The CRISC course is designed for those who have experience with risk identification, assessment, and
evaluation; risk response; risk monitoring; information systems control design and implementation; and
information systems control monitoring and maintenance.
COURSE OUTLINE
1 - INTRODUCTION TO IT RISK
MANAGEMENT
Governance and Risk management
The Context of IT Risk Management
Key Concepts of Risk
Risk in Relation to Other Business Functions
IT Risk Management Good Practices
2 - IT RISK ASSESSMENT
Risk Capacity, Risk Appetite and Risk Tolerance
Risk Culture and Communication
Elements of Risk
Information Security Risk Concepts and Principles
The IT Risk Strategy of the Business
IT Concepts and Areas of Concern for the Risk Practitioner
Methods of Risk Identification
IT Risk Scenarios
Ownership and Accountability
The IT Risk Register
Risk Awareness
3 - IT RISK ASSESSMENT
Risk Assessment Techniques
Analyzing Risk Scenarios
Current State of Controls
Changes in the Risk Environment
Project and Program Management
Risk and Control Analysis
Risk Analysis Methodologies
Risk Ranking
Documenting Risk Assessments
4 - RISK RESPONSE AND MITIGATION
Aligning Risk Response with Business Objectives
Risk Response Options
Analysis Techniques
Vulnerabilities Associated with New Controls
Developing a Risk Action Plan
Business Process Review Tools and Techniques
Control Design and Implementation
Control Monitoring and Effectiveness
Types of Risk
Control Activities, Objectives, Practices and Metrics
Systems Control Design and Implementation
Impact of Emerging Technologies on Design and Implementation of Controls
Control Ownership
Risk management Procedures and Documentation
5 - RISK AND CONTROL MONITORING AND
REPORTING
Key Risk Indicators
Key Performance Indicators
Data Collection and Extraction Tools and Techniques
Monitoring Controls
Control Assessment Types
Results of Control Assessments
Changes to the IT Risk Profile