of Organizational-wide Data Security / Data Privacy Incident Response Plan Based on ISO 27035. The forecast for the publication of this eBook is Q3 (2020)

Developing an Information Security Awareness and Training Program

An Authoritative Guide for the Development of an Organizational Information Security Awareness and Training Program based on the ACADEMICS methodology. The forecast for the publication of this eBook is Q4 (2020)

Developing an Information Security Vendor Risk Management Program

An Authoritative Guide for Assessing and Managing Information Security Risks Imposed Upon Your Organization by the Use of 3rd Party Vendors Who Access or Manage Your Sensitive Data and Systems. The forecast for the publication of this eBook is Q4 (2020)

Developing an Information Vulnerability Management Program

An Authoritative Guide for the Identification and Mitigation of Risks Imposed by Vulnerabilities in Applications, Systems and Processes. The forecast for the publication of this eBook is Q4 (2020)

Developing an Organizational Data Privacy Program

A Complementary Guide to the ISO 27001 Common  Body of Knowledge based on ISO 27701. The forecast for the publication of this eBook is Q4 (2020)

>