You are previewing CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide.
O'Reilly logo
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide

Book Description

An all-new exam guide for the industry-standard information technology risk certification, Certified in Risk and Information Systems Control (CRISC)

Prepare for the newly-updated Certified in Risk and Information Systems Control (CRISC) certification exam with this comprehensive exam guide. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide offers 100% coverage of all four exam domains effective as of June 2015 and contains hundreds of realistic practice exam questions.

Fulfilling the promise of the All-in-One series, this reference guide serves as a test preparation tool AND an on-the-job reference that will serve you well beyond the examination. To aid in self-study, each chapter includes Exam Tips sections that highlight key information about the exam, chapter summaries that reinforce salient points, and end-of-chapter questions that are accurate to the content and format of the real exam. Electronic download features two complete practice exams.

  • 100% coverage of the CRISC Certification Job Practice effective as of June 2015
  • Hands-on exercises allow for additional practice and Notes, Tips, and Cautions throughout provide real-world insights
  • Electronic download features two full-length, customizable practice exams in the Total Tester exam engine

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Chapter 1 Risk Concepts
    1. Basic Security Concepts
      1. Goals of Information Security
      2. Supporting Security Goals
    2. Risk Management Concepts
      1. Risk Terms and Definitions
      2. Standards, Frameworks, and Best Practices
    3. Business Perspective of IT Risk Management
      1. Business Goals and Objectives
      2. Business Information Criteria
      3. Organizational Structures
      4. Information Systems Architecture
    4. Managing Risk Ownership
      1. Risk Ownership
      2. Risk Awareness
      3. Legal and Governance
    5. Chapter Review
      1. Review Questions
      2. Answers
  11. Chapter 2 Threats and Vulnerabilities in the Enterprise
    1. Threats and Vulnerabilities
      1. Identifying Threats and Vulnerabilities in the Enterprise
    2. Business Processes and Initiatives
      1. Environmental Risk Factors
      2. Threats
      3. Vulnerabilities
      4. Project and Program Management
      5. Third-Party Management
      6. Systems Development Life Cycle
      7. Emerging Technologies
      8. Management of IT Operations
      9. Data Management
      10. Business Continuity and Disaster Recovery Management
    3. Chapter Review
      1. Review Questions
      2. Answers
  12. Chapter 3 Identifying and Managing Risk Scenarios
    1. Developing and Managing Risk Scenarios
      1. Risk Identification and Classification
      2. Risk Scenarios
      3. Developing Risk Scenarios
      4. Analyzing Risk Scenarios
      5. Risk Register
    2. Chapter Review
      1. Review Questions
      2. Answers
  13. Chapter 4 Risk Assessment and Analysis
    1. Risk Assessment Processes
      1. NIST RMF
      2. OCTAVE Methodology
      3. ISO/IEC Standards
      4. ISACA’s Risk IT Framework
      5. Performing a Risk Assessment
    2. Quantitative and Qualitative Techniques
      1. Quantitative
      2. Qualitative
      3. Combining Quantitative and Qualitative Techniques
      4. Other Analysis Techniques
    3. Risk Analysis
      1. Control Analysis
      2. Reporting Risk Assessment Results
    4. Chapter Review
      1. Review Questions
      2. Answers
  14. Chapter 5 Risk Response and Mitigation
    1. Risk Response
      1. Risk Response Standards and Frameworks
    2. Understanding Risk Response Options
      1. Evaluating Risk Response Options
      2. Selecting Risk Response
      3. Prioritizing Risk Responses
    3. Risk Mitigation
      1. Risk Response Action Plans
      2. Control Development
      3. System Development Life Cycle
      4. Project Management
      5. Project Management Frameworks
    4. Chapter Review
      1. Review Questions
      2. Answers
  15. Chapter 6 Control and Risk Monitoring
    1. Control Monitoring
      1. Control Testing and Assessment
      2. Indicators
    2. Chapter Review
      1. Review Questions
      2. Answers
  16. Chapter 7 Information Systems Control Concepts
    1. Information Security Control Concepts
      1. Control Classification
      2. Control Selection
    2. Control Frameworks
      1. NIST
      2. COBIT
      3. Val IT
      4. PCI-DSS
      5. Other Control Frameworks
    3. Chapter Review
      1. Review Questions
      2. Answers
  17. Chapter 8 Designing and Implementing Controls
    1. Business Perspectives of Controls
      1. Business Cases for Controls
      2. Regulatory Guidance and Controls
      3. Business Functions and Controls
      4. Information System Security Engineering
      5. Design Considerations
      6. Control Selection
      7. Implementing Controls
    2. Chapter Review
      1. Review Questions
      2. Answers
  18. Chapter 9 Measuring Risk and Control Effectiveness
    1. Applying Key Performance Indicators
      1. Key Performance Indicator Review
      2. Key Performance Indicator Development
    2. Chapter Review
      1. Review Questions
      2. Answers
  19. Appendix A The NIST Risk Management Framework
    1. Overview
      1. Tiered Approach
      2. Applicability
      3. Publications
    2. RMF Steps
      1. Step 1: Categorize Information Systems
      2. Step 2: Select Security Controls
      3. Step 3: Implement Security Controls
      4. Step 4: Assess Security Controls
      5. Step 5: Authorize Information Systems
      6. Step 6: Monitor Security Controls
  20. Appendix B ISACA’s Risk IT Framework
    1. Overview
      1. Applicability
      2. Publications
    2. Framework Focus Areas
    3. Risk Governance
      1. RG1: Establish and Maintain a Common Risk View
      2. RG2: Integrate with ERM
      3. RG3: Make Risk-Aware Business Decisions
    4. Risk Evaluation
      1. RE1: Collect Data
      2. RE2: Analyze Risk
      3. RE3: Maintain Risk Profile
    5. Risk Response
      1. RR1: Articulate Risk
      2. RR2: Manage Risk
      3. RR3: React to Events
  21. Appendix C About the Download
    1. System Requirements
    2. Downloading Total Tester Premium Practice Exam Software
    3. Total Tester Premium Practice Exam Software
    4. Installing and Running Total Tester
    5. Technical Support
      1. Total Seminars Technical Support
      2. McGraw-Hill Education Content Support
  22. Glossary
  23. Index