0 likes | 9 Views
Dive into the CRISC (Certified in Risk and Information Systems Control) perspective of Risk Governance! ud83cudf10 This mind map provides a comprehensive overview of Risk Governance principles from a CRISC standpoint.<br>
E N D
#learntorise SWIPE www.infosectrain.com
#learntorise DOMAIN 1: GOVERNANCE (26%) Organizational Strategy Goals and Objectives Organizational Structure, Roles and Responsibilities A: Organizational Governance Organizational Culture Policies and Standards Business Processes Organizational Assets DOMAIN 1 Enterprise Risk Management and Risk Management Framework Three Lines of Defense Risk Profile B: Risk Governance Risk Appetite and Risk Tolerance Legal, Regulatory and Contractual Requirements Professional Ethics of Risk Management SWIPE www.infosectrain.com
#learntorise DOMAIN 2: IT RISK ASSESSMENT (20%) Risk Events (e.g., contributing conditions, loss result) Threat Modeling and Threat Landscape A: IT Risk Identification Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) DOMAIN 2 Risk Scenario Development Risk Assessment Concepts, Standards and Frameworks Risk Register B: IT Risk Analysis and Evaluation Risk Analysis Methodologies Business Impact Analysis Inherent and Residual Risk SWIPE www.infosectrain.com
#learntorise DOMAIN 3: RISK RESPONSE AND REPORTING (32%) Risk Treatment / Risk Response Options Risk and Control Ownership A: Risk Response Third-Party Risk Management Issue, Finding and Exception Management Management of Emerging Risk Control Types, Standards and Frameworks DOMAIN 3 Control Design, Selection and Analysis B: Control Design and Implementation Control Implementation Control Testing and Effectiveness Evaluation Risk Treatment Plans Data Collection, Aggregation, Analysis and Validation Risk and Control Monitoring Techniques Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) C: Risk Monitoring and Reporting Key Performance Indicators Key Risk Indicators (KRIs) Key Control Indicators (KCIs) SWIPE www.infosectrain.com
#learntorise DOMAIN 4: INFORMATION TECHNOLOGY AND SECURITY (22%) Enterprise Architecture IT Operations Management (e.g., change management, IT assets, problems, incidents) Project Management A: Information Technology Principles Disaster Recovery Management (DRM) Data Lifecycle Management DOMAIN 4 System Development Life Cycle (SDLC) Emerging Technologies Information Security Concepts, Frameworks and Standards Information Security Awareness Training B: Information Security Principles Business Continuity Management Data Privacy and Data Protection Principles SWIPE www.infosectrain.com
FOUND THIS USEFUL? To Get More Insights Through Our FREE Courses | Workshops | eBooks | Checklists | Mock Tests LIKE SHARE FOLLOW