You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Product type Paperback

Published in Sep 2023

Publisher Packt

ISBN-13 9781803236902

Length 316 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Shobhit Mehta

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Governance, Risk, and Compliance and CRISC

2. Chapter 1: Governance, Risk, and Compliance FREE CHAPTER

3. Chapter 2: CRISC Practice Areas and the ISACA Mindset

4. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management

5. Chapter 3: Organizational Governance, Policies, and Risk Management

6. Chapter 4: The Three Lines of Defense and Cybersecurity

7. Chapter 5: Legal Requirements and the Ethics of Risk Management

8. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis

9. Chapter 6: Risk Management Life Cycle

10. Chapter 7: Threat, Vulnerability, and Risk

11. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks

12. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk

13. Part 4: Risk Response, Reporting, Monitoring, and Ownership

14. Chapter 10: Risk Response and Control Ownership

15. Chapter 11: Third-Party Risk Management

16. Chapter 12: Control Design and Implementation

17. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting

18. Part 5: Information Technology, Security, and Privacy

19. Chapter 14: Enterprise Architecture and Information Technology

20. Chapter 15: Enterprise Resiliency and Data Life Cycle Management

21. Chapter 16: The System Development Life Cycle and Emerging Technologies

22. Chapter 17: Information Security and Privacy Principles

23. Part 6: Practice Quizzes

24. Chapter 18: Practice Quiz – Part 1

25. Chapter 19: Practice Quiz – Part 2

26. Index

Why subscribe?

27. Other Books You May Enjoy

IT risk management

IT risk management is the practice of understanding the business goals and overall risk strategy, as well as guiding the IT strategy to align with organizational goals and priorities with minimal risk. The IT strategy needs to be supported by the available resources, technical maturity, and available budget.

Like enterprise risk management, IT risk management is a cyclical process that consists of the following steps:

Figure 3.2 – IT risk management life cycle

The following is a brief description of each step of the IT risk management life cycle:

IT risk identification: This is the first step of IT risk management and includes determining the level of risk per the enterprise’s risk appetite and tolerance. It is important to document the risk identification efforts and include the major threats to organization assets, including people, processes, and technologies.
IT risk assessment: This step requires analyzing...

The rest of the chapter is locked

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

IT risk management

Authors (1)

Personalised recommendations for you

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

IT risk management

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you