Course Length: 3-days

Course Overview

The CRISC course is designed for those who have experience with risk identification, assessment, and evaluation; risk response; risk monitoring; information systems control design and implementation; and information systems control monitoring and maintenance.

Target Audience

The CRISC credential is intended for risk management and control professionals including:

  • IT professionals
  • Risk management professionals
  • Control professionals
  • Business analysts
  • Project managers
  • Compliance professionals

Course Outline

1 - INTRODUCTION TO IT RISK MANAGEMENT
  • Governance and Risk Management
  • The Context of IT Risk Management
  • Key Concepts of Risk Management
  • Risk in Relation to Other Business Functions
  • IT Risk Management Good Practices
2 - IT RISK ASSESSMENT
  • Risk Capacity, Risk Appetite and Risk Tolerance
  • Risk Culture and Communication
  • Elements of Risk Management
  • Information Security Risk Concepts and Principles
  • The IT Risk Strategy of the Business
  • IT Concepts and Areas of Concern for the Risk Practitioner
  • Methods of Risk Identification
  • IT Risk Scenarios
  • Ownership and Accountability
  • The IT Risk Register
  • Risk Awareness
3 - IT RISK ASSESSMENT
  • Risk Assessment Techniques
  • Analyzing Risk Scenarios
  • Current State of Controls
  • Changes in the Risk Environment
  • Project and Program Management
  • Risk and Control Analysis
  • Risk Analysis Methodologies
  • Risk Ranking
  • Documenting Risk Assessments
4 - RISK RESPONSE AND MITIGATION
  • Aligning Risk Response with Business Objectives
  • Risk Response Options
  • Analysis Techniques
  • Vulnerabilities Associated with New Controls
  • Developing a Risk Action Plan
  • Business Process Review Tools and Techniques
  • Control Design and Implementation
  • Control Monitoring and Effectiveness
  • Types of Risk
  • Control Activities, Objectives, Practices and Metrics
  • Systems Control Design and Implementation
  • Impact of Emerging Technologies on Design and Implementation of Controls
  • Control Ownership
  • Risk management Procedures and Documentation
5 - RISK AND CONTROL MONITORING AND REPORTING
  • Key Risk Indicators
  • Key Performance Indicators
  • Data Collection and Extraction Tools and Techniques
  • Monitoring Controls
  • Control Assessment Types
  • Results of Control Assessments
  • Changes to the IT Risk Profile