CRISC certified in risk and information systems control all-in-one exam guide /

Mostrar otras versiones (1)

A fully updated self-study guide for the industry-standard information technology risk certification, CRISC Written by information security risk experts, this complete self-study system is designed to help you prepare for--and pass--ISACA's CRISC certification exam. CRISC Certified in Risk and...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Gregory, Peter (Autor), Rogers, Bobby E. (Autor), Dunkerley, Dawn (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: New York : McGraw-Hill Education, 2022.
Edición:Second edition.
Temas:
Computer networks > Security measures > Examinations > Study guides.
Réseaux d'ordinateurs > Sécurité > Mesures > Examens > Guides de l'étudiant.
Computer networks > Security measures > Examinations
examination study guides.
Study guides
Study guides.
Guides de l'étudiant.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Dedication
  • About the Authors
  • Contents at a Glance
  • Contents
  • Introduction
  • Chapter 1 Governance
  • Organizational Governance
  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets
  • Risk Governance
  • Enterprise Risk Management and Risk Management Frameworks
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Chapter 2 IT Risk Assessment
  • IT Risk Identification
  • Risk Events
  • Threat Modeling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • IT Risk Analysis and Evaluation
  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Assessment Standards and Frameworks
  • Risk Ranking
  • Risk Ownership
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk
  • Miscellaneous Risk Considerations
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Chapter 3 Risk Response and Reporting
  • Risk Response
  • Risk and Control Ownership
  • Risk Treatment/Risk Response Options
  • Third-Party Risk
  • Issues, Findings, and Exceptions Management
  • Management of Emerging Risk
  • Control Design and Implementation
  • Control Types and Functions
  • Control Standards and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation
  • Risk Monitoring and Reporting
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques
  • Key Performance Indicators
  • Key Risk Indicators
  • Key Control Indicators
  • Chapter Review
  • Quick Review
  • Questions
  • Answers
  • Chapter 4 Information Technology and Security
  • Enterprise Architecture
  • Platforms
  • Software
  • Databases
  • Operating Systems
  • Networks
  • Cloud
  • Gateways
  • Enterprise Architecture Frameworks
  • Implementing a Security Architecture
  • IT Operations Management
  • Project Management
  • Business Continuity and Disaster Recovery Management
  • Business Impact Analysis
  • Recovery Objectives
  • Recovery Strategies
  • Plan Testing
  • Resilience and Risk Factors
  • Data Lifecycle Management
  • Standards and Guidelines
  • Data Retention Policies
  • Hardware Disposal and Data Destruction Policies
  • Systems Development Life Cycle
  • Planning
  • Requirements
  • Design
  • Development
  • Testing
  • Implementation and Operation
  • Disposal
  • SDLC Risks
  • Emerging Technologies
  • Information Security Concepts, Frameworks, and Standards
  • Confidentiality, Integrity, and Availability

Ejemplares similares