Certified In Risk And Information Systems Control (CRISC)

The Certified Risk Information Systems Control training course provides delegates with valuable technical skills, which ensure success and prosperity in the realm of IT security. The CRISC certification is a powerful manifestation of proficiency and expertise regarding various areas of risk. As well as this, CRISC demonstrates a commitment to IT security operations and enterprises, and a willingness to deliver quality within their profession. The demand for CRISC qualified individuals is ever-growing, and CRISC has been established as one of the most desirable and preferable IT security certifications worldwide.

During this 3-day training course, delegates will become knowledgeable of the methods and processes associated with risk identification, risk analysis, responding to risk, and controlling risk. Consequently, individuals will acquire experience in determining and evaluating specific risks and will learn how to achieve business objectives via the design, implementation, observation, and preservation of risk-based, competent information security disciplines. As well as this, delegates will discover how to address challenges that they may encounter in the field of IT and will be able to adapt CRISC principles to their own organisation.

Preparation for the CRISC examination will be a primary focus throughout this training course. Delegates will explore all four areas of the CRISC exam, and candidates will also be provided with a complete revision programme consisting of knowledge assessments, discussions, exercises, and model questions.

This training course will focus on the four domains of Certified Risk Information Systems Control. The course outline encompasses:

• An Introduction to CRISC
• Course Objectives
• About CRISC
• CRISC Domain Overview
• CRISC Value

Domain 1: Risk Identification

• Risk Identification Objectives
• Risk Identification Overview
• Concepts of IT Risk
• Risk Management Standards
• Risk Identification Frameworks
• Assets
• Threats
• Vulnerabilities
• Elements of Risk
• Penetration Testing
• COBIT 5
• ISO
• Risk Scenarios
• Communicating Risk
• Risk Awareness
• Organisational Structures and Culture
• Risk within the Enterprise
• Compliance
• Principles of Risk
• Conclusion

Domain 2: Risk Assessment

• Risk Assessment Objectives
• Risk Assessment Overview
• Risk Assessment Techniques
• Risk Assessment Analysis
• Methodologies
• Control Assessment
• Risk Evaluation and Impact Assessment
• Risk and Control Analysis
• Third Party Management
• System Development Lifecycle
• Developing Technologies
• Enterprise Architecture
• Conclusion

Domain 3: Risk Response and Mitigation

• Risk Response and Mitigation Objectives
• Risk Response and Mitigation Overview
• Risk Response Options
• Response Analysis
• Risk Response Plans
• Control Objectives and Practices
• Control Ownership
• Systems Control Design Implementation
• Control and Countermeasures
• Business Continuity
• Disaster Recovery
• Risk Accountability
• Inherent and Residual Risk
• Conclusion

Domain 4: Risk and Control Monitoring and Reporting

• Risk and Control Monitoring and Reporting Objectives
• Risk and Control Monitoring and Reporting Overview
• Key Risk Indicators (KRIs)
• Data Collection
• Monitoring Controls
• Control Assessments
• Penetration Testing
• Vulnerability Assessments
• Third Party Assurance
• Maturity Model Assessment
• Techniques for Improvement
• Capability Maturity Model
• IT Risk Profile
• Conclusion

This teaching will be supported by discussion sessions and exercises to enhance delegate’s understanding and enable them to master the material. There will also be final exam preparation and delegates will have the opportunity to attempt practice questions.