Certified in Risk and Information Systems Control (CRISC)

Course Description

Certified in Risk and Information Systems Control (CRISC)is a registered trademark and course developed by ISACA and the most globally recognized certification towards risk professionals designed to excel risk assessments tasks such as managing the IT risks, design, implementation, monitoring and maintenance of IS controls.

CRISC course and certification exam ensure professional’s to demonstrate their capabilities and expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.

The course is designed purposely to give participants an idea to decide how valuable the CRISC is, and understand to attain the certification.

This course is based on guidelines to cover the below following topics / domains and provide participants a curve in there preparation of CRISC Exam.

  • Domain 1 - IT Risk Identification
  • Domain 2 - IT Risk Assessment
  • Domain 3 - Risk Response and Mitigation
  • Domain 4 - Risk Control Monitoring and Reporting

This preparation course focuses on risk identification, assessment, response, control monitoring techniques and develops understanding needed to strategies, implement, observe and preserve IS controls for enterprises.

By attending this course, professionals will get a comprehensive review to identifying, assessing and evaluating entity-specific and organizational risk as well as how to help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective information systems control.

Upon successful passing the CISSP Exam, professional will gain the skills and knowledge necessary to:

  • Learn effectively prepare and enact strategic and focused plans to mitigate risk.
  • Learn to create the baseline for risk management within their organizations.
  • Learn the execution of the IT risk management strategy
  • Learn to analyze and evaluate IT risk to determine the likelihood and impact on business objectives.
  • Learn to determine risk response options and evaluate the effectiveness to manage risk.
  • Continuously monitor and report on IT risk and controls.

Who Should Attend

This program is intended for professionals who have at least 3 years of experience in professional-level risk control and management The program is ideal for those working in positions such as, but not limited to -

  • IT Auditors / Manager, Security Consultant / Manager, IT Director / Manager, Systems Engineer / Analyst, CIO / CTO / CISO, Risk and Control Professional, Business Analyst, Project and Compliance Manager or anyone willing to learn IT and enterprise risk management

Course Duration

  • 32 Hours (4 Days * 8 Hours)

Course Content / Outline

Domain 1 - Risk Management

  • Collect and review environmental risk data
  • Identify potential vulnerabilities to people, processes and assets
  • Develop IT scenarios based on information and potential impact to the organization
  • Identify key stakeholders for risk scenarios
  • Establish risk register
  • Gain senior leadership and stakeholder approval of the risk plan
  • Collaborate to create a risk awareness program and conduct training

Domain 2 - IT Risk Assessment

  • Analyze risk scenarios to determine likelihood and impact
  • Identify current state of risk controls and their effectiveness
  • Determine gaps between the current state of risk controls and the desired state
  • Ensure risk ownership is assigned at the appropriate level
  • Communicate risk assessment data to senior management and appropriate stakeholders
  • Update the risk register with risk assessment data

Domain 3 - Risk Response and Mitigation

  • Align risk responses with business objectives
  • Develop consult with and assist risk owners with development risk action plans
  • Ensure risk mitigation controls are managed to acceptable levels
  • Ensure control ownership is appropriately assigned to establish accountability
  • Develop and document control procedures for effective control
  • Update the risk register
  • Validate that risk responses are executed according to risk action plans

Domain 4 - Risk and Control Monitoring and Reporting

  • Risk and control monitoring and reporting
  • Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
  • Determine the effectiveness of control assessments
  • Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile

Course related details