book

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

Name: ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Author: Shobhit Mehta
ISBN: 9781803236902

by Shobhit Mehta

September 2023

Beginner

316 pages

7h 49m

English

Packt Publishing

Read now

Unlock full access

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
ForewordContributorsAbout the authorAbout the reviewer
Preface
Who this book is forWhat this book coversTo get the most out of this bookConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Part 1: Governance, Risk, and Compliance and CRISC
Chapter 1: Governance, Risk, and Compliance
Governance, risk, and complianceWhat is GRC?Simplified relationship between GRC componentsKey ingredients of a successful GRC programGRC for cybersecurity professionalsCybersecurity and information assuranceImportance of GRC for cybersecurity professionalsImplementing GRC using COBITCOBIT and ITILA primer on cybersecurity domains and the NIST CSFImportance of IT risk managementSummary
Chapter 2: CRISC Practice Areas and the ISACA Mindset
CRISC exam outlineCRISC job practice areasCRISC exam structureCRISC certification requirementsThe ISACA mindsetAdditional materialSummary
Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management
Chapter 3: Organizational Governance, Policies, and Risk Management
IT governance and riskKey risk terminologiesThe role of risk practitioners in IT governanceIT risk managementIT risk strategyRisk management and business objectivesOrganizational structureRACIOrganizational culturePolicy documentationEssential policiesException managementOrganizational assetAsset valuationSummaryReview questionsAnswers
Chapter 4: The Three Lines of Defense and Cybersecurity
The 3LoD modelResponsibilities of 3LoD3LoD and cybersecurityCritical concepts for risk assessment and managementThe risk profileRisk appetite, tolerance, and capacityRisk tolerance versus risk capacityRisk appetite and business objectivesRisk acceptanceSummaryReview questionsAnswers
Chapter 5: Legal Requirements and the Ethics of Risk Management
Major laws for IT risk managementEthics and risk managementRelationship between ethics and cultureHow do ethics affect IT risk?ISACA Code of Professional EthicsSummaryReview questionsAnswer
Part 3: IT Risk Assessment, Threat Management, and Risk Analysis

Chapter 6: Risk Management Life Cycle
Comparing risk and IT riskIT risk management life cycleRequirements of risk assessmentIssues, events, incidents, and breachesCorrelating events and incidentsSummaryReview questionsAnswers
Chapter 7: Threat, Vulnerability, and Risk
Threat, vulnerability, and riskThe relationship between threats, vulnerabilities, and riskUnderstanding threat modelingThreat modeling methodsThe importance of threat modelingVulnerability analysisTools for identifying vulnerabilitiesVulnerability management programSummaryReview questionsAnswers
Chapter 8: Risk Assessment Concepts, Standards, and Frameworks
Risk assessment approachesWhich is the best approach?Risk assessment methodologiesRisk assessment frameworksRisk assessment techniquesImportance of a risk registerSummaryReview questionsAnswers
Chapter 9: Business Impact Analysis, and Inherent and Residual Risk
Differentiating between BIA and risk assessmentKey concepts related to BIAUnderstanding types of riskSummaryReview questionsAnswers
Part 4: Risk Response, Reporting, Monitoring, and Ownership
Chapter 10: Risk Response and Control Ownership
Risk response and monitoringRisk owners and control ownersRisk response strategiesRisk optimizationSummaryReview questionsAnswers
Chapter 11: Third-Party Risk Management
The need for TPRMManaging third-party risksUpstream and downstream third partiesResponding to anomaliesManaging issues, findings, and exceptionsSummaryReview questionsAnswers
Chapter 12: Control Design and Implementation
Control categoriesThe relationship between control categoriesControl design and selectionControl implementationControl implementation techniquesPost-implementation reviewsControl testing and evaluationSummaryReview questionsAnswers
Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting
Log aggregation and analysisLog sourcesLog aggregationSIEMRisk and control monitoringTypes of control assessmentsRisk and control reportingKey indicatorsSelecting key indicatorsSummaryReview questionsAnswers
Part 5: Information Technology, Security, and Privacy
Chapter 14: Enterprise Architecture and Information Technology
Enterprise architectureThe CMM frameworkComputer networksNetworking devicesFirewallsIntrusion detection and prevention systemsThe Domain Name SystemWireless networksVirtual private networksCloud computingCloud computing service modelsCloud computing deployment modelsSecurity considerations of cloud computingSummaryReview questionsAnswers
Chapter 15: Enterprise Resiliency and Data Life Cycle Management
Enterprise resiliencyBusiness continuity and disaster recoveryRelationship between resiliency and the BCPRecovery objectivesData classification and labelingData life cycle managementComparing data management and data governanceSummaryReview questionsAnswers
Chapter 16: The System Development Life Cycle and Emerging Technologies
Introducing the SDLCPhases of the SDLCProject risk and SDLC riskSystem accreditation and certificationEmerging technologiesBring your own device (BYOD)Internet of ThingsArtificial intelligenceBlockchainQuantum computingSummaryReview questionsAnswers
Chapter 17: Information Security and Privacy Principles
Fundamentals of information securityAccess managementEncryptionTypes of encryptionHashingDigital signaturesCertificatesPublic key infrastructureSecurity awareness trainingPrinciples of data privacyComparing data security and data privacySummaryReview questionsAnswers
Part 6: Practice Quizzes
Chapter 18: Practice Quiz – Part 1
Chapter 19: Practice Quiz – Part 2
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management

In this part, you will get an understanding of organizational governance and how organizational culture affects risk, and learn about the importance of asset management. In addition, you will learn how the three lines of defense fit into cybersecurity, how to differentiate between risk appetite and risk tolerance, and how ethics and culture affect IT risk.

This part has the following chapters:

Chapter 3, Organizational Governance, Policies, and Risk Management
Chapter 4, The Three Lines of Defense and Cybersecurity
Chapter 5, Legal Requirements and the Ethics of Risk Management

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition

Publisher Resources

ISBN: 9781803236902

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

by Shobhit Mehta

Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.