ISACA Certified in Risk and Information Systems Control (CRISC(R)) Exam Guide: A primer on GRC and an exam guide for the most recent and rigorous IT r

Pass the ISACA CRISC exam, gain high-value skills, and propel yourself toward IT risk management mastery

Key Features

• Get end-to-end coverage of all the topics likely to be assessed in the ISACA CRISC exam
• Apply and embed your learning with the help of mock exams and self-assessment questions
• Have an in-depth guide handy as you progress in your enterprise IT risk management career

Book Description

For beginners and experienced IT risk professionals alike, acing the ISACA CRISC exam is no mean feat, and neither is the application of this advanced skillset in your daily work even after you’ve achieved the certification. ISACA Certified in Risk and Information Systems Control (CRISC) Certification Guide is a comprehensive guide to CRISC certification and beyond. This book will help you approach these daunting challenges with its step-by-step coverage of all aspects of the exam content and gain a highly sought-after skillset in the process.

This book is divided into six sections, each section equipped with everything you need to get to grips with the domains covered in the exam. There’ll be no surprises on exam day – from GRC to ethical risk management, third-party security concerns to the ins and outs of control design, and IDS/IPS to the SDLC, no stone is left unturned in this book’s systematic design covering all the topics so that you can sit for the exam with confidence. What’s more, there are chapter-end self-assessment questions for you to test all that you’ve learned, as well as two book-end mock exams to really give you a leg up.

By the end of this CRISC exam study guide, you’ll not just have what it takes to breeze through the certification process, but will also be equipped with an invaluable resource to accompany you on your career path.

What you will learn

• Adopt the ISACA mindset and learn to apply it when attempting the CRISC exam
• Grasp the Three Lines of Defense model and understand risk capacity
• Explore the threat landscape and figure out vulnerability management
• Familiarize yourself with the concepts of BIA, RPO, MTTD, and more
• Get to grips with the four stages of risk response
• Manage third-party security risks and secure your systems with ease
• Use a full arsenal of InfoSec tools to protect your organization
• Test your knowledge with self-assessment questions and mock exams

Who This Book Is For

If you are a risk management professional who is experienced in the management of IT audits or in the design, implementation, monitoring, and maintenance of IS controls, or are gearing up to take the CRISC exam, then this CRISC book is for you. Business analysts, PMs, and other management professionals and executives will also benefit from this book.

通過ISACA CRISC考試，獲得高價值的技能，並推動自己朝著IT風險管理的精通前進。

主要特點：

- 全面涵蓋ISACA CRISC考試可能評估的所有主題
- 通過模擬考試和自我評估問題應用和鞏固所學知識
- 在您的企業IT風險管理職業生涯中，隨時隨地提供深入指南

書籍描述：

對於初學者和有經驗的IT風險專業人員來說，通過ISACA CRISC考試並在日常工作中應用這種高級技能絕非易事。《ISACA Certified in Risk and Information Systems Control (CRISC) Certification Guide》是一本全面指南，涵蓋了CRISC認證及其後續領域。本書將幫助您逐步掌握考試內容的所有方面，並在此過程中獲得極具價值的技能。

本書分為六個部分，每個部分都配備了您在考試中需要掌握的領域。在考試當天，您將不會遇到任何驚喜-從GRC到道德風險管理，從第三方安全問題到控制設計的方方面面，從IDS/IPS到SDLC，本書的系統化設計涵蓋了所有主題，讓您能夠自信地參加考試。更重要的是，書末有章節結束的自我評估問題，供您測試所學知識，還有兩個模擬考試，真正幫助您提升。

通過閱讀本CRISC考試學習指南，您不僅具備了輕鬆通過認證過程所需的能力，還將獲得一個寶貴的資源，伴隨您在職業道路上前行。

您將學到什麼：

- 採用ISACA思維方式，並學習在嘗試CRISC考試時應用它
- 掌握三線防禦模型，並了解風險能力
- 探索威脅環境，並找出漏洞管理
- 熟悉BIA、RPO、MTTD等概念
- 理解風險響應的四個階段
- 管理第三方安全風險，輕鬆保護系統
- 使用完整的信息安全工具保護組織
- 通過自我評估問題和模擬考試測試您的知識

本書適合對IT審計管理、IS控制設計、實施、監控和維護有經驗的風險管理專業人員，或者正在準備參加CRISC考試的人士。商業分析師、項目經理和其他管理專業人員和高管也將從本書中受益。

1. Privacy & IT Risk Management
2. Governance, Risk, and Compliance
3. CRISC Practice Areas and the ISACA Mindset
4. Organizational Governance, Policies, and Risk Management
5. The Three Lines of Defense and Cybersecurity
6. Legal Requirements and the Ethics of Risk Management
7. Risk Management Life Cycle
8. Threat, Vulnerability, and Risk
9. Risk Assessment Concepts, Standards, and Frameworks
10. Business Impact Analysis, Inherent and Residual Risk
11. Risk Response and Control Ownership
12. Third-Party Risk Management
13. Control Design and Implementation
14. Data Collection, Aggregation, Analysis, and Validation
15. Information Technology and Enterprise Architecture
16. Business Continuity, Disaster Recovery, and Incident response
17. System Development Life Cycle (SDLC) and Emerging Technologies

隱私與資訊科技風險管理
治理、風險和合規性
CRISC實踐領域和ISACA思維方式
組織治理、政策和風險管理
三線防禦和網絡安全
法律要求和風險管理倫理
風險管理生命週期
威脅、弱點和風險
風險評估概念、標準和框架
業務影響分析、固有風險和剩餘風險
風險應對和控制所有權
第三方風險管理
控制設計和實施
數據收集、匯總、分析和驗證
資訊科技和企業架構
業務持續性、災難恢復和事件應對
系統開發生命週期（SDLC）和新興技術