Cism crisc content overlap?

jaguaar · October 2017

For someone who has prepared for cissp, what would you is the content overlap between cism and crisc?
i am wondering if preparing for one will bring me within striking distance of the other? In other words can i hope to attempt both in 2 months? Please let me know your thoughts.

scasc · October 2017

You can do in the space of 2 months - I did. But go through the Database of questions/answers to understand the concepts. CRISC content is different to CISM. Security management v risk management.

clarkincnet · October 2017

Many times you can replace the word "security" with the word "risk" and the question is the same. Governance questions are the same. The below helped me with Governance for both classes (I created a chart to visualize this):

(which comes first) Governance -> Objectives -> Strategy -> Policy -> Standards -> Procedures -> Guidelines

Governance has Balance Scorecard, Critical Success Factors
Objectives have Key Goal Indicators and Risk Appetite is set at this level
Strategy has Control Objectives and Acceptable levels of risk
- Risk Appetite helps define Control Objectives and sets Acceptable Level of Risk.
- Control Objectives are developed on Acceptable levels of Risk
Policy has Key Performance Indicators and Controls are tied here.
- Controls have Key Risk Indicators
- Control Objectives are used to define Controls
- Controls bring Residual Risk proportional to Risk Appetite
Standards set Baselines
- standards are "allowable boundaries"
- standards are the primary means to determine if there is policy compliance
- standards are a sound base for audit
- Baselines manage Residual Risk
- Baselines set a minimum level of controls
Architecture is a physical implementation of Policy (articulates policy)
Architecture creates a Road-map
Architecture manages complexity
Architecture enforces standards
Road-map achieves Strategy
Security Program also achieves Strategy

jaguaar · October 2017

scasc wrote: »

You can do in the space of 2 months - I did. But go through the Database of questions/answers to understand the concepts. CRISC content is different to CISM. Security management v risk management.

Thanks.

jaguaar · October 2017

clarkincnet
Thanks so much for posting this. It is exactly what I am looking for - a **** sheet or sort of cism equivalent of Combined Notes pdf used for cissp exams. Found only one pdf so far and it seemed more like index than summary

clarkincnet wrote: »

Many times you can replace the word "security" with the word "risk" and the question is the same. Governance questions are the same. The below helped me with Governance for both classes (I created a chart to visualize this):

(which comes first) Governance -> Objectives -> Strategy -> Policy -> Standards -> Procedures -> Guidelines

Governance has Balance Scorecard, Critical Success Factors
Objectives have Key Goal Indicators and Risk Appetite is set at this level
Strategy has Control Objectives and Acceptable levels of risk
- Risk Appetite helps define Control Objectives and sets Acceptable Level of Risk.
- Control Objectives are developed on Acceptable levels of Risk
Policy has Key Performance Indicators and Controls are tied here.
- Controls have Key Risk Indicators
- Control Objectives are used to define Controls
- Controls bring Residual Risk proportional to Risk Appetite
Standards set Baselines
- standards are "allowable boundaries"
- standards are the primary means to determine if there is policy compliance
- standards are a sound base for audit
- Baselines manage Residual Risk
- Baselines set a minimum level of controls
Architecture is a physical implementation of Policy (articulates policy)
Architecture creates a Road-map
Architecture manages complexity
Architecture enforces standards
Road-map achieves Strategy
Security Program also achieves Strategy

Cism crisc content overlap?

Comments