Certified in Risk and Information Systems Control (CRISC)

Course Overview

1 - Introduction to IT Risk Management

• Governance and Risk management
• The Context of IT Risk Management
• Key Concepts of Risk
• Risk in Relation to Other Business Functions
• IT Risk Management Good Practices

2 - IT Risk Identification

• Risk Capacity, Risk Appetite and Risk Tolerance
• Risk Culture and Communication
• Elements of Risk
• Information Security Risk Concepts and Principles
• The IT Risk Strategy of the Business
• IT Concepts and Areas of Concern for the Risk Practitioner
• Methods of Risk Identification
• IT Risk Scenarios
• Ownership and Accountability
• The IT Risk Register
• Risk Awareness

3 - IT Risk Assessment

• Risk Assessment Techniques
• Analyzing Risk Scenarios
• Current State of Controls
• Changes in the Risk Environment
• Project and Program Management
• Risk and Control Analysis
• Risk Analysis Methodologies
• Risk Ranking
• Documenting Risk Assessments

4 - Risk Response and Mitigation

• Aligning Risk Response with Business Objectives
• Risk Response Options
• Analysis Techniques
• Vulnerabilities Associated with New Controls
• Developing a Risk Action Plan
• Business Process Review Tools and Techniques
• Control Design and Implementation
• Control Monitoring and Effectiveness
• Types of Risk
• Control Activities, Objectives, Practices and Metrics
• Systems Control Design and Implementation
• Impact of Emerging Technologies on Design and Implementation of Controls
• Control Ownership
• Risk management Procedures and Documentation

5 - Risk and Control Monitoring and Reporting

• Key Risk Indicators
• Key Performance Indicators
• Data Collection and Extraction Tools and Techniques
• Monitoring Controls
• Control Assessment Types
• Results of Control Assessments
• Changes to the IT Risk Profile

Course Comments

For the Official Version of this course see KT-ISACA