Klienditugi: 7440010 (E-R 10-18)

Abi | Registreeri | Logi sisse

E-raamat: CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition

4.00/5 (6 hinnangut Goodreads-ist)

Bobby Rogers, Dawn Dunkerley, Peter Gregory

Formaat: 276 pages
Ilmumisaeg: 06-May-2022
Kirjastus: McGraw-Hill Education
Keel: eng
ISBN-13: 9781260473346

Teised raamatud teemal:

Computer certification

Formaat - PDF+DRM
Hind: 62,40 €*
* hind on lõplik, st. muud allahindlused enam ei rakendu
Lisa ostukorvi
Lisa soovinimekirja
See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.

Formaat: 276 pages
Ilmumisaeg: 06-May-2022
Kirjastus: McGraw-Hill Education
Keel: eng
ISBN-13: 9781260473346

Teised raamatud teemal:

Computer certification

DRM piirangud

Kopeerimine (copy/paste):

ei ole lubatud
Printimine:

ei ole lubatud
Kasutamine:

Digitaalõiguste kaitse (DRM)
Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

Vajalik tarkvara
Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

Seda e-raamatut ei saa lugeda Amazon Kindle's.

A fully updated self-study guide for the industry-standard information technology risk certification, CRISCWritten by information security risk experts, this complete self-study system is designed to help you prepare forand passISACAs CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals.

Covers all exam topics, including:

IT and cybersecurity governance Enterprise risk management and risk treatment IT risk assessments and risk analysis Controls and control frameworks Third-party risk management Risk metrics, KRIs, KCIs, and KPIs Enterprise architecture IT operations management Business impact analysis Business continuity and disaster recovery planning Data privacy

Online content includes:

300 practice exam questions Test engine that provides full-length practice exams and customizable quizzes by exam topic

Acknowledgments

Introduction

xvii

Chapter 1 Governance

(20)

Organizational Governance

(8)

Organizational Strategy, Goals, and Objectives

(1)

Organizational Structure, Roles, and Responsibilities

(1)

Organizational Culture

(1)

Policies and Standards

(1)

Business Processes

(1)

Organizational Assets

(4)

Risk Governance

(5)

Enterprise Risk Management and Risk Management Frameworks

(2)

Three Lines of Defense

(1)

Risk Profile

(1)

Risk Appetite and Risk Tolerance

(1)

Legal, Regulatory, and Contractual Requirements

(1)

Professional Ethics of Risk Management

(1)

Chapter Review

(6)

Quick Review

(1)

Questions

(3)

Answers

(1)

Chapter 2 IT Risk Assessment

(60)

IT Risk Identification

(18)

Risk Events

(3)

Threat Modeling and Threat Landscape

(2)

Vulnerability and Control Deficiency Analysis

(8)

Risk Scenario Development

(2)

IT Risk Analysis and Evaluation

(33)

Risk Assessment Concepts, Standards, and Frameworks

(5)

Risk Assessment Standards and Frameworks

(6)

Risk Ranking

(1)

Risk Ownership

(1)

Risk Register

(4)

Risk Analysis Methodologies

(10)

Business Impact Analysis

(5)

Inherent and Residual Risk

(1)

Miscellaneous Risk Considerations

(1)

Chapter Review

(8)

Quick Review

(1)

Questions

(3)

Answers

(3)

Chapter 3 Risk Response and Reporting

(46)

Risk Response

(11)

Risk and Control Ownership

(1)

Risk Treatment/Risk Response Options

(3)

Third-Party Risk

(3)

Issues, Findings, and Exceptions Management

(1)

Management of Emerging Risk

(3)

Control Design and Implementation

(13)

Control Types and Functions

(3)

Control Standards and Frameworks

(5)

Control Design, Selection, and Analysis

101

(3)

Control Implementation

104

(2)

Control Testing and Effectiveness Evaluation

106

(1)

Risk Monitoring and Reporting

106

(8)

Risk Treatment Plans

108

(1)

Data Collection, Aggregation, Analysis, and Validation

108

(1)

Risk and Control Monitoring Techniques

109

(1)

Risk and Control Reporting Techniques

109

(1)

Key Performance Indicators

110

(2)

Key Risk Indicators

112

(1)

