CRISC Certification Training

Certified in Risk and Information System Control (CRISC) certification training program at Infosec Train is developed for those professionals who identify and manage the enterprise risks by implementing information system controls.

The training will help you understand the impacts of IT risks and gain technical expertise in implementing proper information security controls to confront the challenges posed by these risks.

CRISC certification at InfosecTrain prepares  IT professionals for enterprise risk management’s unique challenges. The training program enables them to become strategic partners to the enterprise.

CRISC is the most current and rigorous assessment available to evaluate IT professionals’ risk management proficiency and other employees within an enterprise or financial institute.

Those who earn CRISC help enterprises understand business risks and have the technical knowledge to implement appropriate IS controls.

Advantages of CRISC Certification:

• Denotes a prestigious, lifelong symbol of knowledge and expertise as a risk professional
• Increases your value to your organization as it seeks to manage IT risk
• Gives you a competitive advantage over peers when seeking job growth
• Gives you access to ISACA’s global community of knowledge and the most up-to-date thinking on IT risk management
• Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct

Learning Outcomes:

• 26% Domain 1 – Governance
• A: Organizational Governance
• Organizational Strategy, Goals, and Objectives
• Organizational Structure, Roles and Responsibilities
• Organizational Culture
• Policies and Standards
• Business Processes
• Organizational Assets
• B: Risk Governance
• Enterprise Risk Management and Risk Management Framework
• Three Lines of Defense
• Risk Profile
• Risk Appetite and Risk Tolerance
• Legal, Regulatory and Contractual Requirements
• Professional Ethics of Risk Management
• 20% Domain 2 – IT Risk Assessment
• A: IT Risk Identification
• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development
• B: IT Risk Analysis And Evaluation
• Risk Assessment Concepts, Standards and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk
• 32% Domain 3 – Risk Response And Reporting
• A: Risk Response
• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding and Exception Management
• Management of Emerging Risk
• B: Control Design And Implementation
• Control Types, Standards and Frameworks
• Control Design, Selection and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
• C: Risk Monitoring And Reporting
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)
• 22% Domain 4 – Information Technology And Security
• A: Information Technology Principles:
• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies
• B: Information Security Principles:
• Information Security Concepts, Frameworks and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles

Pre-requisites

• IT Risk Identification
• IT Risk Assessment
• Risk Response and Mitigation
• Risk and Control Monitoring and Reporting

Course Objectives:

• Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy.
• Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making.
• Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives.
• Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives.