You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Product type Paperback

Published in Sep 2023

Publisher Packt

ISBN-13 9781803236902

Length 316 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Shobhit Mehta

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Governance, Risk, and Compliance and CRISC

2. Chapter 1: Governance, Risk, and Compliance FREE CHAPTER

3. Chapter 2: CRISC Practice Areas and the ISACA Mindset

4. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management

5. Chapter 3: Organizational Governance, Policies, and Risk Management

6. Chapter 4: The Three Lines of Defense and Cybersecurity

7. Chapter 5: Legal Requirements and the Ethics of Risk Management

8. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis

9. Chapter 6: Risk Management Life Cycle

10. Chapter 7: Threat, Vulnerability, and Risk

11. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks

12. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk

13. Part 4: Risk Response, Reporting, Monitoring, and Ownership

14. Chapter 10: Risk Response and Control Ownership

15. Chapter 11: Third-Party Risk Management

16. Chapter 12: Control Design and Implementation

17. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting

18. Part 5: Information Technology, Security, and Privacy

19. Chapter 14: Enterprise Architecture and Information Technology

20. Chapter 15: Enterprise Resiliency and Data Life Cycle Management

21. Chapter 16: The System Development Life Cycle and Emerging Technologies

22. Chapter 17: Information Security and Privacy Principles

23. Part 6: Practice Quizzes

24. Chapter 18: Practice Quiz – Part 1

25. Chapter 19: Practice Quiz – Part 2

26. Index

Why subscribe?

27. Other Books You May Enjoy

Summary

At the beginning of this chapter, we learned about the risk posed by third-party entities and how it can be managed. We then learned about the importance of managing downstream as well as upstream third-party relationships. With the recent trends and an uptick in third-party attack vectors, risk managers should keep themselves abreast of the latest trends and ensure that the risk posed by these threat actors can be minimized by implementing a TPRM program. Next, we learned about issues, findings, and exceptions and the role of configuration, release, exception, and change management to manage these risks. Finally, we learned about the importance of CAB in approving these changes. The goal for risk practitioners is to strike a balance of security and usability without compromising the organization’s security goals.

In the next chapter, we will learn about control design and its implementation.

The rest of the chapter is locked

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

Summary

Authors (1)

Personalised recommendations for you

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

Summary

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you