Cism crisc content overlap?

jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
For someone who has prepared for cissp, what would you is the content overlap between cism and crisc?
i am wondering if preparing for one will bring me within striking distance of the other? In other words can i hope to attempt both in 2 months? Please let me know your thoughts.

Comments

  • scascscasc Member Posts: 461 ■■■■■■■□□□
    You can do in the space of 2 months - I did. But go through the Database of questions/answers to understand the concepts. CRISC content is different to CISM. Security management v risk management.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • clarkincnetclarkincnet Member Posts: 256 ■■■□□□□□□□
    Many times you can replace the word "security" with the word "risk" and the question is the same. Governance questions are the same. The below helped me with Governance for both classes (I created a chart to visualize this):

    (which comes first) Governance -> Objectives -> Strategy -> Policy -> Standards -> Procedures -> Guidelines

    Governance has Balance Scorecard, Critical Success Factors
    Objectives have Key Goal Indicators and Risk Appetite is set at this level
    Strategy has Control Objectives and Acceptable levels of risk
    - Risk Appetite helps define Control Objectives and sets Acceptable Level of Risk.
    - Control Objectives are developed on Acceptable levels of Risk
    Policy has Key Performance Indicators and Controls are tied here.
    - Controls have Key Risk Indicators
    - Control Objectives are used to define Controls
    - Controls bring Residual Risk proportional to Risk Appetite
    Standards set Baselines
    - standards are "allowable boundaries"
    - standards are the primary means to determine if there is policy compliance
    - standards are a sound base for audit
    - Baselines manage Residual Risk
    - Baselines set a minimum level of controls
    Architecture is a physical implementation of Policy (articulates policy)
    Architecture creates a Road-map
    Architecture manages complexity
    Architecture enforces standards
    Road-map achieves Strategy
    Security Program also achieves Strategy
    Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!

    Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    scasc wrote: »
    You can do in the space of 2 months - I did. But go through the Database of questions/answers to understand the concepts. CRISC content is different to CISM. Security management v risk management.
    Thanks.
  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    clarkincnet
    Thanks so much for posting this. It is exactly what I am looking for - a **** sheet or sort of cism equivalent of Combined Notes pdf used for cissp exams. Found only one pdf so far and it seemed more like index than summary
    Many times you can replace the word "security" with the word "risk" and the question is the same. Governance questions are the same. The below helped me with Governance for both classes (I created a chart to visualize this):

    (which comes first) Governance -> Objectives -> Strategy -> Policy -> Standards -> Procedures -> Guidelines

    Governance has Balance Scorecard, Critical Success Factors
    Objectives have Key Goal Indicators and Risk Appetite is set at this level
    Strategy has Control Objectives and Acceptable levels of risk
    - Risk Appetite helps define Control Objectives and sets Acceptable Level of Risk.
    - Control Objectives are developed on Acceptable levels of Risk
    Policy has Key Performance Indicators and Controls are tied here.
    - Controls have Key Risk Indicators
    - Control Objectives are used to define Controls
    - Controls bring Residual Risk proportional to Risk Appetite
    Standards set Baselines
    - standards are "allowable boundaries"
    - standards are the primary means to determine if there is policy compliance
    - standards are a sound base for audit
    - Baselines manage Residual Risk
    - Baselines set a minimum level of controls
    Architecture is a physical implementation of Policy (articulates policy)
    Architecture creates a Road-map
    Architecture manages complexity
    Architecture enforces standards
    Road-map achieves Strategy
    Security Program also achieves Strategy
Sign In or Register to comment.