ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

by Shobhit Mehta
Released September 2023
Publisher(s): Packt Publishing
ISBN: 9781803236902

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Prepare to pass the ISACA CRISC exam with confidence, gain high-value skills, and propel yourself toward IT risk management mastery

Key Features

  • Gain end-to-end coverage of all the topics assessed in the ISACA CRISC exam
  • Apply and embed your learning with the help of practice quizzes and self-assessment questions
  • Have an in-depth guide handy as you progress in your enterprise IT risk management career
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

For beginners and experienced IT risk professionals alike, acing the ISACA CRISC exam is no mean feat, and the application of this advanced skillset in your daily work poses a challenge. The ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is a comprehensive guide to CRISC certification and beyond that’ll help you to approach these daunting challenges with its step-by-step coverage of all aspects of the exam content and develop a highly sought-after skillset in the process.

This book is divided into six sections, with each section equipped with everything you need to get to grips with the domains covered in the exam. There’ll be no surprises on exam day – from GRC to ethical risk management, third-party security concerns to the ins and outs of control design, and IDS/IPS to the SDLC, no stone is left unturned in this book’s systematic design covering all the topics so that you can sit for the exam with confidence. What’s more, there are chapter-end self-assessment questions for you to test all that you’ve learned, as well as two book-end practice quizzes to really give you a leg up.

By the end of this CRISC exam study guide, you’ll not just have what it takes to breeze through the certification process, but will also be equipped with an invaluable resource to accompany you on your career path.

What you will learn

  • Adopt the ISACA mindset and learn to apply it when attempting the CRISC exam
  • Grasp the three lines of defense model and understand risk capacity
  • Explore the threat landscape and figure out vulnerability management
  • Familiarize yourself with the concepts of BIA, RPO, RTO, and more
  • Get to grips with the four stages of risk response
  • Manage third-party security risks and secure your systems with ease
  • Use a full arsenal of InfoSec tools to protect your organization
  • Test your knowledge with self-assessment questions and practice quizzes

Who this book is for

If you are a GRC or a risk management professional with experience in the management of IT audits or in the design, implementation, monitoring, and maintenance of IS controls, or are gearing up to take the CRISC exam, then this CRISC book is for you. Security analysts, penetration testers, SOC analysts, PMs, and other security or management professionals and executives will also benefit from this book. The book assumes prior experience of security concepts.

