CRISC – Certified in Risk and Information Systems Control
CRISC – Certified in Risk and Information Systems Control
Course designed to assist and enhance the study process, this course will focus on identifying and evaluating entity-specific risk, understanding enterprises business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls. Each of the CRISC job domains will be discussed and attendees will become familiar with the CRISC exam question format.
- COURSE TYPE
- COURSE NUMBER
- DURATION
- COURSE ACCREDITED BY
You Will Learn How To
help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk based, efficient and effective IS controls Important Course Information
Course Outline
–
COURSE OUTLINE
Day 1 – Risk Management and Information Systems Control
- Differentiate between risk management and risk governance
- Identify the roles and responsibilities for risk management
- Identify relevant standards, frameworks and practices
- Explain the meaning of key risk management concepts, including risk appetite and risk tolerance
- Differentiate between threats and vulnerabilities
- Apply risk identification, classification, quantitative / qualitative assessment and evaluation techniques
- Describe the key elements of the risk register
- Describe risk scenario development tools and techniques
- Help develop and support risk awareness training tools and techniques
- Relate risk concepts to risk assessment
Day 2 – Risk Response
- List various parameters for risk response selection
- List the different risk response options
- Describe risk responses may be most suitable for a high-level risk scenario
- Describe how exception management relates to risk management
- Monitor existing risk.
- Report noncompliance and other changes in information risk
- Describe how residual risk relates to inherent risk and risk appetite
- Describe the need for performing a cost-benefit analysis when determining a risk response
- Describe the attributes of a business case to support project management
- Identify standards, frameworks and leading practices related to risk response
Day 3 – Risk Monitoring
- As a result of completing this chapter, the CRISC candidate should be able to:
- Explain the principles of risk ownership.
- List common risk and compliance reporting requirements, tools and techniques.
- Describe various risk assessment methodologies.
- Differentiate between key performance indicators and Key Risk Indicators.
- Describe, at a high level, data extraction; aggregation; and, analysis tools and techniques.
- Differentiate between various types of processes to review organization’s risk monitoring process.
- List various standards, frameworks, and practices related to risk monitoring.
Day 4 – Information Systems Control Design and Implementation
- List different control categories and their effects
- Judge control strength.
- Explain the importance of balancing control cost and benefit.
- Leverage understanding of the SDLC process to implement IS controls efficiently and effectively.
- Differentiate between the four high-level stages of the SDLC.
- Relate each SDLC phase to specific tasks and objectives.
- Apply core project management tools and techniques to the implementation of IS controls.
Day 5 – Information Systems Control Maintenance and Monitoring
- Describe the purpose and levels of a maturity model as it applies to the risk management process.
- Compare different monitoring tools and techniques.
- Describe various testing and assessment tools and techniques.
- Explain how monitoring of IS controls relates to applicable laws and regulations
- Understand the need for control maintenance.
Modules:
-
In The Classroom
-
Live, Online
-
Private Team Training
-
Indiviual Private Session
Please Register for More Information