Course Summary

The Certified in Risk and Information Systems Control (CRISC) course is tailored for IT professionals seeking to master risk identification, assessment, and evaluation; risk response strategies; and ongoing risk monitoring. The course also covers the design, implementation, and maintenance of Information Systems (IS) controls.

Achieving the CRISC certification validates a professional’s expertise in identifying and evaluating enterprise-specific risks, while also equipping them to help organizations achieve their business objectives through the design, implementation, monitoring, and maintenance of effective, risk-based IS controls.

Key topics include:
• Governance
• IT Risk Assessment
• Risk Response and Reporting
• Information Technology and Security

Module 1—Governance

ORGANIZATIONAL GOVERNANCE A
• Organizational Strategy, Goals, and Objectives
• Organizational Structure, Roles, and Responsibilities
• Organizational Culture
• Policies and Standards
• Business Processes
• Organizational Assets

RISK GOVERNANCE B
• Enterprise Risk Management and Risk Management Framework
• Three Lines of Defense
• Risk Profile
• Risk Appetite and Risk Tolerance
• Legal, Regulatory, and Contractual Requirements
• Professional Ethics of Risk Management

Module 2—IT Risk Assessment

IT RISK IDENTIFICATION A
• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development

IT RISK ANALYSIS AND EVALUATION B
• Risk Assessment Concepts, Standards, and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk

Module 3—Risk Response and Reporting

RISK RESPONSE A
• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding, and Exception Management
• Management of Emerging Risk

CONTROL DESIGN AND IMPLEMENTATION B
• Control Types, Standards, and Frameworks
• Control Design, Selection, and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation

RISK MONITORING AND REPORTING C
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis, and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)

Module 4—Information Technology and Security

INFORMATION TECHNOLOGY PRINCIPLES A
• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies

INFORMATION SECURITY PRINCIPLES B
• Information Security Concepts, Frameworks, and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles

There is no prerequisite to take the CRISC exam; however, in order to apply for CRISC certification you must meet the necessary experience requirements as determined by ISACA In order to get your CRISC certification, you must: • pass the CRISC exam • adhere to the Code of Professional Ethics • adhere to the Continuing Professional Education (CPE) Policy • have at least three years of cumulative work experience performing the tasks of a CRISC professional across at least two of the four CRISC domains - of these two required domains, one must be in either Domain 1 or 2. There are no experience waivers or substitutions allowed. You may take the exam prior to meeting the requirements, but your CRISC designation is only awarded, when all requirements are met. Experience must have been gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the examination.

Exam Details: Duration: 4 hours Number of questions: 150 multiple choice The CRISC exam measures your knowledge of the four domains. Here is the percentage of questions that will appear on the exam, from each domain: Domain 1— Governance (26%) Domain 2— IT Risk Assessment (20%) Domain 3— Risk Response and Reporting (32%) Domain 4— Information Technology and Security (22%) In order to get your CRISC certification, you must: • pass the CRISC exam • adhere to the Code of Professional Ethics • adhere to the Continuing Professional Education (CPE) Policy • have at least three years of cumulative work experience performing the tasks of a CRISC professional across at least two of the four CRISC domains - of these two required domains, one must be in either Domain 1 or 2. There are no experience waivers or substitutions allowed. You may take the exam prior to meeting the requirements, but your CRISC designation is only awarded, when all requirements are met. Experience must have been gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the examination. Once a CRISC candidate has passed the CRISC certification exam and has met the work experience requirements, the final step is to complete and submit the CRISC Application for Certification.

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Questions About This Course?