| Description |
1 online resource (297 pages) : illustrations |
| Note |
Includes index. |
| Summary |
A fully updated self-study guide for the industry-standard information technology risk certification, CRISC Written by information security risk experts, this complete self-study system is designed to help you prepare for--and pass--ISACA's CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals. Covers all exam topics, including: IT and cybersecurity governance Enterprise risk management and risk treatment IT risk assessments and risk analysis Controls and control frameworks Third-party risk management Risk metrics, KRIs, KCIs, and KPIs Enterprise architecture IT operations management Business impact analysis Business continuity and disaster recovery planning Data privacy Online content includes: 300 practice exam questions Test engine that provides full-length practice exams and customizable quizzes by exam topic. |
| Contents |
Cover -- Title Page -- Copyright Page -- Dedication -- About the Authors -- Contents at a Glance -- Contents -- Introduction -- Chapter 1 Governance -- Organizational Governance -- Organizational Strategy, Goals, and Objectives -- Organizational Structure, Roles, and Responsibilities -- Organizational Culture -- Policies and Standards -- Business Processes -- Organizational Assets -- Risk Governance -- Enterprise Risk Management and Risk Management Frameworks -- Three Lines of Defense -- Risk Profile -- Risk Appetite and Risk Tolerance -- Legal, Regulatory, and Contractual Requirements |
|
Professional Ethics of Risk Management -- Chapter Review -- Quick Review -- Questions -- Answers -- Chapter 2 IT Risk Assessment -- IT Risk Identification -- Risk Events -- Threat Modeling and Threat Landscape -- Vulnerability and Control Deficiency Analysis -- Risk Scenario Development -- IT Risk Analysis and Evaluation -- Risk Assessment Concepts, Standards, and Frameworks -- Risk Assessment Standards and Frameworks -- Risk Ranking -- Risk Ownership -- Risk Register -- Risk Analysis Methodologies -- Business Impact Analysis -- Inherent and Residual Risk -- Miscellaneous Risk Considerations |
|
Chapter Review -- Quick Review -- Questions -- Answers -- Chapter 3 Risk Response and Reporting -- Risk Response -- Risk and Control Ownership -- Risk Treatment/Risk Response Options -- Third-Party Risk -- Issues, Findings, and Exceptions Management -- Management of Emerging Risk -- Control Design and Implementation -- Control Types and Functions -- Control Standards and Frameworks -- Control Design, Selection, and Analysis -- Control Implementation -- Control Testing and Effectiveness Evaluation -- Risk Monitoring and Reporting -- Risk Treatment Plans |
|
Data Collection, Aggregation, Analysis, and Validation -- Risk and Control Monitoring Techniques -- Risk and Control Reporting Techniques -- Key Performance Indicators -- Key Risk Indicators -- Key Control Indicators -- Chapter Review -- Quick Review -- Questions -- Answers -- Chapter 4 Information Technology and Security -- Enterprise Architecture -- Platforms -- Software -- Databases -- Operating Systems -- Networks -- Cloud -- Gateways -- Enterprise Architecture Frameworks -- Implementing a Security Architecture -- IT Operations Management -- Project Management |
|
Business Continuity and Disaster Recovery Management -- Business Impact Analysis -- Recovery Objectives -- Recovery Strategies -- Plan Testing -- Resilience and Risk Factors -- Data Lifecycle Management -- Standards and Guidelines -- Data Retention Policies -- Hardware Disposal and Data Destruction Policies -- Systems Development Life Cycle -- Planning -- Requirements -- Design -- Development -- Testing -- Implementation and Operation -- Disposal -- SDLC Risks -- Emerging Technologies -- Information Security Concepts, Frameworks, and Standards -- Confidentiality, Integrity, and Availability |
| Subject |
Computer networks -- Security measures -- Examinations -- Study guides.
|
|
Réseaux d'ordinateurs -- Sécurité -- Mesures -- Examens -- Guides de l'étudiant. |
|
Computer networks -- Security measures -- Examinations |
| Genre |
examination study guides.
|
|
Study guides
|
|
Study guides.
|
|
Guides de l'étudiant.
|
| Added Author |
Rogers, Bobby E., author.
|
|
Dunkerley, Dawn, author.
|
| Added Title |
Certified in risk and information systems control all-in-one exam guide |
| Other Form: |
Print version: Gregory, Peter H. CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide, Second Edition. New York : McGraw-Hill Education, ©2022 9781260473339 |
| ISBN |
9781260473346 electronic book |
|
1260473341 electronic book |
|
More Resources