Study material generic cover image

Summary CRISC Review Manual 6th Edition

- Isaca
ISBN-10 1604203714 ISBN-13 9781604203714
155 Flashcards & Notes
Scroll down to see the PDF preview!
  • This summary
  • +380.000 other summaries
  • A unique study tool
  • A rehearsal system for this summary
  • Studycoaching with videos
Remember faster, study better. Scientifically proven.
Trustpilot Logo

A snapshot of the summary - CRISC Review Manual 6th Edition Author: Isaca ISBN: 9781604203714

  • 3 Risk Response and Mitigation (section 2)

  • 3.2 Risk response options

  • What is the purpose of defining a risk response?
    To bring risk in line with the defined risk tolerance of the organization as cost-effective as possible, not to eliminate or minimize the risk at all costs.
  • 3.2.1 Risk acceptance

  • Who makes the decision to accept risk?
    Senior management, in according to the risk appetite and risk tolerance set by senior management, because they are responsible for the impact of a risk event should it occur.
  • What is the goal of risk management?
    Bring risk within acceptable levels as cost-effectively.
  • What risks should be accepted?
    Risks that fall within the organizational risk appetite.
  • Name examples of risk acceptance as a result of risk tolerance.
    1. No controls are available
    2. The costs of the controls would outweigh their benefit
  • What helps the risk practitioner to estimate the true likely incident costs?
    1. Careful review of actuarial data 
    2. The outcomes of similar incidents at other organizations and their resulting impact
  • 3.2.2 Risk mitigation

  • Name examples of risk mitigation.
    1. Strengthening overall risk management practices, such as risk management processes.
    2. Deploying new technical, management or operational controls.
    3. Installing a new access control system.
    4. Implementing policies or operational procedures.
    5. Developing an effective incident response and business continuity plan (BCP)
    6. Using compensating controls
  • 3.2.3 Risk transfer (sharing)

  • What is risk transfer?
    A decision to reduce loss by having another organization incur the cost.
  • Name 2 examples of risk transfer.
    1. Insurance
    2. Partnership
  • Why is risk transfer not a complete absolution of blame?
    Long-term costs, like reputational damages ae rarely covered by insurances, for example in case of a data breach.
Read the full summary
This summary. +380.000 other summaries. A unique study tool. A rehearsal system for this summary. Studycoaching with videos.
  • Higher grades + faster learning
  • Don't study anything twice
  • 100% sure, 100% understanding
Discover Study Smart

The following topics are covered in this summary