Information Technology

CRISC Certified in Risk and Information Systems Control

Instructor-Led 9 Agenda

What You'll Learn

At course completions, students will understand the essential concepts in the 4 ISACA CRISC domains:
Governance
IT Risk Assessment
Risk Response and Reporting
Information Technology and Security

Description

This 3 Day CRISC course is geared towards preparing students to pass the ISACA Certified in Risk and Information Systems Control examination. The course covers all four of the CRISC domains, and each section corresponds directly to the CRISC job practice. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders.

Who Should Attend

This course is ideal for
Professionals preparing to become CRISC certified.
Risk practitioners
Students or recent graduates

Course Overview

Course Agenda

9 Title

Course Agenda 9

Lesson Id	Title	Description
1	GOVERNANCE - a. Organizational Governance	Organizational Strategy, Goals, and Objectives<br />Organizational Structure, Roles, and Responsibilities<br />Organizational Culture<br />Policies and Standards<br />Business Processes<br />Organizational Assets
2	GOVERNANCE - b. Risk Governance	Enterprise Risk Management and Risk Management Framework<br />Three Lines of Defense<br />Risk Profile<br />Risk Appetite and Risk Tolerance<br />Legal, Regulatory, and Contractual Requirements<br />Professional Ethics of Risk Management
3	IT RISK ASSESSMENT - a. IT Risk Identification	Risk Events (e.g., contributing conditions, loss result)<br />Threat Modelling and Threat Landscape<br />Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)<br />Risk Scenario Development
4	IT RISK ASSESSMENT - b. IT Risk Analysis and Evaluation	Risk Assessment Concepts, Standards, and Frameworks<br />Risk Register<br />Risk Analysis Methodologies<br />Business Impact Analysis<br />Inherent and Residual Risk
5	RISK RESPONSE AND REPORTING - a. Risk Response	Risk Treatment / Risk Response Options<br />Risk and Control Ownership<br />Third-Party Risk Management<br />Issue, Finding, and Exception Management<br />Management of Emerging Risk
6	RISK RESPONSE AND REPORTING - b. Control Design and Implementation	Control Types, Standards, and Frameworks<br />Control Design, Selection, and Analysis<br />Control Implementation<br />Control Testing and Effectiveness Evaluation
7	RISK RESPONSE AND REPORTING - c. Risk Monitoring and Reporting	Risk Treatment Plans<br />Data Collection, Aggregation, Analysis, and Validation<br />Risk and Control Monitoring Techniques<br />Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)<br />Key Performance Indicators<br />Key Risk Indicators (KRIs)<br />Key Control Indicators (KCIs)
8	INFORMATION TECHNOLOGY AND SECURITY - a. Information Technology Principles	Enterprise Architecture<br />IT Operations Management (e.g., change management, IT assets, problems, incidents)<br />Project Management<br />Disaster Recovery Management (DRM)<br />Data Lifecycle Management<br />System Development Life Cycle (SDLC)<br />Emerging Technologies
9	INFORMATION TECHNOLOGY AND SECURITY - b. Information Security Principles	Information Security Concepts, Frameworks, and Standards<br />Information Security Awareness Training<br />Business Continuity Management<br />Data Privacy and Data Protection Principles

GOVERNANCE - a. Organizational Governance

Organizational Strategy, Goals, and Objectives
Organizational Structure, Roles, and Responsibilities
Organizational Culture
Policies and Standards
Business Processes
Organizational Assets

GOVERNANCE - b. Risk Governance

Enterprise Risk Management and Risk Management Framework
Three Lines of Defense
Risk Profile
Risk Appetite and Risk Tolerance
Legal, Regulatory, and Contractual Requirements
Professional Ethics of Risk Management

IT RISK ASSESSMENT - a. IT Risk Identification

Risk Events (e.g., contributing conditions, loss result)
Threat Modelling and Threat Landscape
Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
Risk Scenario Development

IT RISK ASSESSMENT - b. IT Risk Analysis and Evaluation

Risk Assessment Concepts, Standards, and Frameworks
Risk Register
Risk Analysis Methodologies
Business Impact Analysis
Inherent and Residual Risk

RISK RESPONSE AND REPORTING - a. Risk Response

Risk Treatment / Risk Response Options
Risk and Control Ownership
Third-Party Risk Management
Issue, Finding, and Exception Management
Management of Emerging Risk

RISK RESPONSE AND REPORTING - b. Control Design and Implementation

Control Types, Standards, and Frameworks
Control Design, Selection, and Analysis
Control Implementation
Control Testing and Effectiveness Evaluation

RISK RESPONSE AND REPORTING - c. Risk Monitoring and Reporting

Risk Treatment Plans
Data Collection, Aggregation, Analysis, and Validation
Risk and Control Monitoring Techniques
Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
Key Performance Indicators
Key Risk Indicators (KRIs)
Key Control Indicators (KCIs)

INFORMATION TECHNOLOGY AND SECURITY - a. Information Technology Principles

Enterprise Architecture
IT Operations Management (e.g., change management, IT assets, problems, incidents)
Project Management
Disaster Recovery Management (DRM)
Data Lifecycle Management
System Development Life Cycle (SDLC)
Emerging Technologies

INFORMATION TECHNOLOGY AND SECURITY - b. Information Security Principles