Certified in Risk and Information Systems Control (CRISC) Certification

The Certified in Risk and Information Systems Control (CRISC) course in India is a certification program designed for IT professionals who have experience in managing risk and IT systems controls.

The Certified in Risk and Information Systems Control (CRISC) course covers the knowledge and skills necessary to identify, assess, and manage risk and the implementation of information systems controls.

Certified in Risk and Information Systems Control (CRISC) ding of the risk management process and the critical role that IT plays in that process. Upon completion of the Certified in Risk and Information Systems Control (CRISC) course, participants may sit for the CRISC certification exam and earn the CRISC designation.

Course Content:

• 1. Governance
• • Organizational Governance
• - Organizational Strategy, Goals, and Objectives
• - Organizational Structure, Roles and Responsibilities
• - Organizational Culture
• - Policies and Standards
• - Business Processes
• - Organizational Assets
• • Risk Governance
• - Enterprise Risk Management and Risk Management Framework
• - Three Lines of Defense
• - Risk Profile
• - Risk Appetite and Risk Tolerance
• - Legal, Regulatory and Contractual Requirements
• - Professional Ethics of Risk Management
• 2. IT Risk Assessment
• • IT Risk Identification
• - Risk Events (e.g., contributing conditions, loss result)
• - Threat Modelling and Threat Landscape
• - Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• - Risk Scenario Development
• • IT Risk Analysis and Evaluation
• - Risk Assessment Concepts, Standards and Frameworks
• - Risk Register
• - Risk Analysis Methodologies
• - Business Impact Analysis
• - Inherent and Residual Risk
• 3. Risk Response and Reporting
• • Risk Response
• - Risk Treatment / Risk Response Options
• - Risk and Control Ownership
• - Third-Party Risk Management
• - Issue, Finding and Exception Management
• - Management of Emerging Risk
• • Control Design and Implementation
• - Control Types, Standards and Frameworks
• - Control Design, Selection and Analysis
• - Control Implementation
• - Control Testing and Effectiveness Evaluation
• • Risk Monitoring and Reporting
• - Risk Treatment Plans
• - Data Collection, Aggregation, Analysis and Validation
• - Risk and Control Monitoring Techniques
• - Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• - Key Performance Indicators
• - Key Risk Indicators (KRIs)
• - Key Control Indicators (KCIs)
• 5. Information Technology and Security
• • Information Technology Principles
• - Enterprise Architecture
• - IT Operations Management (e.g., change management, IT assets, problems,
• incidents)
• - Project Management
• - Disaster Recovery Management (DRM)
• - Data Lifecycle Management
• - System Development Life Cycle (SDLC)
• - Emerging Technologies
• • Information Security Principles
• - Information Security Concepts, Frameworks and Standards
• - Information Security Awareness Training
• - Business Continuity Management
• - Data Privacy and Data Protection Principles

Target Audience:

• Audit Partners/Heads 
• CIOs/CISOs 
• Chief Compliance/Privacy/Risk Officers 
• Security Managers/Directors/Consultants 
• IT Directors/Managers/Consultants 
• Audit Directors/Managers/Consultant