Atnaujinkite slapukų nuostatas

El. knyga: CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide

4.16/5 (38 ratings by Goodreads)
,
  • Formatas: 576 pages
  • Serija: All-in-One
  • Išleidimo metai: 11-Dec-2015
  • Leidėjas: McGraw-Hill Inc.,US
  • Kalba: eng
  • ISBN-13: 9780071847148
Kitos knygos pagal šią temą:
CRISC Certified in Risk and Information Systems Control All-in-One Exam GuideDidesnis paveikslėlis
  • Formatas: 576 pages
  • Serija: All-in-One
  • Išleidimo metai: 11-Dec-2015
  • Leidėjas: McGraw-Hill Inc.,US
  • Kalba: eng
  • ISBN-13: 9780071847148
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

An all-new exam guide for the industry-standard information technology risk certification, Certified in Risk and Information Systems Control (CRISC)

Prepare for the updated Certified in Risk and Information Systems Control (CRISC) certification exam with this comprehensive exam guide.CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide covers all four exam domains effective as of June 2015 and contains hundreds of realistic practice exam questions.

Fulfilling the promise of the All-in-One series, this reference guide serves as a test preparation tool AND an on-the-job reference that will serve you well beyond the examination. To aid in self-study, each chapter includes Exam Tips that highlight key information about the exam, chapter summaries that reinforce the chapter's salient points, and end-of-chapter questions that are accurate to the content and question format of the real exam.

