Pre-Requisites

At least three years cumulative work experience performing tasks across at least three of the CRISC domains is recommended. Cybersecurity Specialization: Governance, Risk, and Compliance

Lessons

In this course, you’ll cover all four domains of the ISACA Certified in Risk and Information Systems Control (CRISC) exam and gain the knowledge and concepts required to obtain CRISC certification. Since its inception in 2010, the CRISC certification is designed for IT and business professionals who identify and manage risks through the development, implementation, and maintenance of appropriate information systems (IS) controls.

Along with our custom course material, you will receive an assessment exam and a free copy of the CRISC Review Manual.

WHAT YOU'LL LEARN

Students will master the four CRISC domains:

• IT Risk Identification
• IT Risk Assessment
• Risk Response and Mitigation
• Risk Control, Monitoring, and Reporting

OUTLINE

Module 1: Introduction to the ISACA CRISC Exam

• Class Overview
• CRISC Domains
• Test Registration

Module 2: Risk Identification

• Good Practices for Risk Management
• Components of Risk Management
• Methods for Risk Identification
• Risk Culture and Communication
• The Businesses IT Risk Structure
• Risk Principles and Concepts
• Vulnerabilities and Threats
• Assets
• Threats
• Vulnerabilities
• Vulnerability Assessment
• Pen Testing
• Probability/Likelihood
• IT Risk
• IT Risk Scenarios
• Ownership and Accountability
• Other Risk Concepts
• Risk Awareness

Module 3: IT Risk Assessment

• Risk Assessment vs. Risk Identification
• Techniques for Risk Assessment
• Risk Scenarios
• Analyzing the Current State of Controls
• Risk and Control Analysis
• Risk Analysis Techniques
• Incident Response
• Business Risk
• Risk Associated with Enterprise Architecture
• Management of Data
• Emerging Technologies and Threats
• Industry Trends
• Third Party Management
• Project and Program Management
• SDLC
• Recovery and Business Continuity
• Risk Assessment Reports
• Ownership of Risk and Accountability
• Communication of Report Results

Module 4: Risk Response

• Risk Response and Business Objectives Alignment
• Response Options
• Techniques for Analysis
• New Controls and Related Vulnerabilities
• A Risk Action Plan
• Techniques for BPR
• Design and Implementation of Controls
• Control Monitoring
• Inherent and Residual Risk
• Control Objectives Practices and Metrics
• Cryptography as a Control
• Control Design and Implementation
• Emerging Technologies and Controls
• Ownership of Controls
• Management Procedures and Documentation
• Response and Action Plan

Module 5: Risk and Control Monitoring and Reporting

• Key Risk Indicators
• Risk Management Life Cycle
• Key Performance and Goal Indicators
• Data Collection and Extracting Techniques
• Changes in Risk Profile
• Monitoring Controls
• Control Assessment Types
• Control Assessment Results
• Risk Profile Changes

Module 6: Test Review

• Key Risk Indicators
• Test Review
• Test Registration
• Test Preparation
• Certification Maintenance

WHO SHOULD ATTEND

• IT Risk Management Professionals
• Control and Assurance Professionals
• CIOs
• CISOs

Cancellation Policy

We require 16 calendar days notice to reschedule or cancel any registration. Failure to provide the required notification will result in 100% charge of the course. If a student does not attend a scheduled course without prior notification it will result in full forfeiture of the funds and no reschedule will be allowed. Within the required notification period, only student substitutions will be permitted. Reschedules are permitted at anytime with 16 or more calendar days notice. Enrollments must be rescheduled within six months of the cancel date or funds on account will be forfeited.

Training Location

Online Classroom
your office

your city, your province
your country