Incluzion

Certified In Risk And Information Systems Control (CRISC)

Certified In Risk And Information Systems Control (CRISC)

Certified Risk and Information Systems Control (CRISC) Course Overview

Certified in Risk and Information Systems Control (CRISC) training is designed to help information security professionals, who identify and manage risks through the development, implementation and maintenance of information systems controls to prepare for the CRISC certification exam.

Prerequisites

While there are no prerequisites to attend this course, please be aware that this is an exam preparation course, and all attendees are expected to have a basic understanding of the CRISC job practice knowledge domains.

Certified Risk and Information Systems Control (CRISC) Course Overview

  • Rated Outstanding by many Certified Risk Management Information System Professionals.
  • Learn Risk Identification, Risk Assessment, Risk Control and Response with CRISC Course.
  • CRISC Certification Exam Preparation Course Includes Training Materials, & Great Trainers.

Certified Risk and Information Systems Control (CRISC) Course Outline

Domain 1: Governance

Module 1: Organisational Governance

  • Organisational Strategy, Goals and Objectives
  • Organisational Structure, Roles and Responsibilities
  • Organisational Culture
  • Policies and Standards
  • Business Process Review
  • Organisational Assets

Module 2: Risk Governance

  • Enterprise Risk Management and Risk Management Frameworks
  • Three Lines of Defence
  • Risk Profile
  • Risk Appetite, Tolerance and Capacity
  • Legal, Regulatory and Contractual Requirements
  • Professional Ethics of Risk Management

Domain 2: IT Risk Assessment

Module 3: IT Risk Identification

  • Risk Events
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development

Module 4: IT Risk Analysis, Evaluation and Assessment

  • Risk Assessment Concepts, Standards and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current Risk

Domain 3: Risk Response and Reporting

Module 5: Risk Response

  • Risk and Control Ownership
  • Risk Treatment/Risk Response Options
  • Third Party Risk Management
  • Issue, Finding and Expectation Management
  • Management of Emerging Risk

Module 6: Control, Design and Implementation

  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation

Module 7: Risk Monitoring and Reporting

  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring Techniques
  • Key Performance Indicators
  • Key Risk Indicators
  • Key Control Indicators

Domain 4: Information Technology and Security

Module 8: Information Technology Principles

  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Enterprise Resiliency
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Trends in Technology

Module 9: Information Security Principles

  • Information Security Concepts, Frameworks and Standards
  • Information Security Awareness Training
  • Data Privacy and Principles of Data Protection

What will the attendees aim to learn/gain from attending this course?

The training typically covers topics such as risk management, information systems control design and implementation, monitoring and maintenance of information systems controls, and information systems control audit and assurance.

What does the course cover? / Topics

Domain 1 – Governance
Domain 2 – IT Risk Assessment
Domain 3 – Risk Response and Reporting
Domain 4 – Information Technology and Security