CHAPTER 4

Risk Assessment and Analysis

In this chapter, you will:

•  Review the processes of risk identification, evaluation, and assessment

•  Learn about qualitative and quantitative risk assessment techniques

•  Understand how to evaluate existing controls for effectiveness

•  Assess gaps between current and target states of risk in the IT environment

•  Consider risk ownership and accountability during risk analysis

•  Be able to report risk results to appropriate levels of management

This chapter covers Domain 2 of the Certified in Risk and Information Systems Control (CRISC) exam objectives and knowledge statements and focuses on the risk evaluation, assessment, and analysis processes. We will cover the overall process for evaluating ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.