CRISC – Certified in Risk and Information Systems Control («CRISC»)

1 Governance

• Organizational Governance A
  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets
• Risk Governance B
  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management

2 IT Risk Assessment

• IT Risk Identification A
  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development
• IT Risk Analysis and Evaluation B
  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk

3 Risk Response and Reporting

• Risk Response A
  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding, and Exception Management
  • Management of Emerging Risk
• Control Design and Implementation B
  • Control Types, Standards, and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation
• Risk Monitoring and Reporting C
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)
  • Key Control Indicators (KCIs)

4 Information Technology and Security

• Information Technology Principles A
  • Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies
• Information Security Principles B
  • Information Security Concepts, Frameworks, and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles

• Presentation with official course materials
• Case studies and treatment of examples from practice

This course is aimed at IT managers, security officers, IT operations managers, IT security consultants, compliance officers, IT auditors and IT project managers. In short, anyone who is professionally involved in information systems security and wants to achieve the Certified in Risk and Information Systems Control (CRISC) certification.

Participants who wish to achieve CRISC certification must meet the following requirements:

• Successfully complete the CRISC exam.
• Adhere to ISACA's "Code of Professional Ethics".
• Agree to the "Continuing Education Policy".
• Have relevant professional experience in information security.
• Submit an application for CRISC certification.

For more information on requirements, visit Isaca.org

After attending the course, you can register for the exam directly with ISACA. The exam questions are listed in different languages. The exam cost is not included in the course price. For more information and to register for the exam, visit http://www.isaca.org.
 
Note: Different fees apply depending on when you register for the exam. Early registrants benefit from a price advantage! For more information please visit the isaca website

• Certified in Risk and Information Systems Control

ISACA does not endorse, approve, or sponsor Digicomp Academy, its CRISC course or any of its other products and/or services, nor is it affiliated with Digicomp Academy in any manner. CRISC is a registered trademark of the Information Systems Audit and Control Association.