book

CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition

Name: CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition
ISBN: 9781260473346

by Peter H. Gregory, Bobby E. Rogers, Dawn Dunkerley

May 2022

Intermediate to advanced

272 pages

8h 59m

English

McGraw-Hill

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
About the Authors
Contents at a Glance
Contents
Introduction
Chapter 1 Governance
Organizational GovernanceOrganizational Strategy, Goals, and ObjectivesOrganizational Structure, Roles, and ResponsibilitiesOrganizational CulturePolicies and StandardsBusiness ProcessesOrganizational AssetsRisk GovernanceEnterprise Risk Management and Risk Management FrameworksThree Lines of DefenseRisk ProfileRisk Appetite and Risk ToleranceLegal, Regulatory, and Contractual RequirementsProfessional Ethics of Risk ManagementChapter ReviewQuick ReviewQuestionsAnswers
Chapter 2 IT Risk Assessment
IT Risk IdentificationRisk EventsThreat Modeling and Threat LandscapeVulnerability and Control Deficiency AnalysisRisk Scenario DevelopmentIT Risk Analysis and EvaluationRisk Assessment Concepts, Standards, and FrameworksRisk Assessment Standards and FrameworksRisk RankingRisk OwnershipRisk RegisterRisk Analysis MethodologiesBusiness Impact AnalysisInherent and Residual RiskMiscellaneous Risk ConsiderationsChapter ReviewQuick ReviewQuestionsAnswers

Chapter 3 Risk Response and Reporting
Risk ResponseRisk and Control OwnershipRisk Treatment/Risk Response OptionsThird-Party RiskIssues, Findings, and Exceptions ManagementManagement of Emerging RiskControl Design and ImplementationControl Types and FunctionsControl Standards and FrameworksControl Design, Selection, and AnalysisControl ImplementationControl Testing and Effectiveness EvaluationRisk Monitoring and ReportingRisk Treatment PlansData Collection, Aggregation, Analysis, and ValidationRisk and Control Monitoring TechniquesRisk and Control Reporting TechniquesKey Performance IndicatorsKey Risk IndicatorsKey Control IndicatorsChapter ReviewQuick ReviewQuestionsAnswers
Chapter 4 Information Technology and Security
Enterprise ArchitecturePlatformsSoftwareDatabasesOperating SystemsNetworksCloudGatewaysEnterprise Architecture FrameworksImplementing a Security ArchitectureIT Operations ManagementProject ManagementBusiness Continuity and Disaster Recovery ManagementBusiness Impact AnalysisRecovery ObjectivesRecovery StrategiesPlan TestingResilience and Risk FactorsData Lifecycle ManagementStandards and GuidelinesData Retention PoliciesHardware Disposal and Data Destruction PoliciesSystems Development Life CyclePlanningRequirementsDesignDevelopmentTestingImplementation and OperationDisposalSDLC RisksEmerging TechnologiesInformation Security Concepts, Frameworks, and StandardsConfidentiality, Integrity, and AvailabilityAccess ControlData Sensitivity and ClassificationIdentification and AuthenticationAuthorizationAccountabilityNon-RepudiationFrameworks, Standards, and PracticesNIST Risk Management FrameworkISO 27001/27002/27701/31000COBIT 2019 (ISACA)The Risk IT Framework (ISACA)Security and Risk Awareness Training ProgramsAwareness Tools and TechniquesDeveloping Organizational Security and Risk Awareness ProgramsData Privacy and Data Protection PrinciplesSecurity PoliciesAccess ControlPhysical Access SecurityNetwork SecurityHuman ResourcesChapter ReviewQuick ReviewQuestionsAnswers
Appendix A Implementing and Managing a Risk Management Program
Today’s Risk LandscapeWhat Is a Risk Management Program?The Purpose of a Risk Management ProgramThe Risk Management Life CycleRisk DiscoveryTypes of Risk RegistersReviewing the Risk RegisterPerforming Deeper AnalysisDeveloping a Risk Treatment RecommendationPublishing and Reporting
Appendix B About the Online Content
System RequirementsYour Total Seminars Training Hub AccountPrivacy NoticeSingle User License Terms and ConditionsTotalTester OnlineTechnical Support
Glossary
Index

Overview

A fully updated self-study guide for the industry-standard information technology risk certification, CRISC

Written by information security risk experts, this complete self-study system is designed to help you prepare for—and pass—ISACA’s CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals.

Covers all exam topics, including:

IT and cybersecurity governance
Enterprise risk management and risk treatment
IT risk assessments and risk analysis
Controls and control frameworks
Third-party risk management
Risk metrics, KRIs, KCIs, and KPIs
Enterprise architecture
IT operations management
Business impact analysis
Business continuity and disaster recovery planning
Data privacy

Online content includes:

300 practice exam questions
Test engine that provides full-length practice exams and customizable quizzes by exam topic

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CRISC: Certified in Risk and Information Systems Control

Publisher Resources

ISBN: 9781260473346

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills