Certified In Risk And Information Systems Control | CRISC

CRISC by ISACA is a certification course offered by Infosavvy that recognizes the knowledge and training in the field of Risk Management for IT sectors. This course can help IT security professionals with a visible marketer of experience and knowledge for enterprise and financial sectors.

There are 4 domains which further divides the areas of risk management:

• Identifying risks.
• Assessing risks.
• Responding to and mitigating risks.
• Controlling, monitoring and reporting about risks.

Within these domains, CRISC measures an individual’s ability to deal with risks in an enterprise business and to use information system controls.

The ISACA® Certified in Risk and Information Systems Control™ is the fastest growing and the most prestigious qualification available for Information Security managers and Risk Manager. The CRISC certification is for the individual, who manages designs, oversees and/or assesses an enterprise’s information security & Risk Management.

CRISC defines the core competencies and international standards of performance that risk managers are expected to master. It provides executive management with the assurance that those who have earned their CRISC have the experience and knowledge to offer effective risk management and advice.

This 4-day training program provides an intense environment in which participants will acquire the skills and knowledge needed to meet the requirements of the CRISC certification.

Upon completion of this program, students will be able to:

• Demonstrate efficiency in designing, implementing, monitoring and maintaining the IS controls of the enterprise
• Acquire the relevant knowledge and skills required to clear the CRISC certification exam
• Develop a working knowledge of the 4 domains areas as prescribed by ISACA

Outline:

• Risk Identification
• It Risk Management Good Practices
• Methods to identify RiskRisk Culture and Communication
• The Busines IT Risk Strategy
• Information Security Risk Concepts and Principles
• Threats and Vulnerabilities Related to Assets
• Risk Related to organizational Assets and Business Processes
• It Risk Scenarios
• Ownership and Accountability
• The IT Risk Register
• Risk Capacity, Risk appetite and Risk Tolerance
• Risk Awarenes
• Risk Assessment
• Risk Identification Versus Risk Assesment
• Risk Assessment Techniques
• Analyzing Risk Scenarios
• Current State of Controls
• Risk and Control analysis
• Risk Analysis Methodologies
• Documenting Incident Response
• Business-Related Risk
• Risk Associated With Enterprise Architecture
• Data Management
• New Threats and Vulnerabilities
• Emerging Technologies
• Industry trends
• Third-party Management
• Project and Program Management
• Business Continuity and Disaster Recovery Management
• Exception Management Practices
• IT Risk Assessment Report
• Risk Ownership and Accountability
• Communicating the IT Risk Assessment Results
• Risk Response
• Aligning Risk Response With Business Objectives
• Risk Response Options
• Analysis Techniques
• Vulnerabilities Associates With New Controls
• Devloping a Risk Action Plan
• Business Process Review Tools and Techniques
• Control Design and Implementation
• Control Monitoring and Effectiveness
• Characteristics of Inherent and Residual Risk
• Control Activities,Objectives,Practices and Metrics
• Systems Control Design and Implementation
• Impact of Emerging Tchnologies on Design and Implementation of Controls
• Control Ownership
• Risk Management Procedures and Documentation
• Risk Response and the Risk action Plan
• Risk and Control Monitoring And Reporting
• Key risk Indicators
• Data Collection and Extraction Tools and Techniques
• Changes to the IT Risk Profile
• Monitoring Controls
• Controls Assessment Types
• Results of Controls Assessments
• Changes to the IT Risk Profile