CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition
1st Edition
Published on 6. May 2022
276 pages
978-1-260-47334-6 (ISBN)
Available for download
Description
A fully updated self-study guide for the industry-standard information technology risk certification, CRISCWritten by information security risk experts, this complete self-study system is designed to help you prepare for-and pass-ISACA's CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals.Covers all exam topics, including:IT and cybersecurity governanceEnterprise risk management and risk treatmentIT risk assessments and risk analysisControls and control frameworksThird-party risk managementRisk metrics, KRIs, KCIs, and KPIsEnterprise architectureIT operations managementBusiness impact analysisBusiness continuity and disaster recovery planningData privacyOnline content includes:300 practice exam questionsTest engine that provides full-length practice exams and customizable quizzes by exam topic
More details
Other editions
Additional editions
Peter Gregory | Dawn Dunkerley | Bobby Rogers
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition
Book
05/2022
2nd Edition
McGraw-Hill Education
€55.40
Shipment within 10-20 days
Content
- Cover
- Title Page
- Copyright Page
- Dedication
- About the Authors
- Contents at a Glance
- Contents
- Introduction
- Chapter 1 Governance
- Organizational Governance
- Organizational Strategy, Goals, and Objectives
- Organizational Structure, Roles, and Responsibilities
- Organizational Culture
- Policies and Standards
- Business Processes
- Organizational Assets
- Risk Governance
- Enterprise Risk Management and Risk Management Frameworks
- Three Lines of Defense
- Risk Profile
- Risk Appetite and Risk Tolerance
- Legal, Regulatory, and Contractual Requirements
- Professional Ethics of Risk Management
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 2 IT Risk Assessment
- IT Risk Identification
- Risk Events
- Threat Modeling and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Scenario Development
- IT Risk Analysis and Evaluation
- Risk Assessment Concepts, Standards, and Frameworks
- Risk Assessment Standards and Frameworks
- Risk Ranking
- Risk Ownership
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent and Residual Risk
- Miscellaneous Risk Considerations
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 3 Risk Response and Reporting
- Risk Response
- Risk and Control Ownership
- Risk Treatment/Risk Response Options
- Third-Party Risk
- Issues, Findings, and Exceptions Management
- Management of Emerging Risk
- Control Design and Implementation
- Control Types and Functions
- Control Standards and Frameworks
- Control Design, Selection, and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
- Risk Monitoring and Reporting
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis, and Validation
- Risk and Control Monitoring Techniques
- Risk and Control Reporting Techniques
- Key Performance Indicators
- Key Risk Indicators
- Key Control Indicators
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 4 Information Technology and Security
- Enterprise Architecture
- Platforms
- Software
- Databases
- Operating Systems
- Networks
- Cloud
- Gateways
- Enterprise Architecture Frameworks
- Implementing a Security Architecture
- IT Operations Management
- Project Management
- Business Continuity and Disaster Recovery Management
- Business Impact Analysis
- Recovery Objectives
- Recovery Strategies
- Plan Testing
- Resilience and Risk Factors
- Data Lifecycle Management
- Standards and Guidelines
- Data Retention Policies
- Hardware Disposal and Data Destruction Policies
- Systems Development Life Cycle
- Planning
- Requirements
- Design
- Development
- Testing
- Implementation and Operation
- Disposal
- SDLC Risks
- Emerging Technologies
- Information Security Concepts, Frameworks, and Standards
- Confidentiality, Integrity, and Availability
- Access Control
- Data Sensitivity and Classification
- Identification and Authentication
- Authorization
- Accountability
- Non-Repudiation
- Frameworks, Standards, and Practices
- NIST Risk Management Framework
- ISO 27001/27002/27701/31000
- COBIT 2019 (ISACA)
- The Risk IT Framework (ISACA)
- Security and Risk Awareness Training Programs
- Awareness Tools and Techniques
- Developing Organizational Security and Risk Awareness Programs
- Data Privacy and Data Protection Principles
- Security Policies
- Access Control
- Physical Access Security
- Network Security
- Human Resources
- Chapter Review
- Quick Review
- Questions
- Answers
- Appendix A Implementing and Managing a Risk Management Program
- Today's Risk Landscape
- What Is a Risk Management Program?
- The Purpose of a Risk Management Program
- The Risk Management Life Cycle
- Risk Discovery
- Types of Risk Registers
- Reviewing the Risk Register
- Performing Deeper Analysis
- Developing a Risk Treatment Recommendation
- Publishing and Reporting
- Appendix B About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Privacy Notice
- Single User License Terms and Conditions
- TotalTester Online
- Technical Support
- Glossary
- Index
