Professional Documents
Culture Documents
Risk-Isaca PDF
Risk-Isaca PDF
ISACA BOOKSTORE
isaca.org/bookstore
CRISC™ Exam Prep Materials
NEW! NEW!
CRISC™ Review Questions, Answers & CRISC™ Review Manual, 6th Edition
Explanations Database—12-Month Subscription by ISACA
by ISACA The CRISC™ Review Manual, 6th Edition is a comprehensive
The CRISC Practice Question Database is a comprehensive
™ reference guide designed to help individuals prepare for
500-question pool of items that contains the questions from the CRISC exam and understand IT-related business risk
the CRISC™ Review Questions, Answers & Explanations management roles and responsibilities. The manual has
Manual, 4th Edition. The database is available via the web, been enhanced over the past editions and represents the
allowing CRISC candidates to log in at home, at work or most current, comprehensive, peer-reviewed IT-related
ISACA® (isaca.org) helps global professionals lead, adapt anywhere they have Internet connectivity. The database is business risk management resource available worldwide.
MAC and Windows compatible.
and assure trust in an evolving digital world by offering The 6th edition manual is organized to assist candidates in
Exam candidates can take sample exams with randomly understanding essential concepts and studying the following
innovative and world-class knowledge, standards, selected questions and view the results by job practice job practice areas:
domain, allowing for concentrated study in particular areas. • IT Risk Identification
networking, credentialing and career development. Additionally, questions generated during a study session are • IT Risk Assessment
Established in 1969, ISACA is a global nonprofit association sorted based on previous scoring history, allowing CRISC
candidates to identify their strengths and weaknesses and
• Risk Response and Mitigation
• Risk and Control Monitoring and Reporting
of 140,000 professionals in 180 countries. ISACA focus their study efforts accordingly.
The CRISC™ Review Manual, 6th Edition offers an
also offers the Cybersecurity Nexus™ (CSX), a holistic Other features provide the ability to select sample exams
easy-to-navigate format. Each of the book’s four chapters
by specific job practice domain, view questions that were
cybersecurity resource, and COBIT®, a business framework previously answered incorrectly and vary the length of study
has been divided into two sections for focused study.
Section one of each chapter contains:
sessions, giving candidates the ability to customize their
to govern enterprise technology. study approach to fit their needs. • Definitions and objectives for the four areas
• Task and knowledge statements
After purchase, access this course by visiting your MyISACA • Self-assessment questions, answers and explanations
page and clicking CRISC™ Question Database button.
• Suggested resources for further study
2016
Member: US $185.00 Section two of each chapter consists of reference material
CRISC Non-member: US $225.00
3701 Algonquin Road | Suite 1010
P: +1.847.253.1545
F: +1.847.253.1443
E: info@isaca.org
6 Edition
th
Member: US $85.00
P: +1.847.253.1545
F: +1.847.253.1443
E: info@isaca.org
Review Manual
P: +1.847.253.1545
E-mail: bookstore@isaca.org
F: +1.847.253.1443
E: info@isaca.org
Tel: +1.847.660.5650
Fax: +1.847.253.1443
“ISACA CERTIFICATIONS
NEW!
INSTANTLY SEE
& Explanations Manual 2015 Supplement.
YOU AS AN ASSET.”
to be more representative of the CRISC exam question
format, and/or to provide further clarity or explanation of
the correct answer. These questions are not actual exam
items, but are intended to provide CRISC candidates with
an understanding of the type and structure of questions and — URMILLA PERSAD, CISA, CISM, CRISC
content that have previously appeared on the exam. IT AUDIT MANAGER, FIRST CITIZENS TRINIDAD & TOBAGO
PORT OF SPAIN, TRINIDAD & TOBAGO
To help candidates maximize—and customize—study ISACA MEMBER SINCE 2004
efforts, questions are presented in the following two ways:
• Sorted by job practice area—Questions, answers and
explanations are sorted by the CRISC job practice Becoming ISACA-certified doesn’t just say you’re well read or well
areas. This allows the CRISC candidate to refer to connected. It announces that you have the expertise and insight
questions that focus on a particular area as well as to to speak with authority. The credibility that it adds lets you create
evaluate comprehension of the topics covered within value for your enterprise. Your ISACA certifications are more than
each practice area. just credentials, they are platforms that can elevate your career.
