+ Reply to Thread
Results 1 to 5 of 5
  1. Member
    Join Date
    Sep 2017
    Posts
    50
    #1

    Default Cism crisc content overlap?

    For someone who has prepared for cissp, what would you is the content overlap between cism and crisc?
    i am wondering if preparing for one will bring me within striking distance of the other? In other words can i hope to attempt both in 2 months? Please let me know your thoughts.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jun 2016
    Posts
    109
    #2
    You can do in the space of 2 months - I did. But go through the Database of questions/answers to understand the concepts. CRISC content is different to CISM. Security management v risk management.
    Reply With Quote Quote  

  4. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #3
    Many times you can replace the word "security" with the word "risk" and the question is the same. Governance questions are the same. The below helped me with Governance for both classes (I created a chart to visualize this):

    (which comes first) Governance -> Objectives -> Strategy -> Policy -> Standards -> Procedures -> Guidelines

    Governance has Balance Scorecard, Critical Success Factors
    Objectives have Key Goal Indicators and Risk Appetite is set at this level
    Strategy has Control Objectives and Acceptable levels of risk
    - Risk Appetite helps define Control Objectives and sets Acceptable Level of Risk.
    - Control Objectives are developed on Acceptable levels of Risk
    Policy has Key Performance Indicators and Controls are tied here.
    - Controls have Key Risk Indicators
    - Control Objectives are used to define Controls
    - Controls bring Residual Risk proportional to Risk Appetite
    Standards set Baselines
    - standards are "allowable boundaries"
    - standards are the primary means to determine if there is policy compliance
    - standards are a sound base for audit
    - Baselines manage Residual Risk
    - Baselines set a minimum level of controls
    Architecture is a physical implementation of Policy (articulates policy)
    Architecture creates a Road-map
    Architecture manages complexity
    Architecture enforces standards
    Road-map achieves Strategy
    Security Program also achieves Strategy
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  5. Member
    Join Date
    Sep 2017
    Posts
    50
    #4
    Quote Originally Posted by scasc View Post
    You can do in the space of 2 months - I did. But go through the Database of questions/answers to understand the concepts. CRISC content is different to CISM. Security management v risk management.
    Thanks.
    Reply With Quote Quote  

  6. Member
    Join Date
    Sep 2017
    Posts
    50
    #5
    clarkincnet
    Thanks so much for posting this. It is exactly what I am looking for - a cheat sheet or sort of cism equivalent of Combined Notes pdf used for cissp exams. Found only one pdf so far and it seemed more like index than summary
    Quote Originally Posted by clarkincnet View Post
    Many times you can replace the word "security" with the word "risk" and the question is the same. Governance questions are the same. The below helped me with Governance for both classes (I created a chart to visualize this):

    (which comes first) Governance -> Objectives -> Strategy -> Policy -> Standards -> Procedures -> Guidelines

    Governance has Balance Scorecard, Critical Success Factors
    Objectives have Key Goal Indicators and Risk Appetite is set at this level
    Strategy has Control Objectives and Acceptable levels of risk
    - Risk Appetite helps define Control Objectives and sets Acceptable Level of Risk.
    - Control Objectives are developed on Acceptable levels of Risk
    Policy has Key Performance Indicators and Controls are tied here.
    - Controls have Key Risk Indicators
    - Control Objectives are used to define Controls
    - Controls bring Residual Risk proportional to Risk Appetite
    Standards set Baselines
    - standards are "allowable boundaries"
    - standards are the primary means to determine if there is policy compliance
    - standards are a sound base for audit
    - Baselines manage Residual Risk
    - Baselines set a minimum level of controls
    Architecture is a physical implementation of Policy (articulates policy)
    Architecture creates a Road-map
    Architecture manages complexity
    Architecture enforces standards
    Road-map achieves Strategy
    Security Program also achieves Strategy
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks