CRISC

Table of Contents
About This Manual
	Overview
	Organization of This Manual
	Format of This Manual
	Evaluation of This Manual
	About the CRISC Review Questions, Answers & Explanations Manual
	About the CRISC Review Questions, Answers & Explanations Database
Introduction to IT Risk Management
	Governance and Risk Management
	The Context of IT Risk Management
	Key Concepts of Risk
	Risk in Relation to Other Business Functions
	IT Risk Management Good Practices
	Summary
	Endnotes
Chapter 1: IT Risk Identification
	Section One: Overview
		Domain Definition
		Learning Objectives
		CRISC Exam Reference
		Task and Knowledge Statements
		Self-assessment Questions
		Answers to Self-assessment Questions
		Suggested Resources for Further Study
	Section Two: Content
		1.0 Overview
		1.1 Risk Capacity, Risk Appetite and Risk Tolerance
		1.2 Risk Culture and Communication
		1.3 Elements of Risk
		1.4 Information Security Risk Concepts and Principles
		1.5 The IT Risk Strategy of the Business
		1.6 IT Concepts and Areas of Concern for the Risk Practitioner
		1.7 Methods of Risk Identification
		1.8 IT Risk Scenarios
		1.9 Ownership and Accountability
		1.10 The IT Risk Register
		1.11 Risk Awareness
		1.12 Summary
		Endnotes
Chapter 2: IT Risk Assessment
	Section One: Overview
		Domain Definition
		Learning Objectives
		CRISC Exam Reference
		Task and Knowledge Statements
		Self-assessment Questions
		Answers to Self-assessment Questions
		Suggested Resources for Further Study
	Section Two: Content
		2.0 Overview
		2.1 Risk Assessment Techniques
		2.2 Analyzing Risk Scenarios
		2.3 Current State of Controls
		2.4 Changes in the Risk Environment
		2.5 Project and Program Management
		2.6 Risk and Control Analysis
		2.7 Risk Analysis Methodologies
		2.8 Risk Ranking
		2.9 Documenting Risk Assessments
		2.10 Summary
		Endnotes
Chapter 3: Risk Response and Mitigation
	Section One: Overview
		Domain Definition
		Learning Objectives
		CRISC Exam Reference
		Task and Knowledge Statements
		Self-assessment Questions
		Answers to Self-assessment Questions
		Suggested Resources for Further Study
	Section Two: Content
		3.0 Overview
		3.1 Aligning Risk Response With Business Objectives
		3.2 Risk Response Options
		3.3 Analysis Techniques
		3.4 Vulnerabilities Associated With New Controls
		3.5 Developing a Risk Action Plan
		3.6 Business Process Review Tools and Techniques
		3.7 Control Design and Implementation
		3.8 Control Monitoring and Effectiveness
		3.9 Types of Risk
		3.10 Control Activities, Objectives, Practices and Metrics
		3.11 Systems Control Design and Implementation
		3.12 Impact of Emerging Technologies on Design and Implementation of Controls
		3.13 Control Ownership
		3.14 Risk Management Procedures and Documentation
		3.15 Summary
		Endnotes
Chapter 4: Risk and Control Monitoring and Reporting
	Section One: Overview
		Domain Definition
		Learning Objectives
		CRISC Exam Reference
		Task and Knowledge Statements
		Self-assessment Questions
		Answers to Self-assessment Questions
		Suggested Resources for Further Study
	Section Two: Content
		4.0 Overview
		4.1 Key Risk Indicators
		4.2 Key Performance Indicators
		4.3 Data Collection and Extraction Tools and Techniques
		4.4 Monitoring Controls
		4.5 Control Assessment Types
		4.6 Results of Control Assessments
		4.7 Changes to the IT Risk Profile
		4.8 Summary
		Endnotes
General Information
Glossary
Evaluation