Key Control Indicators

113

(1)

Chapter Review

114

(13)

Quick Review

116

(3)

Questions

119

(4)

Answers

123

(4)

Chapter 4 Information Technology and Security

127

(56)

Enterprise Architecture

128

(7)

Platforms

129

(1)

Software

129

(1)

Databases

130

(1)

Operating Systems

130

(1)

Networks

130

(1)

Cloud

131

(1)

Gateways

132

(1)

Enterprise Architecture Frameworks

132

(3)

Implementing a Security Architecture

135

(1)

IT Operations Management

135

(2)

Project Management

137

(3)

Business Continuity and Disaster Recovery Management

140

(4)

Business Impact Analysis

141

(1)

Recovery Objectives

141

(1)

Recovery Strategies

141

(1)

Plan Testing

142

(1)

Resilience and Risk Factors

142

(2)

Data Lifecycle Management

144

(3)

Standards and Guidelines

145

(1)

Data Retention Policies

146

(1)

Hardware Disposal and Data Destruction Policies

147

(1)

Systems Development Life Cycle

147

(5)

Planning

149

(1)

Requirements

149

(1)

Design

149

(1)

Development

150

(1)

Testing

150

(1)

Implementation and Operation

150

(1)

Disposal

151

(1)

SDLC Risks

151

(1)

Emerging Technologies

152

(2)

Information Security Concepts, Frameworks, and Standards

154

(11)

Confidentiality, Integrity, and Availability

154

(1)

Access Control

155

(1)

Data Sensitivity and Classification

156

(1)

Identification and Authentication

157

(1)

Authorization

157

(1)

Accountability

158

(1)

Non-Repudiation

158

(1)

Frameworks, Standards, and Practices

159

(1)

NIST Risk Management Framework

160

(2)

ISO 27001/27002/27701/31000

162

(1)

COBIT 2019 (ISACA)

162

(2)

The Risk IT Framework (ISACA)

164

(1)

Security and Risk Awareness Training Programs

165

(2)

Awareness Tools and Techniques

165

(1)

Developing Organizational Security and Risk Awareness Programs

166

(1)

Data Privacy and Data Protection Principles

167

(8)

Security Policies

167

(1)

Access Control

167

(1)

Physical Access Security

168

(1)

Network Security

168

(5)

Human Resources

173

(2)

Chapter Review

175

(8)

Quick Review

177

(1)

Questions

178

(3)

Answers

181

(2)

Appendix A Implementing and Managing a Risk Management Program

183

(22)

Today's Risk Landscape

183

(3)

What Is a Risk Management Program?

186

(2)

The Purpose of a Risk Management Program

187

(1)

The Risk Management Life Cycle

188

(17)

Risk Discovery

188

(5)

Types of Risk Registers

193

(1)

Reviewing the Risk Register

194

(2)

Performing Deeper Analysis

196

(3)

Developing a Risk Treatment Recommendation

199

(4)

Publishing and Reporting

203

(2)

Appendix B About the Online Content

205

(4)

System Requirements

205

(1)

Your Total Seminars Training Hub Account

205

(1)

Privacy Notice

205

(1)

Single User License Terms and Conditions

205

(2)

TotalTester Online

207

(1)

Technical Support

207

(2)

Glossary

209

(12)

Index

221

Dawn Dunkerley (Meridianville, AL), CISSP, ISSAP, ISSEP, ISSMP, CSSLP, PMP, received a Ph.D. in Information Systems from Nova Southeastern University in 2011 with a doctoral focus of information security success within organizations. Her research interests include cyberwarfare, cybersecurity, and the success and measurement of organizational cybersecurity initiatives. She holds the 2011 ISC2 Government Information Security Leadership Award (Crystal).

Bobby E. Rogers is an Information Security Engineer working for a major hospital in the southeastern United States. His previous experience includes working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the United States Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a Masters degree in Information Assurance (IA), and is pursuing a doctoral degree in IA from Capitol College, Maryland. His many certifications include CompTIAs A+, CompTIA Network+, CompTIA Security+, and CompTIA Mobility+ certifications, as well as the CISSP-ISSEP, CEH, and MCSE: Security.

Lisainfo e-raamatute kohta