CRISC – Certified in Risk and Information Systems Control
COURSE OVERVIEW
Types of risk may vary, but with its key role as an agent of innovation, technology has become the most critical risk factor for today’s enterprises. Since, conducting a risk assessment is not something a typical information technology education includes, many IT professionals are lacking in knowledge that businesses increasingly deem integral to their future success.
The CRISC designation demonstrates the holder is able to identify and evaluate IT risk and help their enterprise accomplish its business objectives. Since its inception in 2010, more than 20,000 professionals worldwide have earned the CRISC to affirm their business and IT risk management competence, and their ability to design, implement, monitor and maintain effective, risk-based information systems controls.
- CRISC certification ensures you are recognized as a professional with the skills and experience to provide value and insight from an overall organizational perspective on both IT risk and control.
- One of the key CRISC domains focuses on the organizational framework for managing and mitigating risk across business processes and technology.
- CRISC holders are able to establish a common language to communicate within IT and to stakeholders throughout the enterprise about risk.
- With CRISC certification, your enterprise can rely on your input to make effective risk-based decisions and prioritize resources to areas that are most at risk.
- With the CRISC certification you will understand information systems control design and implementation and control monitoring and maintenance.
- CRISC certification affirms your ability to plan and implement appropriate control measures and frameworks that further mitigate enterprise risk without stifling innovation.
WHAT YOU’LL LEARN
Students will master the four CRISC domains:
- IT Risk Identification
- IT Risk Assessment
- Risk Response and Mitigation
- Risk Control, Monitoring, and Reporting
PREREQUISITES
At least three years cumulative work experience performing tasks across at least three of the CRISC domains is recommended.
WHO SHOULD ATTEND
- IT Risk Management Professionals
- Control and Assurance Professionals
- CIOs
- CISOs
CRISC Training Benefits for Individuals
- Certify your knowledge of how to manage IT enterprise risk
- Prove your extensive knowledge and experience
- Unlock new IT career opportunities
- CRISC is the only certification that prepares IT professionals for IT and enterprise risk management positions
- CRISC is the second highest paying certification on the market*
CRISC Training Benefits for Businesses
- Ensure your risk management and control professionals meet the gold standard
- Improve your ability to cope with and manage IT risk
- Establish a common language for talking about risk throughout the enterprise
- Increase trust from customers and partners
- Prove your commitment to strong information system security
Certified Risk and Information Systems Control (CRISC) Course Outline:
This training course will focus on the four domains of Certified Risk Information Systems Control. The course outline encompasses:
- An Introduction to CRISC
- Course Objectives
- About CRISC
- CRISC Domain Overview
- CRISC Value
Domain 1: Risk Identification
- Risk Identification Objectives
- Risk Identification Overview
- Concepts of IT Risk
- Risk Management Standards
- Risk Identification Frameworks
- Assets
- Threats
- Vulnerabilities
- Elements of Risk
- Penetration Testing
- COBIT 5
- ISO
- Risk Scenarios
- Communicating Risk
- Risk Awareness
- Organisational Structures and Culture
- Risk within the Enterprise
- Compliance
- Principles of Risk
- Conclusion
Domain 2: Risk Assessment
- Risk Assessment Objectives
- Risk Assessment Overview
- Risk Assessment Techniques
- Risk Assessment Analysis
- Methodologies
- Control Assessment
- Risk Evaluation and Impact Assessment
- Risk and Control Analysis
- Third Party Management
- System Development Lifecycle
- Developing Technologies
- Enterprise Architecture
- Conclusion
Domain 3: Risk Response and Mitigation
- Risk Response and Mitigation Objectives
- Risk Response and Mitigation Overview
- Risk Response Options
- Response Analysis
- Risk Response Plans
- Control Objectives and Practices
- Control Ownership
- Systems Control Design Implementation
- Control and Countermeasures
- Business Continuity
- Disaster Recovery
- Risk Accountability
- Inherent and Residual Risk
- Conclusion
Domain 4: Risk and Control Monitoring and Reporting
- Risk and Control Monitoring and Reporting Objectives
- Risk and Control Monitoring and Reporting Overview
- Key Risk Indicators (KRIs)
- Data Collection
- Monitoring Controls
- Control Assessments
- Penetration Testing
- Vulnerability Assessments
- Third Party Assurance
- Maturity Model Assessment
- Techniques for Improvement
- Capability Maturity Model
- IT Risk Profile
- Conclusion
This teaching will be supported by discussion sessions and exercises to enhance the delegate’s understanding and enable them to master the material. There will also be final exam preparation and delegates will have the opportunity to attempt practice questions.
Course Features
- Lectures 0
- Quizzes 0
- Duration 24 hours
- Skill level All levels
- Language English
- Students 0
- Assessments Yes