In this chapter, you will:
• Review the processes of risk identification, evaluation, and assessment
• Learn about qualitative and quantitative risk assessment techniques
• Understand how to evaluate existing controls for effectiveness
• Assess gaps between current and target states of risk in the IT environment
• Consider risk ownership and accountability during risk analysis
• Be able to report risk results to appropriate levels of management
This chapter covers Domain 2 of the Certified in Risk and Information Systems Control (CRISC) exam objectives and knowledge statements and focuses on the risk evaluation, assessment, and analysis processes. We will cover the overall process for evaluating ...