Security
Reader small image

You're reading from  ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

Product typeBook
Published inSep 2023
PublisherPackt
ISBN-139781803236902
Edition1st Edition
Concepts
Cybersecurity
Right arrow
Author (1)
Shobhit Mehta
Shobhit Mehta
author image
Shobhit Mehta

Shobhit Mehta is the Security and Compliance Director at Headspace, an on-demand mental health company in San Francisco, CA. Previously, he worked in different facets of security and assurance with HSBC, Deutsche Bank, Credit Suisse, PayPal, and Fidelity Investments. He also works with ISACA to develop exam questions for CISA, CISM, and CGEIT, served as the technical reviewer for the CGEIT and CISA review manuals, and is a published author for the COBIT 5 journal. He completed his MS in cybersecurity at Northeastern University, Boston, and holds CRISC, CISM, CISA, CGEIT, CISSP, and CCSP certifications. In his spare time, he likes to explore the inclined trails of the Bay Area, complete ultramarathons, and blog on GRCMusings.
Read more about Shobhit Mehta

Right arrow

What this book covers

Chapter 1, Governance, Risk, and Compliance, provides an introduction to GRC. This chapter includes all the lessons I learned later in my career but should have learned when I started.

Chapter 2, CRISC Practice Areas and the ISACA Mindset, provides a detailed description of the CRISC exam and practice areas. This chapter also includes my experience of attempting CRISC exams and understanding the ISACA mindset from both sides – as a candidate for the exam and also when I write questions for the official ISACA exam.

Chapter 3, Organizational Governance, Policies, and Risk Management, provides an introduction to organizational governance, strategy, structure, and culture. Governance is often confused with management, which is not true. This chapter continues from the lessons of Chapter 1.

Chapter 4, The Three Lines of Defense and Cybersecurity, provides an introduction to the concept of the three lines of defense and more importantly how you could draw the teachings from this model to develop your own cybersecurity program.

Chapter 5, Legal Requirements and the Ethics of Risk Management, provides an overview of major laws and regulations affecting IT risk. We will also learn about the importance of professional ethics in risk management and how it influences organizational culture.

Chapter 6, Risk Management Life Cycle, provides an introduction to the concept of risk, where you will learn how is it different from IT risk; take a deeper dive into the risk management life cycle; understand the requirements of risk assessments; learn the difference between issues, events, incidents, and breaches; and ultimately learn about how events and incidents are correlated. We will also learn how to choose different sets of controls (detective/corrective/preventive) to influence the inherent risk and optimize the residual risk.

Chapter 7, Threat, Vulnerability, and Risk, provides an introduction to the concepts of threat, vulnerability, and risk, helping you understand the relationships between each and teaching you about threat modeling and the threat landscape. We will also learn about vulnerability and control analysis, as well as vulnerability sources, and briefly touch on building a vulnerability management program.

Chapter 8, Risk Assessment Concepts, Standards, and Frameworks, builds on the knowledge from Chapter 7. We will learn about maintaining an effective risk register and how we can leverage already available industry risk catalogs to baseline the risk assessment program for an organization.

Chapter 9, Business Impact Analysis, and Inherent and Residual Risk, details the differences between Business Impact Analysis (BIA) and risk assessments. You will learn concepts related to BIA and the differences between inherent and residual risk, and finally, review how BIA can be used for business continuity and disaster recovery planning.

Chapter 10, Risk Response and Control Ownership, introduces the concept of risk response and monitoring and risk and control ownership, and details the risk response strategies – mitigate/accept/transfer/avoid.

Chapter 11, Third-Party Risk Management, introduces the concepts of third-party risk management and how to perform an effective third-party risk evaluation. We will also learn about issues, findings, exceptions, and how to manage them effectively.

Chapter 12, Control Design and Implementation, introduces the different types of controls, standards, frameworks, and methodologies for control design and selection and how to implement them effectively. We will also learn about several control techniques and methods to evaluate them effectively.

Chapter 13, Log Aggregation, Risk and Control Monitoring, and Reporting, provides a summary of the different methods of log sources, aggregation, and analysis. We will also learn about risk and control monitoring and reporting, and how to present them effectively.

Chapter 14, Enterprise Architecture and Information Technology, introduces the concept of enterprise architecture, the Capability Maturity Model, and IT operations, such as management and other network and technology concepts.

Chapter 15, Enterprise Resiliency and Data Life Cycle Management, provides a deep dive into the concepts of enterprise resiliency while building the foundations of a resilient architecture and data life cycle management.

Chapter 16, The System Development Life Cycle and Emerging Technologies, provides an understanding of the components of the software development life cycle and builds a foundational understanding of emerging technologies and the related security implications.

Chapter 17, Information Security and Privacy Principles, provides an understanding of information security and privacy principles, which secure the system and build trust with the users.

Chapter 18, Practice Quiz – Part 1, contains 100 review questions with a detailed explanation of each written from my experience of working with ISACA for many years.

Chapter 19, Practice Quiz – Part 2, contains additional 100 questions to solidify your understanding and ultimately set you up for success!

lock icon
The rest of the page is locked
Previous Page
Chapter 1 of 28, Page 3
Next Page
You have been reading a chapter from
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Published in: Sep 2023Publisher: PacktISBN-13: 9781803236902
© 2023 Packt Publishing Limited All Rights Reserved

Author (1)

author image
Shobhit Mehta

Shobhit Mehta is the Security and Compliance Director at Headspace, an on-demand mental health company in San Francisco, CA. Previously, he worked in different facets of security and assurance with HSBC, Deutsche Bank, Credit Suisse, PayPal, and Fidelity Investments. He also works with ISACA to develop exam questions for CISA, CISM, and CGEIT, served as the technical reviewer for the CGEIT and CISA review manuals, and is a published author for the COBIT 5 journal. He completed his MS in cybersecurity at Northeastern University, Boston, and holds CRISC, CISM, CISA, CGEIT, CISSP, and CCSP certifications. In his spare time, he likes to explore the inclined trails of the Bay Area, complete ultramarathons, and blog on GRCMusings.
Read more about Shobhit Mehta

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages