CRISC Review UPDATED ACTUAL Questions and CORRECT Answers
1. Are we doing the right thing?
2. Are we doing them the right way?
Governance answers what four Questions
3. Are we going them well?
4. Are we getting the benefits?
This is done for the Enterprise to determine the controls needed to mitigate
risk and integrate in the the business process.
Establish and Maintain a common risk view
is for what and why? This sets the tone of the business regarding how to determine and accepted
level of tolerance. This is the life cycle for regular reporting and review process
and oversees the operations of risk management
This enforces holistic ERM (Enterprise Risk Management) approach. This
includes: all departments, functions, systems and GEO locations.
Why should you integrate risk management
into the Enterprise?
This is the authority that is required for all business processes that undergo
analysis or when a change is made whether internal or external.
To ensure the full function of governance and range of opportunities with the
Why do you make risk aware business
consequences for each decision that will impact the enterprise or the
decisions?
environment.
For oversight and due diligence. For mitigating risk and ensuring the
What are the Risk Management controls to
protection of the organization with the implemented and monitoring controls
be implemented and operating correctly?
that are effective.
IT Risk Identification
What is the process of he Risk Management IT Risk Assessment
Life Cycle? Risk Response & Mitigation
Risk & Control Monitoring & Report
, If the BCP (Business Continuity Plan) is inadequate or inaccurate, the
organization/enterprise may not meet their goals for recovery after an
incident. This is where the IT Risk Management connections with Business
Risk & Business Continuity
Continuity. IT Risk Management and the Business ensure that all functions are
organized and are meeting the firms missions and goals to reduces risk to an
acceptable level and mitigate any failures that occur in timely fashion.
Risk associates with Audit to ensure that the effectiveness of the Control
Framework. This helps with Legislation, Government oversight and Media
Risk & Audit scrutiny. All IS (information systems) auditors are required to be: objective,
skilled, and independent. They should be able to assess, identify, document
and provide recommendations for risks, vulnerabilities and addressed issues.
This drives the selection of controls and justifies the initial and continued
Risk & Information Security operations. Every control should be traceable back to specific risk that the
control is designed to mitigate. Types of risk: Control, Project & Change
The risk that a material error exists that would not be prevented or detected
Control Risk
on a timely basis by the system of internal control.
A structured set of activities concerned with delivering a defined capability
Project Risk (that is necessary, but not sufficient, to achieve a required business outcome)
to the enterprise, based on agreed-on schedule and budget.
Risk that is not static, changes in the technology, regulations, business
processes, functionality, architecture, users and other variables that affect the
Change Risk
business and technical environments of the organization may affect the levels
of risk associated with system operations.
1. Categorize Information Systems
2. Select Security Controls
What are the SIX NIST Risk Management 3. Implement Security Controls
Framework Steps? 4. Assess Security Controls
5. Authorize Information Systems
6. Monitor Security Control
1.1 Which of the following business D. AVAILABILITY relates to information being available when required by the
requirements BEST relates to the need for business process - now and in the future. Resilience is the ability to provide
resilient business and information system and maintain an acceptable level of service during disasters or when casing
processes? operational challenges.
A. Effectiveness
B. Confidentiality
C. Integrity
D. Availability
1.2 Which of the following Statements BEST B. Risk registers serve as the main reference for all risk-related information,
describes the value of a risk register? supporting risk-related decisions such as risk response activities and their
prioritization.
A. It captures the Risk inventory.
B. It drives the risk response plan.
C. It is a risk reporting tool.
D. It lists internal and external risk
1. Are we doing the right thing?
2. Are we doing them the right way?
Governance answers what four Questions
3. Are we going them well?
4. Are we getting the benefits?
This is done for the Enterprise to determine the controls needed to mitigate
risk and integrate in the the business process.
Establish and Maintain a common risk view
is for what and why? This sets the tone of the business regarding how to determine and accepted
level of tolerance. This is the life cycle for regular reporting and review process
and oversees the operations of risk management
This enforces holistic ERM (Enterprise Risk Management) approach. This
includes: all departments, functions, systems and GEO locations.
Why should you integrate risk management
into the Enterprise?
This is the authority that is required for all business processes that undergo
analysis or when a change is made whether internal or external.
To ensure the full function of governance and range of opportunities with the
Why do you make risk aware business
consequences for each decision that will impact the enterprise or the
decisions?
environment.
For oversight and due diligence. For mitigating risk and ensuring the
What are the Risk Management controls to
protection of the organization with the implemented and monitoring controls
be implemented and operating correctly?
that are effective.
IT Risk Identification
What is the process of he Risk Management IT Risk Assessment
Life Cycle? Risk Response & Mitigation
Risk & Control Monitoring & Report
, If the BCP (Business Continuity Plan) is inadequate or inaccurate, the
organization/enterprise may not meet their goals for recovery after an
incident. This is where the IT Risk Management connections with Business
Risk & Business Continuity
Continuity. IT Risk Management and the Business ensure that all functions are
organized and are meeting the firms missions and goals to reduces risk to an
acceptable level and mitigate any failures that occur in timely fashion.
Risk associates with Audit to ensure that the effectiveness of the Control
Framework. This helps with Legislation, Government oversight and Media
Risk & Audit scrutiny. All IS (information systems) auditors are required to be: objective,
skilled, and independent. They should be able to assess, identify, document
and provide recommendations for risks, vulnerabilities and addressed issues.
This drives the selection of controls and justifies the initial and continued
Risk & Information Security operations. Every control should be traceable back to specific risk that the
control is designed to mitigate. Types of risk: Control, Project & Change
The risk that a material error exists that would not be prevented or detected
Control Risk
on a timely basis by the system of internal control.
A structured set of activities concerned with delivering a defined capability
Project Risk (that is necessary, but not sufficient, to achieve a required business outcome)
to the enterprise, based on agreed-on schedule and budget.
Risk that is not static, changes in the technology, regulations, business
processes, functionality, architecture, users and other variables that affect the
Change Risk
business and technical environments of the organization may affect the levels
of risk associated with system operations.
1. Categorize Information Systems
2. Select Security Controls
What are the SIX NIST Risk Management 3. Implement Security Controls
Framework Steps? 4. Assess Security Controls
5. Authorize Information Systems
6. Monitor Security Control
1.1 Which of the following business D. AVAILABILITY relates to information being available when required by the
requirements BEST relates to the need for business process - now and in the future. Resilience is the ability to provide
resilient business and information system and maintain an acceptable level of service during disasters or when casing
processes? operational challenges.
A. Effectiveness
B. Confidentiality
C. Integrity
D. Availability
1.2 Which of the following Statements BEST B. Risk registers serve as the main reference for all risk-related information,
describes the value of a risk register? supporting risk-related decisions such as risk response activities and their
prioritization.
A. It captures the Risk inventory.
B. It drives the risk response plan.
C. It is a risk reporting tool.
D. It lists internal and external risk
