Certified in Risk and Information Systems Control (CRISC)

About this course

The ISACA Certified in Risk and Information Systems Control (CRISC) course is designed for professionals focused on enterprise risk management. The training covers the four domains of CRISC: IT Risk Identification, IT Risk Assessment, Risk Response and Mitigation, and Risk and Control Monitoring and Reporting. Participants will learn to identify and evaluate IT risks, develop and implement effective risk responses, and continuously monitor and report on risk and control metrics. The course includes practical exercises and scenarios to enhance understanding and application of risk management principles. Additionally, it prepares trainees for the CRISC certification exam, equipping them with the knowledge and skills necessary to manage IT risk and ensure compliance within their organizations.

Course Outline

Module 01: Governance

Organizational Governance

Organizational Strategy, Goals, and Objectives

Organizational Structure, Roles and Responsibilities

Organizational Culture

Policies and Standards

Business Processes

Organizational Assets

Risk Governance

Enterprise Risk Management and Risk Management Framework

Three Lines of Defense

Risk Profile

Risk Appetite and Risk Tolerance

Legal, Regulatory and Contractual Requirements

Professional Ethics of Risk Management

Module 02: IT Risk Assessment

It Risk Identification

Risk Events (e.g., contributing conditions, loss result)

Threat Modelling and Threat Landscape

Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)

Risk Scenario Development

It Risk Analysis and Evaluation

Risk Assessment Concepts, Standards and Frameworks

Risk Register

Risk Analysis Methodologies

Business Impact Analysis

Inherent and Residual Risk

Module 03: Risk Response and Reporting

Risk Response

Risk Treatment / Risk Response Options

Risk and Control Ownership

Third-Party Risk Management

Issue, Finding and Exception Management

Management of Emerging Risk

Control Design and Implementation

Control Types, Standards and Frameworks

Control Design, Selection and Analysis

Control Implementation

Control Testing and Effectiveness Evaluation

Risk Monitoring and Reporting

Risk Treatment Plans

Data Collection, Aggregation, Analysis and Validation

Risk and Control Monitoring Techniques

Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)

Key Performance Indicators

Key Risk Indicators (KRIs)

Key Control Indicators (KCIs)

Module 04: Information Technology and Security

Information Technology Principles

Enterprise Architecture

IT Operations Management (e.g., change management, IT assets, problems, incidents)

Project Management

Disaster Recovery Management (DRM)

Data Lifecycle Management

System Development Life Cycle (SDLC)

Emerging Technologies

Information Security Principles

Information Security Concepts, Frameworks and Standards

Information Security Awareness Training

Business Continuity Management

Data Privacy and Data Protection Principles

$ 150

Start Your Enrollment

}

Duration

40hrs



Module



Need Help?
Get instant support from our team



Chat on WhatsApp