Certified In Risk And Information Systems Control (CRISC)
Certified Risk and Information Systems Control (CRISC) Course Overview
Certified in Risk and Information Systems Control (CRISC) training is designed to help information security professionals, who identify and manage risks through the development, implementation and maintenance of information systems controls to prepare for the CRISC certification exam.
Prerequisites
While there are no prerequisites to attend this course, please be aware that this is an exam preparation course, and all attendees are expected to have a basic understanding of the CRISC job practice knowledge domains.
Certified Risk and Information Systems Control (CRISC) Course Overview
- Rated Outstanding by many Certified Risk Management Information System Professionals.
- Learn Risk Identification, Risk Assessment, Risk Control and Response with CRISC Course.
- CRISC Certification Exam Preparation Course Includes Training Materials, & Great Trainers.
Certified Risk and Information Systems Control (CRISC) Course Outline
Domain 1: Governance
Module 1: Organisational Governance
- Organisational Strategy, Goals and Objectives
- Organisational Structure, Roles and Responsibilities
- Organisational Culture
- Policies and Standards
- Business Process Review
- Organisational Assets
Module 2: Risk Governance
- Enterprise Risk Management and Risk Management Frameworks
- Three Lines of Defence
- Risk Profile
- Risk Appetite, Tolerance and Capacity
- Legal, Regulatory and Contractual Requirements
- Professional Ethics of Risk Management
Domain 2: IT Risk Assessment
Module 3: IT Risk Identification
- Risk Events
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Scenario Development
Module 4: IT Risk Analysis, Evaluation and Assessment
- Risk Assessment Concepts, Standards and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent, Residual and Current Risk
Domain 3: Risk Response and Reporting
Module 5: Risk Response
- Risk and Control Ownership
- Risk Treatment/Risk Response Options
- Third Party Risk Management
- Issue, Finding and Expectation Management
- Management of Emerging Risk
Module 6: Control, Design and Implementation
- Control Types, Standards and Frameworks
- Control Design, Selection and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
Module 7: Risk Monitoring and Reporting
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis and Validation
- Risk and Control Monitoring Techniques
- Key Performance Indicators
- Key Risk Indicators
- Key Control Indicators
Domain 4: Information Technology and Security
Module 8: Information Technology Principles
- Enterprise Architecture
- IT Operations Management
- Project Management
- Enterprise Resiliency
- Data Life Cycle Management
- System Development Life Cycle
- Emerging Trends in Technology
Module 9: Information Security Principles
- Information Security Concepts, Frameworks and Standards
- Information Security Awareness Training
- Data Privacy and Principles of Data Protection
What will the attendees aim to learn/gain from attending this course?
The training typically covers topics such as risk management, information systems control design and implementation, monitoring and maintenance of information systems controls, and information systems control audit and assurance.
What does the course cover? / Topics
Domain 1 – Governance
Domain 2 – IT Risk Assessment
Domain 3 – Risk Response and Reporting
Domain 4 – Information Technology and Security