CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide by Bobby E. Rogers, Dawn Dunkerley

We’ve discussed the ISACA’s Risk IT Framework, as well as the NIST RMF, throughout this book, albeit in specific pieces relevant to the context of each chapter. Here, in Appendix B, we’ve gathered this information all in one place, for easier reference and understanding. The Risk IT Framework is not testable on the exam; however, you’ll find that many unique ISACA concepts and terms on the exam come from the framework, so it’s a good idea to be familiar with it. In this appendix, we’ll discuss some particulars about the framework, including its relationship to COBIT 5 and the Val IT framework. We’ll also break down some of the processes the framework describes.

ISACA published the Risk IT Framework in 2009, ...