CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition

CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition

by Peter H. Gregory, Bobby E. Rogers, Dawn Dunkerley
Released May 2022
Publisher(s): McGraw-Hill
ISBN: 9781260473346

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

A fully updated self-study guide for the industry-standard information technology risk certification, CRISC

Written by information security risk experts, this complete self-study system is designed to help you prepare for—and pass—ISACA’s CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals.

Covers all exam topics, including:

  • IT and cybersecurity governance
  • Enterprise risk management and risk treatment
  • IT risk assessments and risk analysis
  • Controls and control frameworks
  • Third-party risk management
  • Risk metrics, KRIs, KCIs, and KPIs
  • Enterprise architecture
  • IT operations management
  • Business impact analysis
  • Business continuity and disaster recovery planning
  • Data privacy
Online content includes:
  • 300 practice exam questions
  • Test engine that provides full-length practice exams and customizable quizzes by exam topic

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. Contents at a Glance
  7. Contents
  8. Introduction
  9. Chapter 1 Governance
    1. Organizational Governance
      1. Organizational Strategy, Goals, and Objectives
      2. Organizational Structure, Roles, and Responsibilities
      3. Organizational Culture
      4. Policies and Standards
      5. Business Processes
      6. Organizational Assets
    2. Risk Governance
      1. Enterprise Risk Management and Risk Management Frameworks
      2. Three Lines of Defense
      3. Risk Profile
      4. Risk Appetite and Risk Tolerance
      5. Legal, Regulatory, and Contractual Requirements
      6. Professional Ethics of Risk Management
    3. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  10. Chapter 2 IT Risk Assessment
    1. IT Risk Identification
      1. Risk Events
      2. Threat Modeling and Threat Landscape
      3. Vulnerability and Control Deficiency Analysis
      4. Risk Scenario Development
    2. IT Risk Analysis and Evaluation
      1. Risk Assessment Concepts, Standards, and Frameworks
      2. Risk Assessment Standards and Frameworks
      3. Risk Ranking
      4. Risk Ownership
      5. Risk Register
      6. Risk Analysis Methodologies
      7. Business Impact Analysis
      8. Inherent and Residual Risk
      9. Miscellaneous Risk Considerations
    3. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  11. Chapter 3 Risk Response and Reporting
    1. Risk Response
      1. Risk and Control Ownership
      2. Risk Treatment/Risk Response Options
      3. Third-Party Risk
      4. Issues, Findings, and Exceptions Management
      5. Management of Emerging Risk
    2. Control Design and Implementation
      1. Control Types and Functions
      2. Control Standards and Frameworks
      3. Control Design, Selection, and Analysis
      4. Control Implementation
      5. Control Testing and Effectiveness Evaluation
    3. Risk Monitoring and Reporting
      1. Risk Treatment Plans
      2. Data Collection, Aggregation, Analysis, and Validation
      3. Risk and Control Monitoring Techniques
      4. Risk and Control Reporting Techniques
      5. Key Performance Indicators
      6. Key Risk Indicators
      7. Key Control Indicators
    4. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  12. Chapter 4 Information Technology and Security
    1. Enterprise Architecture
      1. Platforms
      2. Software
      3. Databases
      4. Operating Systems
      5. Networks
      6. Cloud
      7. Gateways
      8. Enterprise Architecture Frameworks
      9. Implementing a Security Architecture
    2. IT Operations Management
    3. Project Management
    4. Business Continuity and Disaster Recovery Management
      1. Business Impact Analysis
      2. Recovery Objectives
      3. Recovery Strategies
      4. Plan Testing
      5. Resilience and Risk Factors
    5. Data Lifecycle Management
      1. Standards and Guidelines
      2. Data Retention Policies
      3. Hardware Disposal and Data Destruction Policies
    6. Systems Development Life Cycle
      1. Planning
      2. Requirements
      3. Design
      4. Development
      5. Testing
      6. Implementation and Operation
      7. Disposal
      8. SDLC Risks
    7. Emerging Technologies
    8. Information Security Concepts, Frameworks, and Standards
      1. Confidentiality, Integrity, and Availability
      2. Access Control
      3. Data Sensitivity and Classification
      4. Identification and Authentication
      5. Authorization
      6. Accountability
      7. Non-Repudiation
      8. Frameworks, Standards, and Practices
      9. NIST Risk Management Framework
      10. ISO 27001/27002/27701/31000
      11. COBIT 2019 (ISACA)
      12. The Risk IT Framework (ISACA)
    9. Security and Risk Awareness Training Programs
      1. Awareness Tools and Techniques
      2. Developing Organizational Security and Risk Awareness Programs
    10. Data Privacy and Data Protection Principles
      1. Security Policies
      2. Access Control
      3. Physical Access Security
      4. Network Security
      5. Human Resources
    11. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  13. Appendix A Implementing and Managing a Risk Management Program
    1. Today’s Risk Landscape
    2. What Is a Risk Management Program?
      1. The Purpose of a Risk Management Program
    3. The Risk Management Life Cycle
      1. Risk Discovery
      2. Types of Risk Registers
      3. Reviewing the Risk Register
      4. Performing Deeper Analysis
      5. Developing a Risk Treatment Recommendation
      6. Publishing and Reporting
  14. Appendix B About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Technical Support
  15. Glossary
  16. Index

Product information

  • Title: CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition
  • Author(s): Peter H. Gregory, Bobby E. Rogers, Dawn Dunkerley
  • Release date: May 2022
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260473346