From the course: CRISC Cert Prep: 2 IT Risk Assessment
IT risk assessment
From the course: CRISC Cert Prep: 2 IT Risk Assessment
IT risk assessment
- [Instructor] In the previous course, we focused on how to identify IT risks within your organization using a governance-based approach. Knowing the risks that your organization is up against is important, but that knowledge by itself doesn't actually improve your organization's risk posture. In order to understand how to best go about responding to and mitigating those risks, you'll want to add context to those risks by assessing them. The second domain or job practice area that CRISCs are expected to understand, is IT risk assessment. As a CRISC, you'll be expected to review your identified risks in more detail, building a more robust understanding of how those risks might impact critical business processes. You'll also be expected to understand what controls you already have in place that might mitigate those risks, and how you should prioritize your resources when you want to take further action to reduce your exposure. This domain is divided into two sections. IT risk identification and IT risk analysis and evaluation. IT risk identification focuses on the processes you can implement to shed light on risks that might ultimately disrupt your organization's business operations. A couple of examples of those disruptions or loss events as ISACA likes to call them, are the breach of sensitive information or a critical system being unexpectedly taken offline. This section includes four focus areas, risk events, threat modeling and threat landscape, vulnerability and control deficiency analysis, and risk scenario development. IT risk analysis and evaluation helps you prioritize your responses to those risks by taking a closer look at how bad it would actually be if one of those loss events were to occur. This section includes five focus areas, risk assessment concepts, standards, and frameworks, risk register, risk analysis methodologies, business impact analysis, and inherent and residual risk. This flow of identifying risks to analyzing and evaluating those risks becomes a habit for CRISCs over time. By digging into the concepts outlined in this domain, you'll have tools and techniques at your disposal to help ensure that your time invested in these activities is time well spent.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.