In this chapter, you will:
• Review basic security concepts
• Learn about standards, frameworks, and best practices related to risk identification, assessment, and evaluation
• Learn to describe how business goals, information criteria, and organizational structures affect risk
• Determine how information systems architecture presents risk to the organization
• Learn about risk ownership and awareness
• Recognize legal, regulatory, and contractual requirements for risk management within the organization
This chapter will review a large portion of Certified in Risk and Information Systems Control (CRISC) Domain 1: Risk Identification with coverage of fundamental information security and risk management concepts. ...