Show Menu
Cheatography

CRISC Prep: Domain 1 Cheat Sheet (DRAFT) by

CRISC Prep Domain 1 Governance

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Organi­zat­ional Strategy, Goals and Objectives

 

Policies and Standards

 
 

Structure, Roles and Respon­sib­ilities

RACI
Respon­sible, Accoun­table, Consulted, Informed
Key Roles
Organi­zat­ional Structure and Culture

Business Process Review

 
 

Organi­zat­ional Culture

Risk Awareness Programs
§ Training and workshop (must bue customised and tailored) (for all emp, vendors) § Periodic bulletins and magazine § Quizzes § Control self-a­sse­ssment programs § Awareness messages through emails and SMS
Training need identi­fic­ation
is an important aspect that can be derived through various sources such as help desk activity, operat­ional errors, security events and audits.
Most effective method to ensure that user comply with BYOD policies and procedures
Educating users on acceptable and unacce­ptable practices
Effect­iveness of an incident training can be determined
Increase in valid incident reporting
Social engine­ering risk can be reduced by
Security awareness programs
Main objective of risk management process
Risk aware business decisions
isk aware business decisions depends on
Availa­bility of accurate and timely inform­ation
Prime consid­eration when developing an risk awareness program
Process owner should able to understand how risk can impact their process as well as overall business.
Risk Aware Culture
improve the ethics of the organi­zation § enhance risk reporting procedure § suspected behavior is reported at the earliest § risk is well understood and known
Greatest benefit of a risk-aware culture- Suspected behaviour is reported at the earliest

Organi­zat­ional Assets