Certified in Risk and Information Systems Control (CRISC)

• Educational Background: There are no specific educational prerequisites for this course. However, prior knowledge of IT governance and risk management is beneficial.
   

• Professional Experience: The CRISC certification requires at least 3 years of cumulative work experience across at least two CRISC domains (Risk Identification, Risk Assessment, Risk Response, Risk Monitoring, or IT Controls).
   

• Language Proficiency: Learners should have a good command of English, as the course materials and CRISC certification exam are conducted in English.

• Develop Risk Management Expertise: Gain a thorough understanding of IT risk management principles and methodologies.
   
• Master Risk Mitigation and Control Strategies: Learn to design, implement, and maintain effective IT controls.
   
• Enhance Risk Monitoring Skills: Acquire the ability to evaluate and monitor risk effectively to ensure organisational resilience.
   
• Build Communication and Reporting Skills: Develop techniques for clear communication and reporting of risk-related insights.

The CRISC Training Course is tailored for professionals aiming to enhance their expertise in IT risk management and achieve CRISC certification. It equips learners with advanced skills, methodologies, and tools to manage IT risks effectively and align IT initiatives with business goals. Below are the individuals who will benefit from this course:

• IT Risk Managers
• Information Security Professionals
• Compliance Officers
• IT Audit Managers
• IT Consultants
• Governance and Risk Professionals

Domain 1: Governance
 

Module 1: Organisational Governance

• Organisational Strategy, Goals, and Objectives
• Organisational Structure, Roles, and Responsibilities
• Organisational Culture
• Policies and Standards
• Business Process Review
• Organisational Assets
   

Module 2: Risk Governance

• Enterprise Risk Management and Risk Management Frameworks
• Three Lines of Defence
• Risk Profile
• Risk Appetite, Tolerance and Capacity
• Legal, Regulatory and Contractual Requirements
• Professional Ethics of Risk Management

Domain 2: IT Risk Assessment
 

Module 3: IT Risk Identification

• Risk Events
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis
• Risk Scenario Development
   

Module 4: IT Risk Analysis, Evaluation and Assessment

• Risk Assessment Concepts, Standards, and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent, Residual, and Current Risk
   

Domain 3: Risk Response and Reporting
 

Module 5: Risk Response

• Risk and Control Ownership
• Risk Treatment/Risk Response Options
• Third Party Risk Management
• Issue, Finding and Expectation Management
• Management of Emerging Risk
   

Module 6: Control, Design and Implementation

• Control Types, Standards, and Frameworks
• Control Design, Selection, and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
   

Module 7: Risk Monitoring and Reporting

• Risk Treatment Plans
• Data Collection, Aggregation, Analysis, and Validation
• Risk and Control Monitoring Techniques
• Key Performance Indicators
• Key Risk Indicators
• Key Control Indicators
   

Domain 4: Information Technology and Security
 

Module 8: Information Technology Principles

• Enterprise Architecture
• IT Operations Management
• Project Management
• Enterprise Resiliency
• Data Life Cycle Management
• System Development Life Cycle
• Emerging Trends in Technology
   

Module 9: Information Security Principles

• Information Security Concepts, Frameworks, and Standards
• Information Security Awareness Training
• Data Privacy and Principles of Data Protection