Download to read offline
Uploaded byInfosecTrain Education
πππππ ππ’π§π πππ© ππ¨π« πππππππ’π―π ππ’π¬π€ ππ¨π―ππ«π§ππ§ππ.pdf
The document outlines a comprehensive framework for organizational governance and risk management, detailing key domains such as governance, IT risk assessment, risk response, and information technology/security. It includes essential concepts, methodologies, and best practices related to risk management, risk assessment, control design, and information security. Additionally, the document emphasizes the importance of organizational culture, policies, and compliance with legal and regulatory requirements.
Educationβ¦
More Related Content
Similar to πππππ ππ’π§π πππ© ππ¨π« πππππππ’π―π ππ’π¬π€ ππ¨π―ππ«π§ππ§ππ.pdf
πππππ ππ’π§π πππ© ππ¨π« πππππππ’π―π ππ’π¬π€ ππ¨π―ππ«π§ππ§ππ.pdf
- 1.
- 2. A: Organizational Governance Organizational Strategy Goalsand Objectives Organizational Structure, Roles and Responsibilities Organizational Culture Policies and Standards Business Processes Organizational Assets Three Lines of Defense Enterprise Risk Management and Risk Management Framework Risk Proο¬le Risk Appetite and Risk Tolerance Legal, Regulatory and Contractual Requirements Professional Ethics of Risk Management B: Risk Governance DOMAIN 1: GOVERNANCE (26%) DOMAIN 1 SWIPE www.infosectrain.com # l e a r n t o r i s e
- 3. Risk Events (e.g.,contributing conditions, loss result) Threat Modeling and Threat Landscape Vulnerability and Control Deο¬ciency Analysis (e.g., root cause analysis) Risk Scenario Development Risk Assessment Concepts, Standards and Frameworks Risk Register Risk Analysis Methodologies Business Impact Analysis Inherent and Residual Risk A: IT Risk Identiο¬cation B: IT Risk Analysis and Evaluation DOMAIN 2: IT RISK ASSESSMENT (20%) SWIPE www.infosectrain.com # l e a r n t o r i s e DOMAIN 2
- 4. Control Types, Standards andFrameworks Control Design, Selection and Analysis Control Implementation Control Testing and Effectiveness Evaluation A: Risk Response C: Risk Monitoring and Reporting B: Control Design and Implementation Risk Treatment / Risk Response Options Risk and Control Ownership Third-Party Risk Management Issue, Finding and Exception Management Management of Emerging Risk Data Collection, Aggregation, Analysis and Validation Risk Treatment Plans Risk and Control Monitoring Techniques Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) Key Performance Indicators Key Risk Indicators (KRIs) Key Control Indicators (KCIs) DOMAIN 3: RISK RESPONSE AND REPORTING (32%) SWIPE www.infosectrain.com # l e a r n t o r i s e DOMAIN 3
- 5. DOMAIN 4 DOMAIN 4: INFORMATIONTECHNOLOGY AND SECURITY (22%) Information Security Concepts, Frameworks and Standards Information Security Awareness Training Business Continuity Management Data Privacy and Data Protection Principles A: Information Technology Principles B: Information Security Principles IT Operations Management (e.g., change management, IT assets, problems, incidents) Enterprise Architecture Project Management Disaster Recovery Management (DRM) Data Lifecycle Management System Development Life Cycle (SDLC) Emerging Technologies SWIPE www.infosectrain.com # l e a r n t o r i s e
- 6. To Get MoreInsights Through Our FREE FOUND THIS USEFUL? Courses | Workshops | eBooks | Checklists | Mock Tests LIKE FOLLOW SHARE