CRISC certified in risk and information systems control all-in-one exam guide / Peter H. Gregory, Dawn Dunkerley, Bobby E. Rogers.

Format:

Book

Author/Creator:

Gregory, Peter H., author.

Dunkerley, Dawn, author.

Rogers, Bobby E., author.

Language:

English

Subjects (All):

Computer networks--Security measures--Examinations--Study guides.

Computer networks.

Physical Description:

1 online resource (297 pages)

Edition:

2nd ed.

Place of Publication:

New York, New York : McGraw-Hill LLC, [2022]

Summary:

A fully updated self-study guide for the industry-standard information technology risk certification, CRISC Written by information security risk experts, this complete self-study system is designed to help you prepare for--and pass--ISACA's CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals. Covers all exam topics, including: IT and cybersecurity governance Enterprise risk management and risk treatment IT risk assessments and risk analysis Controls and control frameworks Third-party risk management Risk metrics, KRIs, KCIs, and KPIs Enterprise architecture IT operations management Business impact analysis Business continuity and disaster recovery planning Data privacy Online content includes: 300 practice exam questions Test engine that provides full-length practice exams and customizable quizzes by exam topic.

Contents:

Cover

Title Page

Copyright Page

Dedication

About the Authors

Contents at a Glance

Contents

Introduction

Chapter 1 Governance

Organizational Governance

Organizational Strategy, Goals, and Objectives

Organizational Structure, Roles, and Responsibilities

Organizational Culture

Policies and Standards

Business Processes

Organizational Assets

Risk Governance

Enterprise Risk Management and Risk Management Frameworks

Three Lines of Defense

Risk Profile

Risk Appetite and Risk Tolerance

Legal, Regulatory, and Contractual Requirements

Professional Ethics of Risk Management

Chapter Review

Quick Review

Questions

Answers

Chapter 2 IT Risk Assessment

IT Risk Identification

Risk Events

Threat Modeling and Threat Landscape

Vulnerability and Control Deficiency Analysis

Risk Scenario Development

IT Risk Analysis and Evaluation

Risk Assessment Concepts, Standards, and Frameworks

Risk Assessment Standards and Frameworks

Risk Ranking

Risk Ownership

Risk Register

Risk Analysis Methodologies

Business Impact Analysis

Inherent and Residual Risk

Miscellaneous Risk Considerations

Chapter 3 Risk Response and Reporting

Risk Response

Risk and Control Ownership

Risk Treatment/Risk Response Options

Third-Party Risk

Issues, Findings, and Exceptions Management

Management of Emerging Risk

Control Design and Implementation

Control Types and Functions

Control Standards and Frameworks

Control Design, Selection, and Analysis

Control Implementation

Control Testing and Effectiveness Evaluation

Risk Monitoring and Reporting

Risk Treatment Plans

Data Collection, Aggregation, Analysis, and Validation

Risk and Control Monitoring Techniques.

Risk and Control Reporting Techniques

Key Performance Indicators

Key Risk Indicators

Key Control Indicators

Chapter 4 Information Technology and Security

Enterprise Architecture

Platforms

Software

Databases

Operating Systems

Networks

Cloud

Gateways

Enterprise Architecture Frameworks

Implementing a Security Architecture

IT Operations Management

Project Management

Business Continuity and Disaster Recovery Management

Recovery Objectives

Recovery Strategies

Plan Testing

Resilience and Risk Factors

Data Lifecycle Management

Standards and Guidelines

Data Retention Policies

Hardware Disposal and Data Destruction Policies

Systems Development Life Cycle

Planning

Requirements

Design

Development

Testing

Implementation and Operation

Disposal

SDLC Risks

Emerging Technologies

Information Security Concepts, Frameworks, and Standards

Confidentiality, Integrity, and Availability

Access Control

Data Sensitivity and Classification

Identification and Authentication

Authorization

Accountability

Non-Repudiation

Frameworks, Standards, and Practices

NIST Risk Management Framework

ISO 27001/27002/27701/31000

COBIT 2019 (ISACA)

The Risk IT Framework (ISACA)

Security and Risk Awareness Training Programs

Awareness Tools and Techniques

Developing Organizational Security and Risk Awareness Programs

Data Privacy and Data Protection Principles

Security Policies

Physical Access Security

Network Security

Human Resources

Appendix A Implementing and Managing a Risk Management Program

Today's Risk Landscape

What Is a Risk Management Program?.

The Purpose of a Risk Management Program

The Risk Management Life Cycle

Risk Discovery

Types of Risk Registers

Reviewing the Risk Register

Performing Deeper Analysis

Developing a Risk Treatment Recommendation

Publishing and Reporting

Appendix B About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Privacy Notice

Single User License Terms and Conditions

TotalTester Online

Technical Support

Glossary

Index.

Notes:

Description based on print version record.

Includes index.

Other Format:

Print version: Gregory, Peter H. CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide, Second Edition

ISBN:

9781260473346

1260473341

OCLC:

1309015615