Course Description
Certified in Risk and Information Systems Control (CRISC) certification training helps organizations to understand business risk, and have the technical expertise to implement appropriate Information Systems or IS
controls. CRISC increases your value to your organization as it seeks to manage IT risk.
The CRISC certification covers five important modules namely, Risk Management and Information Systems Control, Risk Response, Risk Monitoring, Information Systems Control Design and Implementation, and Information Systems Control Maintenance and Monitoring. These five modules cover all major aspects of risk management that are to be known to IT professionals to handle their roles after completion of the certification exam.
Prerequisites
There is no eligibility criteria for the CRISC examination. However, in order to apply for the exam, the candidate must have 3 years of cumulative work experience in performing the tasks in at least three CRISC domains.
Target Audience
CRISC certification training is helpful for anyone who wants to improve their skills and become part of their organization’s success. Through this training course, you will learn risk management and acquire skills that will benefit you throughout your career.
Course Content
1. RISK MANAGEMENT AND INFORMATION SYSTEMS CONTROL CANDIDATES WILL
• Differentiate between risk management and risk governance
• Identify the roles and responsibilities for risk management
• Identify relevant standards, frameworks and practices
• Explain the meaning of key risk management concepts, including risk appetite and risk tolerance
• Differentiate between threats and vulnerabilities
• Apply risk identification, classification, quantitative / qualitative assessment and evaluation techniques
• Describe the key elements of the risk register
• Describe risk scenario development tools and techniques
• Help develop and support risk awareness training tools and techniques
• Relate risk concepts to risk assessment
2. RISK RESPONSE CANDIDATES WILL
• List various parameters for risk response selection
• List the different risk response options
• Describe risk responses may be most suitable for a high-level risk scenario
• Describe how exception management relates to risk management
• Monitor existing risk
• Report noncompliance and other changes in information risk
• Describe how residual risk relates to inherent risk and risk appetite
• Describe the need for performing a cost-benefit analysis when determining a risk response
• Describe the attributes of a business case to support project management
• Identify standards, frameworks and leading practices related to risk response
3. RISK MONITORING CANDIDATES WILL
As a result of completing this chapter, the CRISC candidate should be able to:
• Explain the principles of risk ownership
• List common risk and compliance reporting requirements, tools and techniques
• Describe various risk assessment methodologies
• Differentiate between key performance indicators and Key Risk Indicators
• Describe, at a high level, data extraction; aggregation; and, analysis tools and techniques
• Differentiate between various types of processes to review organization’s risk monitoring process
• List various standards, frameworks, and practices related to risk monitoring
4. INFORMATION SYSTEMS CONTROL DESIGN AND IMPLEMENTATION CANDIDATES WILL
• List different control categories and their effects
• Judge control strength
• Explain the importance of balancing control cost and benefit
• Leverage understanding of the SDLC process to implement IS controls efficiently and effectively
• Differentiate between the four high-level stages of the SDLC
• Relate each SDLC phase to specific tasks and objectives
• Apply core project management tools and techniques to the implementation of IS controls
5. INFORMATION SYSTEMS CONTROL MAINTENANCE AND MONITORING CANDIDATES WILL
• Describe the purpose and levels of a maturity model as it applies to the risk management process
• Compare different monitoring tools and techniques
• Describe various testing and assessment tools and techniques
• Explain how monitoring of IS controls relates to applicable laws and regulations
• Understand the need for control maintenance
