Course Summary
The Certified in Risk and Information Systems Control (CRISC) course is tailored for IT professionals seeking to master risk identification, assessment, and evaluation; risk response strategies; and ongoing risk monitoring. The course also covers the design, implementation, and maintenance of Information Systems (IS) controls.
Achieving the CRISC certification validates a professional’s expertise in identifying and evaluating enterprise-specific risks, while also equipping them to help organizations achieve their business objectives through the design, implementation, monitoring, and maintenance of effective, risk-based IS controls.
Key topics include:
• Governance
• IT Risk Assessment
• Risk Response and Reporting
• Information Technology and Security
Module 1—Governance
ORGANIZATIONAL GOVERNANCE A
• Organizational Strategy, Goals, and Objectives
• Organizational Structure, Roles, and Responsibilities
• Organizational Culture
• Policies and Standards
• Business Processes
• Organizational Assets
RISK GOVERNANCE B
• Enterprise Risk Management and Risk Management Framework
• Three Lines of Defense
• Risk Profile
• Risk Appetite and Risk Tolerance
• Legal, Regulatory, and Contractual Requirements
• Professional Ethics of Risk Management
Module 2—IT Risk Assessment
IT RISK IDENTIFICATION A
• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development
IT RISK ANALYSIS AND EVALUATION B
• Risk Assessment Concepts, Standards, and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk
Module 3—Risk Response and Reporting
RISK RESPONSE A
• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding, and Exception Management
• Management of Emerging Risk
CONTROL DESIGN AND IMPLEMENTATION B
• Control Types, Standards, and Frameworks
• Control Design, Selection, and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
RISK MONITORING AND REPORTING C
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis, and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)
Module 4—Information Technology and Security
INFORMATION TECHNOLOGY PRINCIPLES A
• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies
INFORMATION SECURITY PRINCIPLES B
• Information Security Concepts, Frameworks, and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles
Other Popular Courses
Next Generation Mindfulness
- Duration: 1 Days
- Language: English
- Level: Foundation
- Exam: NGM
Nutanix Multicloud Infrastructure Design (NMC...
- Duration: 1 Days
- Language: English
- Level: Advanced
- Exam: Nutanix Certifi
CertNexus: CyberSec First Responder (CFR)
- Duration: 5 Days
- Language: English
- Level: Advanced
- Exam: CFR-410