Dive into the CRISC (Certified in Risk and Information Systems Control) perspective of Risk Governance! ๐ This mind map provides a comprehensive overview of Risk Governance principles from a CRISC standpoint.
Threat hunting is a proactive cybersecurity strategyInfosec train
ย
More Related Content
Similar to ๐๐๐๐๐ ๐๐ข๐ง๐ ๐๐๐ฉ ๐๐จ๐ซ ๐๐๐๐๐๐ญ๐ข๐ฏ๐ ๐๐ข๐ฌ๐ค ๐๐จ๐ฏ๐๐ซ๐ง๐๐ง๐๐
Similar to ๐๐๐๐๐ ๐๐ข๐ง๐ ๐๐๐ฉ ๐๐จ๐ซ ๐๐๐๐๐๐ญ๐ข๐ฏ๐ ๐๐ข๐ฌ๐ค ๐๐จ๐ฏ๐๐ซ๐ง๐๐ง๐๐ (20)
2. A: Organizational
Governance
Organizational Strategy
Goals and Objectives
Organizational Structure,
Roles and Responsibilities
Organizational Culture
Policies and Standards
Business Processes
Organizational Assets
Three Lines of Defense
Enterprise Risk Management and
Risk Management Framework
Risk Pro๏ฌle
Risk Appetite and
Risk Tolerance
Legal, Regulatory and
Contractual Requirements
Professional Ethics of
Risk Management
B: Risk
Governance
DOMAIN 1: GOVERNANCE (26%)
DOMAIN
1
SWIPE
www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
3. Risk Events (e.g., contributing
conditions, loss result)
Threat Modeling and
Threat Landscape
Vulnerability and Control
De๏ฌciency Analysis (e.g.,
root cause analysis)
Risk Scenario Development
Risk Assessment Concepts,
Standards and Frameworks
Risk Register
Risk Analysis Methodologies
Business Impact Analysis
Inherent and Residual Risk
A: IT Risk
Identi๏ฌcation
B: IT Risk Analysis
and Evaluation
DOMAIN 2: IT RISK ASSESSMENT (20%)
SWIPE
www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
DOMAIN
2
4. Control Types, Standards
and Frameworks
Control Design, Selection
and Analysis
Control Implementation
Control Testing and
Effectiveness Evaluation
A: Risk
Response
C: Risk Monitoring
and Reporting
B: Control Design
and Implementation
Risk Treatment / Risk
Response Options
Risk and Control Ownership
Third-Party Risk Management
Issue, Finding and Exception
Management
Management of Emerging Risk
Data Collection, Aggregation,
Analysis and Validation
Risk Treatment Plans
Risk and Control Monitoring
Techniques
Risk and Control Reporting
Techniques (heatmap,
scorecards, dashboards)
Key Performance Indicators
Key Risk Indicators (KRIs)
Key Control Indicators (KCIs)
DOMAIN 3: RISK RESPONSE AND REPORTING (32%)
SWIPE
www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
DOMAIN
3
5. DOMAIN
4
DOMAIN 4: INFORMATION TECHNOLOGY AND SECURITY (22%)
Information Security Concepts,
Frameworks and Standards
Information Security Awareness
Training
Business Continuity Management
Data Privacy and Data
Protection Principles
A: Information
Technology
Principles
B: Information
Security
Principles
IT Operations Management
(e.g., change management, IT
assets, problems, incidents)
Enterprise Architecture
Project Management
Disaster Recovery
Management (DRM)
Data Lifecycle Management
System Development Life
Cycle (SDLC)
Emerging Technologies
SWIPE
www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
6. To Get More Insights Through Our FREE
FOUND THIS USEFUL?
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE FOLLOW
SHARE