• Scrambled as a sample 150-question exam—The
questions are arranged to represent a full-length
CRISC exam, with questions chosen in the same
percentages as the current CRISC job practice areas.
Candidates are urged to use this sample test to simulate
an actual exam, but also to determine their strengths
and weaknesses in order to identify areas that require
further study. Answer sheets and an answer/reference
key for the sample exam are also included. All sample
test questions have been cross-referenced to the
questions sorted by practice area, making it convenient
for the user to refer back to the explanations of the
correct answers.
Member: US $60.00
CERTIFICATION EXAMS ARE HELD IN JUNE / SEPTEMBER / DECEMBER.
To learn more or register for an upcoming exam go to: www.isaca.org/certifications
CRISC Review Questions, Answers & Explanations Manual
Non-member: US $80.00
Product Code: CRQ4ED
4 Edition
Available in Spanish
th
CRISC
gonquin Road | Suite 1010
Meadows, IL 60008 | USA
47.253.1545
Print
Member: US $35.00
Non-member: US $60.00
Product Code: APT
eBook
Free member download
Product Code: WAPT
Order online at isaca.org/bookstore Order online at isaca.org/bookstore
Risk Resources
BESTSELLER!
CIO Best Practices: Enabling Strategic Value with Fraud Prevention and Detection: Warning Signs Risk Assessment and Decision Analysis with
Information Technology, 2nd Edition The Security Risk Assessment Handbook: A and the Red Flag Systems Bayesian Networks
by Joseph P. Stenzel, Gary Cokins, Karl D. Schubert, Complete Guide for Performing Security Risk by Rodney T. Stamler, Hans J. Marschdorf, Mario Possamai by Norman Fenton and Martin Neil
Michael H. Hugos Assessments, 2nd Edition Lessons can be learned from major fraud cases. Whether Although many Bayesian Network (BN) applications
Anyone working in information technology today feels the by Douglas Landoll the victim is a company, public agency, nonprofit, are now in everyday use, BNs have not yet achieved
opportunities for creating and enabling lasting value. The Picking up where its bestselling predecessor left off, foundation, or charity, there is a high likelihood that many mainstream penetration. Focusing on practical real-world
CIO helps define those opportunities and turn them into The Security Risk Assessment Handbook: A Complete of these frauds could have been prevented or detected problem solving and model building, as opposed to
realities. Now in a second edition, CIO Best Practices is an Guide for Performing Security Risk Assessments, Second sooner if early Red Flag warning signs had been identified algorithms and theory, Risk Assessment and Decision
essential guide offering real-world practices used by CIOs Edition gives you detailed instruction on how to conduct and acted upon. Fraud Prevention and Detection: Analysis with Bayesian Networks explains how to
and other IT specialists who have successfully mastered a risk assessment effectively and efficiently. Supplying Warning Signs and the Red Flag System will enable incorporate knowledge with data to develop and use
the blend of business and IT responsibilities. For anyone wide-ranging coverage that includes security risk analysis, officers and directors, internal and external stakeholders, (Bayesian) causal models of risk that provide powerful
who wants to achieve better returns on their IT investments, mitigation, and risk assessment reporting, this updated as well as outside analysts to protect themselves and insights and better decision making.
