CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide
1st Edition
Published on 11. December 2015
358 pages
978-0-07-184714-8 (ISBN)
Available for download
Description
An all-new exam guide for the industry-standard information technology risk certification, Certified in Risk and Information Systems Control (CRISC) Prepare for the newly-updated Certified in Risk and Information Systems Control (CRISC) certification exam with this comprehensive exam guide. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide offers 100% coverage of all four exam domains effective as of June 2015 and contains hundreds of realistic practice exam questions. Fulfilling the promise of the All-in-One series, this reference guide serves as a test preparation tool AND an on-the-job reference that will serve you well beyond the examination. To aid in self-study, each chapter includes Exam Tips sections that highlight key information about the exam, chapter summaries that reinforce salient points, and end-of-chapter questions that are accurate to the content and format of the real exam. Electronic download features two complete practice exams. 100% coverage of the CRISC Certification Job Practice effective as of June 2015 Hands-on exercises allow for additional practice and Notes, Tips, and Cautions throughout provide real-world insights Electronic download features two full-length, customizable practice exams in the Total Tester exam engine
More details
Other editions
Additional editions
Bobby Rogers | Dawn Dunkerley
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide
Book
11/2015
McGraw-Hill Inc.,US
€58.91
Article exhausted; check different version
Content
- Cover
- Title Page
- Copyright Page
- Dedication
- About the Authors
- Contents at a Glance
- Contents
- Acknowledgments
- Introduction
- Chapter 1 Risk Concepts
- Basic Security Concepts
- Goals of Information Security
- Supporting Security Goals
- Risk Management Concepts
- Risk Terms and Definitions
- Standards, Frameworks, and Best Practices
- Business Perspective of IT Risk Management
- Business Goals and Objectives
- Business Information Criteria
- Organizational Structures
- Information Systems Architecture
- Managing Risk Ownership
- Risk Ownership
- Risk Awareness
- Legal and Governance
- Chapter Review
- Review Questions
- Answers
- Chapter 2 Threats and Vulnerabilities in the Enterprise
- Threats and Vulnerabilities
- Identifying Threats and Vulnerabilities in the Enterprise
- Business Processes and Initiatives
- Environmental Risk Factors
- Threats
- Vulnerabilities
- Project and Program Management
- Third-Party Management
- Systems Development Life Cycle
- Emerging Technologies
- Management of IT Operations
- Data Management
- Business Continuity and Disaster Recovery Management
- Chapter Review
- Review Questions
- Answers
- Chapter 3 Identifying and Managing Risk Scenarios
- Developing and Managing Risk Scenarios
- Risk Identification and Classification
- Risk Scenarios
- Developing Risk Scenarios
- Analyzing Risk Scenarios
- Risk Register
- Chapter Review
- Review Questions
- Answers
- Chapter 4 Risk Assessment and Analysis
- Risk Assessment Processes
- NIST RMF
- OCTAVE Methodology
- ISO/IEC Standards
- ISACA's Risk IT Framework
- Performing a Risk Assessment
- Quantitative and Qualitative Techniques
- Quantitative
- Qualitative
- Combining Quantitative and Qualitative Techniques
- Other Analysis Techniques
- Risk Analysis
- Control Analysis
- Reporting Risk Assessment Results
- Chapter Review
- Review Questions
- Answers
- Chapter 5 Risk Response and Mitigation
- Risk Response
- Risk Response Standards and Frameworks
- Understanding Risk Response Options
- Evaluating Risk Response Options
- Selecting Risk Response
- Prioritizing Risk Responses
- Risk Mitigation
- Risk Response Action Plans
- Control Development
- System Development Life Cycle
- Project Management
- Project Management Frameworks
- Chapter Review
- Review Questions
- Answers
- Chapter 6 Control and Risk Monitoring
- Control Monitoring
- Control Testing and Assessment
- Indicators
- Chapter Review
- Review Questions
- Answers
- Chapter 7 Information Systems Control Concepts
- Information Security Control Concepts
- Control Classification
- Control Selection
- Control Frameworks
- NIST
- COBIT
- Val IT
- PCI-DSS
- Other Control Frameworks
- Chapter Review
- Review Questions
- Answers
- Chapter 8 Designing and Implementing Controls
- Business Perspectives of Controls
- Business Cases for Controls
- Regulatory Guidance and Controls
- Business Functions and Controls
- Information System Security Engineering
- Design Considerations
- Control Selection
- Implementing Controls
- Chapter Review
- Review Questions
- Answers
- Chapter 9 Measuring Risk and Control Effectiveness
- Applying Key Performance Indicators
- Key Performance Indicator Review
- Key Performance Indicator Development
- Chapter Review
- Review Questions
- Answers
- Appendix A The NIST Risk Management Framework
- Overview
- Tiered Approach
- Applicability
- Publications
- RMF Steps
- Step 1: Categorize Information Systems
- Step 2: Select Security Controls
- Step 3: Implement Security Controls
- Step 4: Assess Security Controls
- Step 5: Authorize Information Systems
- Step 6: Monitor Security Controls
- Appendix B ISACA's Risk IT Framework
- Overview
- Applicability
- Publications
- Framework Focus Areas
- Risk Governance
- RG1: Establish and Maintain a Common Risk View
- RG2: Integrate with ERM
- RG3: Make Risk-Aware Business Decisions
- Risk Evaluation
- RE1: Collect Data
- RE2: Analyze Risk
- RE3: Maintain Risk Profile
- Risk Response
- RR1: Articulate Risk
- RR2: Manage Risk
- RR3: React to Events
- Appendix C About the Download
- System Requirements
- Downloading Total Tester Premium Practice Exam Software
- Total Tester Premium Practice Exam Software
- Installing and Running Total Tester
- Technical Support
- Total Seminars Technical Support
- McGraw-Hill Education Content Support
- Glossary
- Index
