CRISC Examination Preparation Course

ISACA’s Certified in Risk and Information Systems Control (CRISC) certification is one of the unique and only credentials focused on enterprise IT risk management. CRISC is ideal to prove skills and knowledge in using governance best practices and continuous risk monitoring and reporting. enhance business resilience and stakeholder value and gain increased credibility with peers, stakeholders, and regulators.

This course covers the complete curriculum of CRISC and aims to provide deep knowledge on risk governance, risk assessment, risk treatment, risk monitoring and reporting.

This course prepares candidate in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders.

Upon completion of this course, the candidate will:

• be ready for CRISC Certification and will appear for it confidently
• increase knowledge and expertise as a risk professional
• be able to manage IT risk effectively in your organization
• be able to perform risk identification, risk analysis and risk evaluation in highly effective manner
• be able to visualize risk landscape for any given infrastructure or organization
• be able to plan, execute, scrutinize, and retain information systems controls

Curriculum:

• Domain 1: Governance
• Organizational Governance
• Organizational Strategy, Goals, and Objectives
• Organizational Structure, Roles, and Responsibilities
• Organizational Culture
• Policies and Standards
• Business Processes
• Organizational Assets
• Risk Governance
• Enterprise Risk Management and Risk Management Framework
• Three Lines of Defense
• Risk Profile
• Risk Appetite and Risk Tolerance
• Legal, Regulatory, and Contractual Requirements
• Professional Ethics of Risk Management
• Domain 2: IT Risk Assessment
• IT Risk Identification
• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development
• IT Risk Analysis and Evaluation
• Risk Assessment Concepts, Standards, and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk
• Domain 3: Risk Response and Reporting
• Risk Response
• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding, and Exception Management
• Management of Emerging Risk
• Control Design and Implementation
• Control Types, Standards, and Frameworks
• Control Design, Selection, and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
• Risk Monitoring and Reporting
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis, and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)
• Domain 4: Information Technology and Security
• Information Technology Principles
• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies
• Information Security Principles
• Information Security Concepts, Frameworks, and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles

Prerequisites:

• Understanding on IT Infrastructure, computer science fundamentals and networking terminologies.
• It could be an advantage if candidate has some basic understanding about different levels in organization hierarchy, responsibilities of senior management and their accountability in ownership of Information Systems/processes.
• Familiarity with day-to-day information Security terminologies, however not mandatory because it will be covered in day 1 of training.