A fully updated self-study guide for the industry-standard information technology risk certification, CRISC

Written by information security risk experts, this complete self-study system is designed to help you prepare for―and pass―ISACA’s CRISC certification exam. CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition features learning objectives, explanations, exam tips, and hundreds of practice questions. Beyond exam prep, this practical guide serves as an ideal on-the-job reference for risk management and IT security professionals.

Covers all exam topics, including:

• IT and cybersecurity governance
• Enterprise risk management and risk treatment
• IT risk assessments and risk analysis
• Controls and control frameworks
• Third-party risk management
• Risk metrics, KRIs, KCIs, and KPIs
• Enterprise architecture
• IT operations management
• Business impact analysis
• Business continuity and disaster recovery planning
• Data privacy
• Online content includes:300 practice exam questions
• Test engine that provides full-length practice exams and customizable quizzes by exam topic

Table of Contents

Chapter 1 Governance

Chapter 2 IT Risk Assessment

Chapter 3 Risk Response and Reporting

Chapter 4 Information Technology and Security

Appendix A Implementing and Managing a Risk Management Program

Appendix B About the Online Content

About the Authors

Peter H. Gregory, CRISC, CISM®, CISA®, CDPSE™, CIPM®, CISSP®, DRCE, CCSK™, is a career information technologist, conference speaker, and security leader. He is the senior director of cyber GRC in a telecommunications company and the author of over forty books, including CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition, and CISM Certified Information Security Manager All-in-One Exam Guide.

Dawn Dunkerley, PhD, CRISC, CISSP, CISSP-ISSAP®, CISSP-ISSEP®, CISSP-ISSMP®, CSSLP®, CompTIA Security+™, is a leading cyberwarfare and cybersecurity researcher and author. She is an editor for The Cyber Defense Review published by the United States Army Cyber Institute and a Fellow of the Americas Institute for Cybersecurity Leadership.

Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies and has secured networks all over the world. His many certifications include CRISC, CISSP-ISSEP, CEH™, MCSE: Security, CompTIA A+™, Network+™, Security+, and Mobility+™.

He is an Information Security Engineer working for a major hospital in the southeastern United States. His previous experience includes working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the United States Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a Master’s degree in Information Assurance (IA), and is pursuing a doctoral degree in IA from Capitol College, Maryland. His many certifications include CompTIA’s A+, CompTIA Network+, CompTIA Security+, and CompTIA Mobility+ certifications, as well as the CISSP-ISSEP, CEH, and MCSE: Security.

Dawn Dunkerley (Meridianville, AL), CISSP, ISSAP, ISSEP, ISSMP, CSSLP, PMP, received a Ph.D. in Information Systems from Nova Southeastern University in 2011 with a doctoral focus of information security success within organizations. Her research interests include cyberwarfare, cybersecurity, and the success and measurement of organizational cybersecurity initiatives. She holds the 2011 ISC2 Government Information Security Leadership Award (Crystal).