You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Product type Paperback

Published in Sep 2023

Publisher Packt

ISBN-13 9781803236902

Length 316 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Shobhit Mehta

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Governance, Risk, and Compliance and CRISC

2. Chapter 1: Governance, Risk, and Compliance FREE CHAPTER

3. Chapter 2: CRISC Practice Areas and the ISACA Mindset

4. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management

5. Chapter 3: Organizational Governance, Policies, and Risk Management

6. Chapter 4: The Three Lines of Defense and Cybersecurity

7. Chapter 5: Legal Requirements and the Ethics of Risk Management

8. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis

9. Chapter 6: Risk Management Life Cycle

10. Chapter 7: Threat, Vulnerability, and Risk

11. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks

12. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk

13. Part 4: Risk Response, Reporting, Monitoring, and Ownership

14. Chapter 10: Risk Response and Control Ownership

15. Chapter 11: Third-Party Risk Management

16. Chapter 12: Control Design and Implementation

17. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting

18. Part 5: Information Technology, Security, and Privacy

19. Chapter 14: Enterprise Architecture and Information Technology

20. Chapter 15: Enterprise Resiliency and Data Life Cycle Management

21. Chapter 16: The System Development Life Cycle and Emerging Technologies

22. Chapter 17: Information Security and Privacy Principles

23. Part 6: Practice Quizzes

24. Chapter 18: Practice Quiz – Part 1

25. Chapter 19: Practice Quiz – Part 2

26. Index

Why subscribe?

27. Other Books You May Enjoy

Risk and control reporting

In the previous section, we reviewed the importance of risk monitoring and how it can impact an organization’s resilience toward malicious attacks. In this section, we will review how those monitored risks and metrics can be best reported to the management team. Different organizations choose different mechanisms to report on risks and controls. Some are okay with sending a brief executive summary, while others need to elaborate with reports and dashboards. There are no right or wrong ways to present these risks to senior management; however, the risk practitioner, as well as the business owner, should tailor the reports and reporting mechanism per the audience. Would it really make any sense to report the number of phishing attempts in the past month to the head of physical security?

Here are some key aspects the risk practitioner should keep in mind while reporting:

Audience: Who is the right audience for the report?
Actionability...

The rest of the chapter is locked

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

Risk and control reporting

Authors (1)

Personalised recommendations for you

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

Risk and control reporting

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you