Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

You're reading from   ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Arrow left icon
Product type Paperback
Published in Sep 2023
Publisher Packt
ISBN-13 9781803236902
Length 316 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Shobhit Mehta Shobhit Mehta
Author Profile Icon Shobhit Mehta
Shobhit Mehta
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Part 1: Governance, Risk, and Compliance and CRISC
2. Chapter 1: Governance, Risk, and Compliance FREE CHAPTER 3. Chapter 2: CRISC Practice Areas and the ISACA Mindset 4. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management
5. Chapter 3: Organizational Governance, Policies, and Risk Management 6. Chapter 4: The Three Lines of Defense and Cybersecurity 7. Chapter 5: Legal Requirements and the Ethics of Risk Management 8. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis
9. Chapter 6: Risk Management Life Cycle 10. Chapter 7: Threat, Vulnerability, and Risk 11. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks 12. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk 13. Part 4: Risk Response, Reporting, Monitoring, and Ownership
14. Chapter 10: Risk Response and Control Ownership 15. Chapter 11: Third-Party Risk Management 16. Chapter 12: Control Design and Implementation 17. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting 18. Part 5: Information Technology, Security, and Privacy
19. Chapter 14: Enterprise Architecture and Information Technology 20. Chapter 15: Enterprise Resiliency and Data Life Cycle Management 21. Chapter 16: The System Development Life Cycle and Emerging Technologies 22. Chapter 17: Information Security and Privacy Principles 23. Part 6: Practice Quizzes
24. Chapter 18: Practice Quiz – Part 1
25. Chapter 19: Practice Quiz – Part 2
26. Index 27. Other Books You May Enjoy

Intrusion detection and prevention systems

The purpose of firewalls is to allow legitimate traffic and block malicious traffic. However, an intrusion system is required in the event that malicious traffic is not blocked by the firewalls. There are two forms of intrusion systems:

  • Intrusion Detection System (IDS): An IDS detects potential malicious traffic but doesn’t block the traffic. Whenever an IDS detects malicious traffic, it sends an alert to the respective teams to investigate the alert. Therefore, it’s critical to fine-tune the IDS rules for appropriate thresholds so those teams don’t get slammed with thousands of false positive alerts. IDSs are passive systems and only observe the network traffic, hence they do not have any effect on the network throughput.
  • Intrusion Prevention System (IPS): An IPS detects and blocks malicious traffic. An IPS is required to be implemented in the line of traffic so it can prevent traffic from entering the network...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image