CRISC certified in risk and information systems control all-in-one exam guide

CRISC certified in risk and information systems control all-in-one exam guide

A fully updated self-study guide for the industry-standard information technology risk certification, CRISC Written by information security risk experts, this complete self-study system is designed to help you prepare for--and pass--ISACA's CRISC certification exam. CRISC Certified in Risk and...

Descripción completa

Detalles Bibliográficos
Otros Autores: Gregory, Peter H., author (author), Dunkerley, Dawn, author, Rogers, Bobby E., author
Formato: Libro electrónico
Idioma:Inglés
Publicado: New York, New York : McGraw-Hill LLC [2022]
Edición:2nd ed
Materias:
Computer networks > Security measures > Examinations > Study guides.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009657496806719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Dedication
  • About the Authors
  • Contents at a Glance
  • Contents
  • Introduction
  • Chapter 1 Governance
  • Organizational Governance
  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets
  • Risk Governance
  • Enterprise Risk Management and Risk Management Frameworks
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Chapter 2 IT Risk Assessment
  • IT Risk Identification
  • Risk Events
  • Threat Modeling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • IT Risk Analysis and Evaluation
  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Assessment Standards and Frameworks
  • Risk Ranking
  • Risk Ownership
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk
  • Miscellaneous Risk Considerations
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Chapter 3 Risk Response and Reporting
  • Risk Response
  • Risk and Control Ownership
  • Risk Treatment/Risk Response Options
  • Third-Party Risk
  • Issues, Findings, and Exceptions Management
  • Management of Emerging Risk
  • Control Design and Implementation
  • Control Types and Functions
  • Control Standards and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation
  • Risk Monitoring and Reporting
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques.
  • Risk and Control Reporting Techniques
  • Key Performance Indicators
  • Key Risk Indicators
  • Key Control Indicators
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Chapter 4 Information Technology and Security
  • Enterprise Architecture
  • Platforms
  • Software
  • Databases
  • Operating Systems
  • Networks
  • Cloud
  • Gateways
  • Enterprise Architecture Frameworks
  • Implementing a Security Architecture
  • IT Operations Management
  • Project Management
  • Business Continuity and Disaster Recovery Management
  • Business Impact Analysis
  • Recovery Objectives
  • Recovery Strategies
  • Plan Testing
  • Resilience and Risk Factors
  • Data Lifecycle Management
  • Standards and Guidelines
  • Data Retention Policies
  • Hardware Disposal and Data Destruction Policies
  • Systems Development Life Cycle
  • Planning
  • Requirements
  • Design
  • Development
  • Testing
  • Implementation and Operation
  • Disposal
  • SDLC Risks
  • Emerging Technologies
  • Information Security Concepts, Frameworks, and Standards
  • Confidentiality, Integrity, and Availability
  • Access Control
  • Data Sensitivity and Classification
  • Identification and Authentication
  • Authorization
  • Accountability
  • Non-Repudiation
  • Frameworks, Standards, and Practices
  • NIST Risk Management Framework
  • ISO 27001/27002/27701/31000
  • COBIT 2019 (ISACA)
  • The Risk IT Framework (ISACA)
  • Security and Risk Awareness Training Programs
  • Awareness Tools and Techniques
  • Developing Organizational Security and Risk Awareness Programs
  • Data Privacy and Data Protection Principles
  • Security Policies
  • Access Control
  • Physical Access Security
  • Network Security
  • Human Resources
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Appendix A Implementing and Managing a Risk Management Program
  • Today's Risk Landscape
  • What Is a Risk Management Program?.
  • The Purpose of a Risk Management Program
  • The Risk Management Life Cycle
  • Risk Discovery
  • Types of Risk Registers
  • Reviewing the Risk Register
  • Performing Deeper Analysis
  • Developing a Risk Treatment Recommendation
  • Publishing and Reporting
  • Appendix B About the Online Content
  • System Requirements
  • Your Total Seminars Training Hub Account
  • Privacy Notice
  • Single User License Terms and Conditions
  • TotalTester Online
  • Technical Support
  • Glossary
  • Index.

Ejemplares similares