CIO Best Practices, Second Edition presents the leadership edition provides the tools needed to solicit and review their organizations against fraud by effectively detecting,
skills and competencies required of a CIO addressing analyzing, and acting on early Red Flag warning signs. The book first establishes the basics of probability, risk, and
the scope and rigor of risk assessment proposals with
comprehensive enterprise strategic frameworks to fully Based on an empirically tested strategy, the Red Flag building and using BN models, then goes into the detailed
competence and confidence.
leverage IT resources. System reflects the authors’ more than 100 years combined applications. The underlying BN algorithms appear in
Trusted to assess security for leading organizations and experience in the investigation of fraud in high-profile, global appendices rather than the main text since there is no need
This practical resource provides best practice guidance on government agencies, including the CIA, NSA, and NATO, cases in North America, Africa, Europe, and the Far East. to understand them to build and use BN models. Keeping
the key responsibilities of the CIOs and their indispensable Douglas Landoll unveils the little-known tips, tricks, and the body of the text free of intimidating mathematics, the
executive leadership role in modern enterprises of all techniques used by savvy security professionals in the field. This book’s no-nonsense approach empowers those book provides pragmatic advice about model building to
sizes and industries. It is the most definitive and important He details time-tested methods to help you: charged with protecting organizations to stop these frauds ensure models are built efficiently.
collection of best practices for achieving and exercising before the organization’s livelihood is jeopardized or to
• Better negotiate the scope and rigor of security
strategic IT leadership for CIOs, those who intend to become mitigate damage when fraud has occurred. Member: US $70.00
assessments
CIOs, and those who want to understand the strategic Non-member: US $80.00
• Effectively interface with security assessment teams Product Code: 62CRC
importance of IT for the entire enterprise. Member: US $56.00
• Gain an improved understanding of final report Non-member: US $66.00
Member: US $70.00 recommendations Product Code: 61CRC
Non-member: US $80.00 • Deliver insightful comments on draft reports
Product Code: 54WCIO2
The book includes charts, checklists, and sample reports
to help you speed up the data gathering, analysis, and
document development process. Walking you through the
process of conducting an effective security assessment,
it provides the tools and up-to-date understanding you
need to select the security measures best suited to your
organization.
Member: US $84.00
Non-member: US $94.00
Product Code: 59CRC
ISACA KEEPS ME
fraud tool kit with two sets of customizable scripts to
serve your specific audit needs • An overview of risk assessment, mitigation and
• Case studies and sample data files that you can use management approaches and methodologies
MORE INFORMED.”
to try out the tests • Processes for developing a repeatable program for
• Step-by-step instructions on how to run the tests technological issues and human resources
• A self-study course on ACL script development with • Definitions of key concepts and security standards in
exercises, data files and suggested answers the area of risk management
• Analytical techniques for assessing the amount of risk — OPEYEMI ONIFADE, CISA, CISM, CGEIT
The tool kit also contains 12 utility scripts and a self-study and the benefit of risk remediation PRACTICE LEADER, AFENOID ENTERPRISE, LTD
course on ACL scripting which, includes exercises, data ABUJA, NIGERIA
• Information on the development and implementation ISACA MEMBER SINCE 2010
files and proposed answers. Filled with screen shots, of a risk management team
flow charts, example data files descriptive commentary
highlighting explaining each step, and case studies offering Member: US $104.00 Connect with a global community of more than 140,000 innovators,
real-world examples of how the scripts can be used Non-member: US $114.00
to search for fraud it is the only tool kit you will need to
leaders and passionate professionals in IS and IT. Leverage
Product Code: 84WRM
harness the power of ACL to spot fraud. standards, best practices and expert insights into the rapidly evolving
IT landscape. Be more informed, inspired, skilled and successful
Member: US $211.00 every day of your career.
Non-member: US $221.00
Product Code: 82WACL
LIKE BOOKS?
Consider the real value of an ISACA membership.
Over 575 FREE e-Book downloads available Need CPEs? For less than $200 annually*,
for ISACA members, including: membership also offers over 70 FREE CPE
• Advanced Persistent Threats: How to hours each year—Well more than the required
Manage the Risk to your Business 40 annual hours needed to maintain your
certification at an unbeatable price.
• Risk Scenarios: Using COBIT® 5 for Risk
And hundreds MORE! *Contingent on regional chapter dues. More than 90% of all
ISACA memberships are under $200.
E-mail: bookstore@isaca.org
Tel: +1.847.660.5650
Fax: +1.847.253.1443