CHAPTER 4

Risk Assessment and Analysis

In this chapter, you will:

•  Review the processes of risk identification, evaluation, and assessment

•  Learn about qualitative and quantitative risk assessment techniques

•  Understand how to evaluate existing controls for effectiveness

•  Assess gaps between current and target states of risk in the IT environment

•  Consider risk ownership and accountability during risk analysis

•  Be able to report risk results to appropriate levels of management

This chapter covers Domain 2 of the Certified in Risk and Information Systems Control (CRISC) exam objectives and knowledge statements and focuses on the risk evaluation, assessment, and analysis processes. We will cover the overall process for evaluating ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.