Book Image

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

By : Shobhit Mehta
5 (1)
Book Image

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

5 (1)
By: Shobhit Mehta

Overview of this book

For beginners and experienced IT risk professionals alike, acing the ISACA CRISC exam is no mean feat, and the application of this advanced skillset in your daily work poses a challenge. The ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is a comprehensive guide to CRISC certification and beyond that’ll help you to approach these daunting challenges with its step-by-step coverage of all aspects of the exam content and develop a highly sought-after skillset in the process. This book is divided into six sections, with each section equipped with everything you need to get to grips with the domains covered in the exam. There’ll be no surprises on exam day – from GRC to ethical risk management, third-party security concerns to the ins and outs of control design, and IDS/IPS to the SDLC, no stone is left unturned in this book’s systematic design covering all the topics so that you can sit for the exam with confidence. What’s more, there are chapter-end self-assessment questions for you to test all that you’ve learned, as well as two book-end practice quizzes to really give you a leg up. By the end of this CRISC exam study guide, you’ll not just have what it takes to breeze through the certification process, but will also be equipped with an invaluable resource to accompany you on your career path.

Related Content you might be interested in

Current Title:

Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Small book image
Information Security Handbook
Darren Death
Oct, 2023 | 370 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Dec, 2022 | 718 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Table of Contents (28 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Governance, Risk, and Compliance and CRISC
Part 1: Governance, Risk, and Compliance and CRISC
Free Chapter
2
Chapter 1: Governance, Risk, and Compliance
Chapter 1: Governance, Risk, and Compliance
Governance, risk, and compliance
GRC for cybersecurity professionals
Importance of GRC for cybersecurity professionals
A primer on cybersecurity domains and the NIST CSF
Importance of IT risk management
Summary
3
Chapter 2: CRISC Practice Areas and the ISACA Mindset
Chapter 2: CRISC Practice Areas and the ISACA Mindset
CRISC exam outline
CRISC job practice areas
CRISC exam structure
CRISC certification requirements
The ISACA mindset
Additional material
Summary
4
Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management
Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management
5
Chapter 3: Organizational Governance, Policies, and Risk Management
Chapter 3: Organizational Governance, Policies, and Risk Management
IT governance and risk
IT risk management
Organizational structure
Organizational culture
Policy documentation
Organizational asset
Summary
Review questions
Answers
6
Chapter 4: The Three Lines of Defense and Cybersecurity
Chapter 4: The Three Lines of Defense and Cybersecurity
The 3LoD model
3LoD and cybersecurity
Critical concepts for risk assessment and management
Risk tolerance versus risk capacity
Risk appetite and business objectives
Summary
Review questions
Answers
7
Chapter 5: Legal Requirements and the Ethics of Risk Management
Chapter 5: Legal Requirements and the Ethics of Risk Management
Major laws for IT risk management
Ethics and risk management
How do ethics affect IT risk?
ISACA Code of Professional Ethics
Summary
Review questions
Answer
8
Part 3: IT Risk Assessment, Threat Management, and Risk Analysis
Part 3: IT Risk Assessment, Threat Management, and Risk Analysis
9
Chapter 6: Risk Management Life Cycle
Chapter 6: Risk Management Life Cycle
Comparing risk and IT risk
IT risk management life cycle
Requirements of risk assessment
Issues, events, incidents, and breaches
Correlating events and incidents
Summary
Review questions
Answers
10
Chapter 7: Threat, Vulnerability, and Risk
Chapter 7: Threat, Vulnerability, and Risk
Threat, vulnerability, and risk
The relationship between threats, vulnerabilities, and risk
Understanding threat modeling
Vulnerability analysis
Tools for identifying vulnerabilities
Vulnerability management program
Summary
Review questions
Answers
11
Chapter 8: Risk Assessment Concepts, Standards, and Frameworks
Chapter 8: Risk Assessment Concepts, Standards, and Frameworks
Risk assessment approaches
Risk assessment methodologies
Risk assessment frameworks
Risk assessment techniques
Importance of a risk register
