CRISC – Certified in Risk and Information Systems Control
Course designed to assist and enhance the study process, this course will focus on identifying and evaluating entity-specific risk, understanding enterprises business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls. Each of the CRISC job domains will be discussed and attendees will become familiar with the CRISC exam question format.
- COURSE TYPE
- COURSE NUMBER
- COURSE ACCREDITED BY
You Will Learn How To
help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk based, efficient and effective IS controls Important Course Information
Day 1 – Risk Management and Information Systems Control
- Differentiate between risk management and risk governance
- Identify the roles and responsibilities for risk management
- Identify relevant standards, frameworks and practices
- Explain the meaning of key risk management concepts, including risk appetite and risk tolerance
- Differentiate between threats and vulnerabilities
- Apply risk identification, classification, quantitative / qualitative assessment and evaluation techniques
- Describe the key elements of the risk register
- Describe risk scenario development tools and techniques
- Help develop and support risk awareness training tools and techniques
- Relate risk concepts to risk assessment
Day 2 – Risk Response
- List various parameters for risk response selection
- List the different risk response options
- Describe risk responses may be most suitable for a high-level risk scenario
- Describe how exception management relates to risk management
- Monitor existing risk.
- Report noncompliance and other changes in information risk
- Describe how residual risk relates to inherent risk and risk appetite
- Describe the need for performing a cost-benefit analysis when determining a risk response
- Describe the attributes of a business case to support project management
- Identify standards, frameworks and leading practices related to risk response
Day 3 – Risk Monitoring
- As a result of completing this chapter, the CRISC candidate should be able to:
- Explain the principles of risk ownership.
- List common risk and compliance reporting requirements, tools and techniques.
- Describe various risk assessment methodologies.
- Differentiate between key performance indicators and Key Risk Indicators.
- Describe, at a high level, data extraction; aggregation; and, analysis tools and techniques.
- Differentiate between various types of processes to review organization’s risk monitoring process.
- List various standards, frameworks, and practices related to risk monitoring.
Day 4 – Information Systems Control Design and Implementation
- List different control categories and their effects
- Judge control strength.
- Explain the importance of balancing control cost and benefit.
- Leverage understanding of the SDLC process to implement IS controls efficiently and effectively.
- Differentiate between the four high-level stages of the SDLC.
- Relate each SDLC phase to specific tasks and objectives.
- Apply core project management tools and techniques to the implementation of IS controls.
Day 5 – Information Systems Control Maintenance and Monitoring
- Describe the purpose and levels of a maturity model as it applies to the risk management process.
- Compare different monitoring tools and techniques.
- Describe various testing and assessment tools and techniques.
- Explain how monitoring of IS controls relates to applicable laws and regulations
- Understand the need for control maintenance.
In The Classroom
Private Team Training
Indiviual Private Session
Please Register for More Information