Table of contents

  1. ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
  2. Foreword
  3. Contributors
  4. About the author
  5. About the reviewer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Conventions used
    5. Get in touch
    6. Share Your Thoughts
    7. Download a free PDF copy of this book
  7. Part 1: Governance, Risk, and Compliance and CRISC
  8. Chapter 1: Governance, Risk, and Compliance
    1. Governance, risk, and compliance
      1. What is GRC?
      2. Simplified relationship between GRC components
      3. Key ingredients of a successful GRC program
    2. GRC for cybersecurity professionals
      1. Cybersecurity and information assurance
    3. Importance of GRC for cybersecurity professionals
      1. Implementing GRC using COBIT
      2. COBIT and ITIL
    4. A primer on cybersecurity domains and the NIST CSF
    5. Importance of IT risk management
    6. Summary
  9. Chapter 2: CRISC Practice Areas and the ISACA Mindset
    1. CRISC exam outline
    2. CRISC job practice areas
    3. CRISC exam structure
    4. CRISC certification requirements
    5. The ISACA mindset
    6. Additional material
    7. Summary
  10. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management
  11. Chapter 3: Organizational Governance, Policies, and Risk Management
    1. IT governance and risk
      1. Key risk terminologies
      2. The role of risk practitioners in IT governance
    2. IT risk management
      1. IT risk strategy
      2. Risk management and business objectives
    3. Organizational structure
      1. RACI
    4. Organizational culture
    5. Policy documentation
      1. Essential policies
      2. Exception management
    6. Organizational asset
      1. Asset valuation
    7. Summary
    8. Review questions
    9. Answers
  12. Chapter 4: The Three Lines of Defense and Cybersecurity
    1. The 3LoD model
      1. Responsibilities of 3LoD
    2. 3LoD and cybersecurity
    3. Critical concepts for risk assessment and management
      1. The risk profile
      2. Risk appetite, tolerance, and capacity
    4. Risk tolerance versus risk capacity
    5. Risk appetite and business objectives
      1. Risk acceptance
    6. Summary
    7. Review questions
    8. Answers
  13. Chapter 5: Legal Requirements and the Ethics of Risk Management
    1. Major laws for IT risk management
    2. Ethics and risk management
      1. Relationship between ethics and culture
    3. How do ethics affect IT risk?
    4. ISACA Code of Professional Ethics
    5. Summary
    6. Review questions
    7. Answer
  14. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis
  15. Chapter 6: Risk Management Life Cycle
    1. Comparing risk and IT risk
    2. IT risk management life cycle
    3. Requirements of risk assessment
    4. Issues, events, incidents, and breaches
    5. Correlating events and incidents
    6. Summary
    7. Review questions
    8. Answers
  16. Chapter 7: Threat, Vulnerability, and Risk
    1. Threat, vulnerability, and risk
    2. The relationship between threats, vulnerabilities, and risk
    3. Understanding threat modeling
      1. Threat modeling methods
      2. The importance of threat modeling
    4. Vulnerability analysis
    5. Tools for identifying vulnerabilities
    6. Vulnerability management program
    7. Summary
    8. Review questions
    9. Answers
  17. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks
    1. Risk assessment approaches
      1. Which is the best approach?
    2. Risk assessment methodologies
    3. Risk assessment frameworks
    4. Risk assessment techniques
    5. Importance of a risk register
    6. Summary
    7. Review questions
    8. Answers
  18. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk
    1. Differentiating between BIA and risk assessment
    2. Key concepts related to BIA
    3. Understanding types of risk
    4. Summary
    5. Review questions
    6. Answers
  19. Part 4: Risk Response, Reporting, Monitoring, and Ownership
  20. Chapter 10: Risk Response and Control Ownership
    1. Risk response and monitoring
    2. Risk owners and control owners
    3. Risk response strategies
    4. Risk optimization
    5. Summary
    6. Review questions
    7. Answers
  21. Chapter 11: Third-Party Risk Management
    1. The need for TPRM
    2. Managing third-party risks
    3. Upstream and downstream third parties
    4. Responding to anomalies
      1. Managing issues, findings, and exceptions
    5. Summary
    6. Review questions
    7. Answers
  22. Chapter 12: Control Design and Implementation
    1. Control categories
      1. The relationship between control categories
    2. Control design and selection
    3. Control implementation
      1. Control implementation techniques
      2. Post-implementation reviews
    4. Control testing and evaluation
    5. Summary
    6. Review questions
    7. Answers
  23. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting
    1. Log aggregation and analysis
      1. Log sources
      2. Log aggregation
    2. SIEM
    3. Risk and control monitoring
      1. Types of control assessments
    4. Risk and control reporting
    5. Key indicators
      1. Selecting key indicators
    6. Summary
    7. Review questions
    8. Answers
  24. Part 5: Information Technology, Security, and Privacy
  25. Chapter 14: Enterprise Architecture and Information Technology
    1. Enterprise architecture
    2. The CMM framework
    3. Computer networks
    4. Networking devices
    5. Firewalls
    6. Intrusion detection and prevention systems
    7. The Domain Name System
    8. Wireless networks
    9. Virtual private networks
    10. Cloud computing
      1. Cloud computing service models
      2. Cloud computing deployment models
      3. Security considerations of cloud computing
    11. Summary
    12. Review questions
    13. Answers
  26. Chapter 15: Enterprise Resiliency and Data Life Cycle Management
    1. Enterprise resiliency
    2. Business continuity and disaster recovery
      1. Relationship between resiliency and the BCP
    3. Recovery objectives
    4. Data classification and labeling
    5. Data life cycle management
      1. Comparing data management and data governance
    6. Summary
    7. Review questions
    8. Answers
  27. Chapter 16: The System Development Life Cycle and Emerging Technologies
    1. Introducing the SDLC
      1. Phases of the SDLC
    2. Project risk and SDLC risk
    3. System accreditation and certification
    4. Emerging technologies
      1. Bring your own device (BYOD)
      2. Internet of Things
      3. Artificial intelligence
      4. Blockchain
      5. Quantum computing
    5. Summary
    6. Review questions
    7. Answers
  28. Chapter 17: Information Security and Privacy Principles
    1. Fundamentals of information security
    2. Access management
    3. Encryption
      1. Types of encryption
    4. Hashing
    5. Digital signatures
    6. Certificates
    7. Public key infrastructure
    8. Security awareness training
    9. Principles of data privacy
    10. Comparing data security and data privacy
    11. Summary
    12. Review questions
    13. Answers
  29. Part 6: Practice Quizzes
  30. Chapter 18: Practice Quiz – Part 1
  31. Chapter 19: Practice Quiz – Part 2
  32. Index
    1. Why subscribe?
  33. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
  • Author(s): Shobhit Mehta
  • Release date: September 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781803236902