3 Day

The CRISC course is designed for those who have experience with risk identification, assessment, and evaluation; risk response; risk monitoring; information systems control design and implementation; and information systems control monitoring and maintenance.

TARGET AUDIENCE

The CRISC credential is intended for risk and control professionals, including:

  • IT professionals
  • Risk professionals
  • Control professionals
  • Business analysts
  • Project managers
  • Compliance professionals

Course Outline

At the end of this course, students will be able to:

1 - INTRODUCTION TO IT RISK MANAGEMENT

  • Governance and Risk management
  • The Context of IT Risk Management
  • Key Concepts of Risk
  • Risk in Relation to Other Business Functions
  • IT Risk Management Good Practices

 

2 - IT RISK ASSESSMENT

  • Risk Capacity, Risk Appetite and Risk Tolerance
  • Risk Culture and Communication
  • Elements of Risk
  • Information Security Risk Concepts and Principles
  • The IT Risk Strategy of the Business
  • IT Concepts and Areas of Concern for the Risk Practitioner
  • Methods of Risk Identification
  • IT Risk Scenarios
  • Ownership and Accountability
  • The IT Risk Register
  • Risk Awareness

3 - IT RISK ASSESSMENT

  • Risk Assessment Techniques
  • Analyzing Risk Scenarios
  • Current State of Controls
  • Changes in the Risk Environment
  • Project and Program Management
  • Risk and Control Analysis
  • Risk Analysis Methodologies
  • Risk Ranking
  • Documenting Risk Assessments

4 - RISK RESPONSE AND MITIGATION

  • Aligning Risk Response with Business Objectives
  • Risk Response Options
  • Analysis Techniques
  • Vulnerabilities Associated with New Controls
  • Developing a Risk Action Plan
  • Business Process Review Tools and Techniques
  • Control Design and Implementation
  • Control Monitoring and Effectiveness
  • Types of Risk
  • Control Activities, Objectives, Practices and Metrics
  • Systems Control Design and Implementation
  • Impact of Emerging Technologies on Design and Implementation of Controls
  • Control Ownership
  • Risk management Procedures and Documentation

 

5 - RISK AND CONTROL MONITORING AND REPORTING

  • Key Risk Indicators
  • Key Performance Indicators
  • Data Collection and Extraction Tools and Techniques
  • Monitoring Controls
  • Control Assessment Types
  • Results of Control Assessments
  • Changes to the IT Risk Profile