The CRISC course is designed for those who have
experience with risk identification, assessment, and evaluation; risk
response; risk monitoring; information systems control design and
implementation; and information systems control monitoring and
maintenance.
COURSE OUTLINE
1 - INTRODUCTION TO IT RISK MANAGEMENT
Governance and Risk management
The Context of IT Risk Management
Key Concepts of Risk
Risk in Relation to Other Business Functions
IT Risk Management Good Practices
2 - IT RISK ASSESSMENT
Risk Capacity, Risk Appetite and Risk Tolerance
Risk Culture and Communication
Elements of Risk
Information Security Risk Concepts and Principles
The IT Risk Strategy of the Business
IT Concepts and Areas of Concern for the Risk Practitioner
Methods of Risk Identification
IT Risk Scenarios
Ownership and Accountability
The IT Risk Register
Risk Awareness
3 - IT RISK ASSESSMENT
Risk Assessment Techniques
Analyzing Risk Scenarios
Current State of Controls
Changes in the Risk Environment
Project and Program Management
Risk and Control Analysis
Risk Analysis Methodologies
Risk Ranking
Documenting Risk Assessments
4 - RISK RESPONSE AND MITIGATION
Aligning Risk Response with Business Objectives
Risk Response Options
Analysis Techniques
Vulnerabilities Associated with New Controls
Developing a Risk Action Plan
Business Process Review Tools and Techniques
Control Design and Implementation
Control Monitoring and Effectiveness
Types of Risk
Control Activities, Objectives, Practices and Metrics
Systems Control Design and Implementation
Impact of Emerging Technologies on Design and Implementation of
Controls
Control Ownership
Risk management Procedures and Documentation
5 - RISK AND CONTROL MONITORING AND REPORTING
Key Risk Indicators
Key Performance Indicators
Data Collection and Extraction Tools and Techniques
Monitoring Controls
Control Assessment Types
Results of Control Assessments
Changes to the IT Risk Profile