  • 100% coverage of the CRISC certification job practice areas effective as of June 2015
  • Includes hands-on exercises for additional practice and Notes, Tips, and Cautions which provide real-world insights
  • CD-ROM features two full-length, customizable practice exams in the Total Tester exam engine and a PDF eBook
Acknowledgments xv
Introduction xvii
Chapter 1 Risk Concepts 1(36)
Basic Security Concepts
2(5)
Goals of Information Security
2(1)
Supporting Security Goals
3(4)
Risk Management Concepts
7(12)
Risk Terms and Definitions
8(4)
Standards, Frameworks, and Best Practices
12(7)
Business Perspective of IT Risk Management
19(5)
Business Goals and Objectives
19(1)
Business Information Criteria
20(1)
Organizational Structures
21(1)
Information Systems Architecture
22(2)
Managing Risk Ownership
24(6)
Risk Ownership
25(1)
Risk Awareness
26(2)
Legal and Governance
28(2)
Chapter Review
30(7)
Review Questions
31(4)
Answers
35(2)
Chapter 2 Threats and Vulnerabilities in the Enterprise 37(32)
Threats and Vulnerabilities
38(4)
Identifying Threats and Vulnerabilities in the Enterprise
38(4)
Business Processes and Initiatives
42(20)
Environmental Risk Factors
42(1)
Threats
43(1)
Vulnerabilities
44(1)
Project and Program Management
44(3)
Third-Party Management
47(2)
Systems Development Life Cycle
49(4)
Emerging Technologies
53(1)
Management of IT Operations
54(2)
Data Management
56(2)
Business Continuity and Disaster Recovery Management
58(4)
Chapter Review
62(7)
Review Questions
62(4)
Answers
66(3)
Chapter 3 Identifying and Managing Risk Scenarios 69(22)
Developing and Managing Risk Scenarios
69(15)
Risk Identification and Classification
70(1)
Risk Scenarios
71(4)
Developing Risk Scenarios
75(5)
Analyzing Risk Scenarios
80(2)
Risk Register
82(2)
Chapter Review
84(7)
Review Questions
84(4)
Answers
88(3)
Chapter 4 Risk Assessment and Analysis 91(34)
Risk Assessment Processes
92(11)
NIST RMF
92(1)
OCTAVE Methodology
93(2)
ISO/IEC Standards
95(1)
ISACAs Risk IT Framework
96(2)
Performing a Risk Assessment
98(5)
Quantitative and Qualitative Techniques
103(7)
Quantitative
104(2)
Qualitative
106(1)
Combining Quantitative and Qualitative Techniques
107(1)
Other Analysis Techniques
108(2)
Risk Analysis
110(9)
Control Analysis
111(5)
Reporting Risk Assessment Results
116(3)
Chapter Review
119(6)
Review Questions
119(4)
Answers
123(2)
Chapter 5 Risk Response and Mitigation 125(34)
Risk Response
126(5)
Risk Response Standards and Frameworks
127(4)
Understanding Risk Response Options
131(6)
Evaluating Risk Response Options
131(2)
Selecting Risk Response
133(1)
Prioritizing Risk Responses
134(3)
Risk Mitigation
137(15)
Risk Response Action Plans
137(1)
Control Development
138(8)
System Development Life Cycle
146(2)
Project Management
148(1)
Project Management Frameworks
148(4)
Chapter Review
152(7)
Review Questions
153(3)
Answers
156(3)
Chapter 6 Control and Risk Monitoring 159(22)
Control Monitoring
160(14)
Control Testing and Assessment
160(6)
Indicators
166(8)
Chapter Review
174(7)
Review Questions
175(3)
Answers
178(3)
Chapter 7 Information Systems Control Concepts 181(28)
Information Security Control Concepts
182(4)
Control Classification
184(1)
Control Selection
185(1)
Control Frameworks
186(15)
NIST
186(4)
COBIT
190(2)
Val IT
192(1)
PCI-DSS
193(2)
Other Control Frameworks
195(6)
Chapter Review
201(8)
Review Questions
203(3)
Answers
206(3)
Chapter 8 Designing and Implementing Controls 209(30)
Business Perspectives of Controls
210(23)
Business Cases for Controls
210(3)
Regulatory Guidance and Controls
213(3)
Business Functions and Controls
216(2)
Information System Security Engineering
218(6)
Design Considerations
224(3)
Control Selection
227(1)
Implementing Controls
228(5)
Chapter Review
233(6)
Review Questions
234(3)
Answers
237(2)
Chapter 9 Measuring Risk and Control Effectiveness 239(28)
Applying Key Performance Indicators
239(24)
Key Performance Indicator Review
240(1)
Key Performance Indicator Development
240(23)
Chapter Review
263(4)
Review Questions
263(2)
Answers
265(2)
Appendix A The NIST Risk Management Framework 267(8)
Overview
268(2)
Tiered Approach
268(1)
Applicability
268(1)
Publications
269(1)
RMF Steps
270(5)
Step 1: Categorize Information Systems
270(1)
Step 2: Select Security Controls
270(2)
Step 3: Implement Security Controls
272(1)
Step 4: Assess Security Controls
273(1)
Step 5: Authorize Information Systems
273(1)
Step 6: Monitor Security Controls
274(1)
Appendix B ISACA's Risk IT Framework 275(10)
Overview
275(4)
Applicability
277(1)
Publications
277(2)
Framework Focus Areas
279(1)
Risk Governance
279(1)
RG1: Establish and Maintain a Common Risk View
280(1)
RG2: Integrate with ERM
280(1)
RG3: Make Risk-Aware Business Decisions
280(1)
Risk Evaluation
280(2)
RE1: Collect Data
281(1)
RE2: Analyze Risk
281(1)
RE3: Maintain Risk Profile
281(1)
Risk Response
282(3)
RR1: Articulate Risk
282(1)
RR2: Manage Risk
283(1)
RR3: React to Events
283(2)
Appendix C About the CD-ROM 285(2)
System Requirements
285(1)
Total Tester Premium Practice Exam Software
285(1)
Installing and Running Total Tester Premium Practice Exam Software
285(1)
PDF Copy of the Book
286(1)
Technical Support
286(1)
Total Seminars Technical Support
286(1)
McGraw-Hill Education Content Support
286(1)
Glossary 287(8)
Index 295
Bobby E. Rogers is an Information Security Engineer working for a major hospital in the southeastern United States. His previous experience includes working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the United States Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a Masters degree in Information Assurance (IA), and is pursuing a doctoral degree in IA from Capitol College, Maryland. His many certifications include CompTIAs A+, CompTIA Network+, CompTIA Security+, and CompTIA Mobility+ certifications, as well as the CISSP-ISSEP, CEH, and MCSE: Security.





Dawn Dunkerley (Meridianville, AL), CISSP, ISSAP, ISSEP, ISSMP, CSSLP, PMP, received a Ph.D. in Information Systems from Nova Southeastern University in 2011 with a doctoral focus of information security success within organizations. Her research interests include cyberwarfare, cybersecurity, and the success and measurement of organizational cybersecurity initiatives. She holds the 2011 ISC2 Government Information Security Leadership Award (Crystal).
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97800718471482e.html
Raktažodžiai: