![CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.8.5)
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition
![CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.8.5)
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition
eBook
Available on Compatible NOOK devices, the free NOOK App and in My Digital Library.
Related collections and offers
Overview
Written by information security risk experts, this complete self-study system is designed to help you prepare for—and pass—ISACA’s CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals.
Covers all exam topics, including:
- IT and cybersecurity governance
- Enterprise risk management and risk treatment
- IT risk assessments and risk analysis
- Controls and control frameworks
- Third-party risk management
- Risk metrics, KRIs, KCIs, and KPIs
- Enterprise architecture
- IT operations management
- Business impact analysis
- Business continuity and disaster recovery planning
- Data privacy
- 300 practice exam questions
- Test engine that provides full-length practice exams and customizable quizzes by exam topic
Product Details
ISBN-13: | 9781260473346 |
---|---|
Publisher: | McGraw Hill LLC |
Publication date: | 05/06/2022 |
Sold by: | Barnes & Noble |
Format: | eBook |
File size: | 6 MB |
About the Author
Dawn Dunkerley, PhD, CRISC, CISSP, CISSP-ISSAP®, CISSP-ISSEP®, CISSP-ISSMP®, CSSLP®, CompTIA Security+™, is a leading cyberwarfare and cybersecurity researcher and author. She is an editor for The Cyber Defense Review published by the United States Army Cyber Institute and a Fellow of the Americas Institute for Cybersecurity Leadership.
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies and has secured networks all over the world. His many certifications include CRISC, CISSP-ISSEP, CEH™, MCSE: Security, CompTIA A+™, Network+™, Security+, and Mobility+™.
Table of Contents
Acknowledgments xv
Introduction xvii
Chapter 1 Governance 1
Organizational Governance 2
Organizational Strategy, Goals, and Objectives 2
Organizational Structure, Roles, and Responsibilities 3
Organizational Culture 4
Policies and Standards 5
Business Processes 5
Organizational Assets 6
Risk Governance 10
Enterprise Risk Management and Risk Management Frameworks 10
Three Lines of Defense 12
Risk Profile 13
Risk Appetite and Risk Tolerance 13
Legal, Regulatory, and Contractual Requirements 14
Professional Ethics of Risk Management 15
Chapter Review 15
Quick Review 16
Questions 17
Answers 20
Chapter 2 IT Risk Assessment 21
IT Risk Identification 22
Risk Events 25
Threat Modeling and Threat Landscape 28
Vulnerability and Control Deficiency Analysis 30
Risk Scenario Development 38
IT Risk Analysis and Evaluation 40
Risk Assessment Concepts, Standards, and Frameworks 40
Risk Assessment Standards and Frameworks 45
Risk Ranking 51
Risk Ownership 51
Risk Register 52
Risk Analysis Methodologies 56
Business Impact Analysis 66
Inherent and Residual Risk 71
Miscellaneous Risk Considerations 72
Chapter Review 73
Quick Review 75
Questions 75
Answers 78
Chapter 3 Risk Response and Reporting 81
Risk Response 82
Risk and Control Ownership 82
Risk Treatment/Risk Response Options 83
Third-Party Risk 86
Issues, Findings, and Exceptions Management 89
Management of Emerging Risk 90
Control Design and Implementation 93
Control Types and Functions 93
Control Standards and Frameworks 96
Control Design, Selection, and Analysis 101
Control Implementation 104
Control Testing and Effectiveness Evaluation 106
Risk Monitoring and Reporting 106
Risk Treatment Plans 108
Data Collection, Aggregation, Analysis, and Validation 108
Risk and Control Monitoring Techniques 109
Risk and Control Reporting Techniques 109
Key Performance Indicators 110
Key Risk Indicators 112
Key Control Indicators 113
Chapter Review 114
Quick Review 116
Questions 119
Answers 123
Chapter 4 Information Technology and Security 127
Enterprise Architecture 128
Platforms 129
Software 129
Databases 130
Operating Systems 130
Networks 130
Cloud 131
Gateways 132
Enterprise Architecture Frameworks 132
Implementing a Security Architecture 135
IT Operations Management 135
Project Management 137
Business Continuity and Disaster Recovery Management 140
Business Impact Analysis 141
Recovery Objectives 141
Recovery Strategies 141
Plan Testing 142
Resilience and Risk Factors 142
Data lifecycle Management 144
Standards and Guidelines 145
Data Retention Policies 146
Hardware Disposal and Data Destruction Policies 147
Systems Development Life Cycle 147
Planning 149
Requirements 149
Design 149
Development 150
Testing 150
Implementation and Operation 150
Disposal 151
SDLC Risks 151
Emerging Technologies 152
Information Security Concepts, Frameworks, and Standards 154
Confidentiality, Integrity, and Availability 154
Access Control 155
Data Sensitivity and Classification 156
Identification and Authentication 157
Authorization 157
Accountability 158
Non-Repudiation 158
Frameworks, Standards, and Practices 159
NIST Risk Management Framework 160
ISO 27001/27002/27701/31000 162
COBIT 2019 (ISACA) 162
The Risk IT Framework (ISACA) 164
Security and Risk Awareness Training Programs 165
Awareness Tools and Techniques 165
Developing Organizational Security and Risk Awareness Programs 166
Data Privacy and Data Protection Principles 167
Security Policies 167
Access Control 167
Physical Access Security 168
Network Security 168
Human Resources 173
Chapter Review 175
Quick Review 177
Questions 178
Answers 181
Appendix A Implementing and Managing a Risk Management Program 183
Today's Risk Landscape 183
What Is a Risk Management Program? 186
The Purpose of a Risk Management Program 187
The Risk Management Life Cycle 188
Risk Discovery 188
Types of Risk Registers 193
Reviewing the Risk Register 194
Performing Deeper Analysis 196
Developing a Risk Treatment Recommendation 199
Publishing and Reporting 203
Appendix B About the Online Content 205
System Requirements 205
Your Total Seminars Training Hub Account 205
Privacy Notice 205
Single User License Terms and Conditions 205
Total Tester Online 207
Technical Support 207
Glossary 209
Index 221