Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

You're reading from   ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Arrow left icon
Product type Paperback
Published in Sep 2023
Publisher Packt
ISBN-13 9781803236902
Length 316 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Shobhit Mehta Shobhit Mehta
Author Profile Icon Shobhit Mehta
Shobhit Mehta
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Part 1: Governance, Risk, and Compliance and CRISC
2. Chapter 1: Governance, Risk, and Compliance FREE CHAPTER 3. Chapter 2: CRISC Practice Areas and the ISACA Mindset 4. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management
5. Chapter 3: Organizational Governance, Policies, and Risk Management 6. Chapter 4: The Three Lines of Defense and Cybersecurity 7. Chapter 5: Legal Requirements and the Ethics of Risk Management 8. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis
9. Chapter 6: Risk Management Life Cycle 10. Chapter 7: Threat, Vulnerability, and Risk 11. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks 12. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk 13. Part 4: Risk Response, Reporting, Monitoring, and Ownership
14. Chapter 10: Risk Response and Control Ownership 15. Chapter 11: Third-Party Risk Management 16. Chapter 12: Control Design and Implementation 17. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting 18. Part 5: Information Technology, Security, and Privacy
19. Chapter 14: Enterprise Architecture and Information Technology 20. Chapter 15: Enterprise Resiliency and Data Life Cycle Management 21. Chapter 16: The System Development Life Cycle and Emerging Technologies 22. Chapter 17: Information Security and Privacy Principles 23. Part 6: Practice Quizzes
24. Chapter 18: Practice Quiz – Part 1
25. Chapter 19: Practice Quiz – Part 2
26. Index 27. Other Books You May Enjoy

What this book covers

Chapter 1, Governance, Risk, and Compliance, provides an introduction to GRC. This chapter includes all the lessons I learned later in my career but should have learned when I started.

Chapter 2, CRISC Practice Areas and the ISACA Mindset, provides a detailed description of the CRISC exam and practice areas. This chapter also includes my experience of attempting CRISC exams and understanding the ISACA mindset from both sides – as a candidate for the exam and also when I write questions for the official ISACA exam.

Chapter 3, Organizational Governance, Policies, and Risk Management, provides an introduction to organizational governance, strategy, structure, and culture. Governance is often confused with management, which is not true. This chapter continues from the lessons of Chapter 1.

Chapter 4, The Three Lines of Defense and Cybersecurity, provides an introduction to the concept of the three lines of defense and more importantly how you could draw the teachings from this model to develop your own cybersecurity program.

Chapter 5, Legal Requirements and the Ethics of Risk Management, provides an overview of major laws and regulations affecting IT risk. We will also learn about the importance of professional ethics in risk management and how it influences organizational culture.

Chapter 6, Risk Management Life Cycle, provides an introduction to the concept of risk, where you will learn how is it different from IT risk; take a deeper dive into the risk management life cycle; understand the requirements of risk assessments; learn the difference between issues, events, incidents, and breaches; and ultimately learn about how events and incidents are correlated. We will also learn how to choose different sets of controls (detective/corrective/preventive) to influence the inherent risk and optimize the residual risk.

Chapter 7, Threat, Vulnerability, and Risk, provides an introduction to the concepts of threat, vulnerability, and risk, helping you understand the relationships between each and teaching you about threat modeling and the threat landscape. We will also learn about vulnerability and control analysis, as well as vulnerability sources, and briefly touch on building a vulnerability management program.

Chapter 8, Risk Assessment Concepts, Standards, and Frameworks, builds on the knowledge from Chapter 7. We will learn about maintaining an effective risk register and how we can leverage already available industry risk catalogs to baseline the risk assessment program for an organization.

Chapter 9, Business Impact Analysis, and Inherent and Residual Risk, details the differences between Business Impact Analysis (BIA) and risk assessments. You will learn concepts related to BIA and the differences between inherent and residual risk, and finally, review how BIA can be used for business continuity and disaster recovery planning.

Chapter 10, Risk Response and Control Ownership, introduces the concept of risk response and monitoring and risk and control ownership, and details the risk response strategies – mitigate/accept/transfer/avoid.

Chapter 11, Third-Party Risk Management, introduces the concepts of third-party risk management and how to perform an effective third-party risk evaluation. We will also learn about issues, findings, exceptions, and how to manage them effectively.

Chapter 12, Control Design and Implementation, introduces the different types of controls, standards, frameworks, and methodologies for control design and selection and how to implement them effectively. We will also learn about several control techniques and methods to evaluate them effectively.

Chapter 13, Log Aggregation, Risk and Control Monitoring, and Reporting, provides a summary of the different methods of log sources, aggregation, and analysis. We will also learn about risk and control monitoring and reporting, and how to present them effectively.

Chapter 14, Enterprise Architecture and Information Technology, introduces the concept of enterprise architecture, the Capability Maturity Model, and IT operations, such as management and other network and technology concepts.

Chapter 15, Enterprise Resiliency and Data Life Cycle Management, provides a deep dive into the concepts of enterprise resiliency while building the foundations of a resilient architecture and data life cycle management.

Chapter 16, The System Development Life Cycle and Emerging Technologies, provides an understanding of the components of the software development life cycle and builds a foundational understanding of emerging technologies and the related security implications.

Chapter 17, Information Security and Privacy Principles, provides an understanding of information security and privacy principles, which secure the system and build trust with the users.

Chapter 18, Practice Quiz – Part 1, contains 100 review questions with a detailed explanation of each written from my experience of working with ISACA for many years.

Chapter 19, Practice Quiz – Part 2, contains additional 100 questions to solidify your understanding and ultimately set you up for success!

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image