From the course: CRISC Cert Prep: 2 IT Risk Assessment
Join today to access over 25,300 courses taught by industry experts.
Evaluate control effectiveness
From the course: CRISC Cert Prep: 2 IT Risk Assessment
Evaluate control effectiveness
- [Instructor] I mentioned in an earlier video that the mere presence of a control doesn't necessarily negate or minimize the risk. In addition to performing a gap analysis, there are a few more ways that you can determine the actual impact your controls have on your risk scores. You're going to be sifting through considerable amounts of data while performing your IT risk assessments. But how certain are you that you can trust that data? There's a related discipline around data analysis that can help you make sure your data is both comprehensive and accurate. Three approaches that ISACA recommends are cause and effect analysis, fault tree analysis, and sensitivity analysis. When you perform cause and effect analysis, you start by identifying the problem and then you brainstorm all the factors and potential root causes related to the problem. Once you've jotted this all down, often in a fishbone diagram, you start putting…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.