Scribd
Upload
455 views2 pages

CRISC Mindmaps CheatSheets

Uploaded by

er.vishal.g
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
455 views2 pages

CRISC Mindmaps CheatSheets

Uploaded by

er.vishal.g
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Domain 1: Governance

Focus: Aligning IT Risk with business strategy.

Key Elements:
• Risk Governance Framework
• Risk Appetite & Tolerance
• Roles & Responsibilities (Board, Risk Owners, Risk Practitioners)
• Policies, Standards, and Procedures
• Regulatory and Compliance Requirements

Cheat Sheet Keywords: Governance → Strategy → Risk Appetite → Accountability →


Compliance

Domain 2: IT Risk Assessment


Focus: Identifying, analyzing, and evaluating IT risks.

Key Elements:
• Risk Identification Techniques (interviews, workshops, data analysis)
• Threats, Vulnerabilities, and Events
• Risk Scenarios (ISACA methodology)
• Qualitative vs Quantitative Assessment
• Risk Analysis Tools (heat maps, risk registers, likelihood-impact matrices)
• Risk Prioritization & Communication

Cheat Sheet Keywords: Identify → Analyze → Evaluate → Prioritize → Communicate

Domain 3: Risk Response and Mitigation


Focus: Treating and managing identified risks.

Key Elements:
• Risk Response Options: Avoid, Mitigate, Transfer, Accept
• Designing Controls (preventive, detective, corrective)
• Cost-Benefit Analysis of Controls
• Risk Treatment Plans
• Residual Risk & Risk Acceptance Criteria
• Control Frameworks (COBIT, ISO 27001, NIST)

Cheat Sheet Keywords: Avoid → Mitigate → Transfer → Accept → Monitor

Domain 4: Risk and Control Monitoring &


Reporting
Focus: Continuous oversight and reporting.
Key Elements:
• KRIs (Key Risk Indicators) & KPIs (Key Performance Indicators)
• Control Monitoring Approaches (manual, automated, continuous monitoring)
• Metrics & Dashboards for reporting to stakeholders
• Risk Communication to executives/board
• Control Effectiveness Testing
• Lessons Learned & Improvement Cycle

Cheat Sheet Keywords: Monitor → Measure → Report → Improve

You might also like