Summary
Review questions
Answers
12
Chapter 9: Business Impact Analysis, and Inherent and Residual Risk
Chapter 9: Business Impact Analysis, and Inherent and Residual Risk
Differentiating between BIA and risk assessment
Key concepts related to BIA
Understanding types of risk
Summary
Review questions
Answers
13
Part 4: Risk Response, Reporting, Monitoring, and Ownership
Part 4: Risk Response, Reporting, Monitoring, and Ownership
14
Chapter 10: Risk Response and Control Ownership
Chapter 10: Risk Response and Control Ownership
Risk response and monitoring
Risk owners and control owners
Risk response strategies
Risk optimization
Summary
Review questions
Answers
15
Chapter 11: Third-Party Risk Management
Chapter 11: Third-Party Risk Management
The need for TPRM
Managing third-party risks
Upstream and downstream third parties
Responding to anomalies
Summary
Review questions
Answers
16
Chapter 12: Control Design and Implementation
Chapter 12: Control Design and Implementation
Control categories
Control design and selection
Control implementation
Control testing and evaluation
Summary
Review questions
Answers
17
Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting
Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting
Log aggregation and analysis
SIEM
Risk and control monitoring
Risk and control reporting
Key indicators
Summary
Review questions
Answers
18
Part 5: Information Technology, Security, and Privacy
Part 5: Information Technology, Security, and Privacy
19
Chapter 14: Enterprise Architecture and Information Technology
Chapter 14: Enterprise Architecture and Information Technology
Enterprise architecture
The CMM framework
Computer networks
Networking devices
Firewalls
Intrusion detection and prevention systems
The Domain Name System
Wireless networks
Virtual private networks
Cloud computing
Summary
Review questions
Answers
20
Chapter 15: Enterprise Resiliency and Data Life Cycle Management
Chapter 15: Enterprise Resiliency and Data Life Cycle Management
Enterprise resiliency
Business continuity and disaster recovery
Recovery objectives
Data classification and labeling
Data life cycle management
Summary
Review questions
Answers
21
Chapter 16: The System Development Life Cycle and Emerging Technologies
Chapter 16: The System Development Life Cycle and Emerging Technologies
Introducing the SDLC
Project risk and SDLC risk
System accreditation and certification
Emerging technologies
Summary
Review questions
Answers
22
Chapter 17: Information Security and Privacy Principles
Chapter 17: Information Security and Privacy Principles
Fundamentals of information security
Access management
Encryption
Hashing
Digital signatures
Certificates
Public key infrastructure
Security awareness training
Principles of data privacy
Comparing data security and data privacy
Summary
Review questions
Answers
23
Part 6: Practice Quizzes
Part 6: Practice Quizzes
24
Chapter 18: Practice Quiz – Part 1
Chapter 18: Practice Quiz – Part 1
25
Chapter 19: Practice Quiz – Part 2
Chapter 19: Practice Quiz – Part 2
26
Index
Index
Why subscribe?
27
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Who this book is for

This book is for professionals who are interested in obtaining the CRISC certification. The book provides a comprehensive guide to the CRISC certification and its syllabus, covering all four domains of the certification. The book is meant for professionals with differing levels of experience, from beginners to advanced practitioners.

This book is particularly relevant to professionals working in the areas of information security, risk management, and governance. It’s also beneficial for individuals who are responsible for managing risks related to information systems, including IT auditors, IT consultants, and IT managers. The CRISC certification requires a minimum of three years of relevant work experience, with at least one year of experience in two or more of the four CRISC domains. Therefore, this book is recommended for professionals with some level of experience in information systems and risk management.

This book is also helpful for professionals seeking to advance their careers in the IT industry. The CRISC certification is highly valued by employers and is considered a prerequisite for many senior-level positions. By earning the CRISC certification, professionals can demonstrate their expertise in managing information system risks and increase their job prospects. It’s a valuable resource that can help you achieve your professional goals, improve your job performance, and take your career to the next level.

Previous Section
Next Section