This 4-Day training prepares the professionals who want to pass the ISACA’s Certified in Risk and Information System Control CRISC® exam. The program covers the four key areas covered in the exam: Governance, IT Risk Assessment, Risk Response and Reporting, Information Technology and Security The program is aligned on the latest Edition (7th) of the CBK (Common Body of Knowledge) from the ISACA®CRISC® certification is recognised around the world.
Management Training
(CRISC) Certified In Risk and Information System Control
Voor wie is deze cursus?
- Job roles that can benefit from CRISC® training include, but are not limited to: CISO, Information Security consultants, Governance Consultants, Cybersecurity Consultants, IT professionals, Risk professionals, Control professionals, Project managers, Business analysts, Compliance professionals, Auditors
- CRISC® exam candidates and anyone keen to improve their knowledge in the field of risk management and IS control.
- Participants who have completed an ISO 27005 or ISO 31000 course
- People working with an ERM (Enterprise Risk Management) framework
Vereisten
- There is no prerequisite to take the CRISC® exam; however, in order to apply for CRISC® certification, you must meet the necessary experience requirements as determined by ISACA.
- Participants should have a basic knowledge of the areas to be covered. The course consists of intense preparation for the certification exam.
- English is required for the exam.
EDUCATIONAL OBJECTIVES
- Master the risk management approach according to the CRISC®
- Apply the best responses strategies to the risks weighing on the information system
- Use best risk monitoring practices
- Define information system controls
- Use best practices to monitor and maintain these controls
CERTIFICATION
- Candidates must apply for certification within 5 years of having passed the exam.
- A minimum of 3-year experience of cumulative work experience performing the tasks of a CRISC® professional across at least two of the four CRISC® domains is required for the certification. Of these two domains, one must be in either domain 1 or 2.
- Adhere to the ISACA® code of Professional Ethics
- Agree to comply with the CRISC® continuing education policy.
Day One: Introduction & Chapter 1: Governance
- Organizational Strategy, Goals and Objectives
- Organization structure, Roles and Responsibilities
- Organizational Structure
- Policies and Standards
- Business Process Review
- Organization assets
- Enterprise Risk Management and Risk Management Frameworks
- Three Lines of Defence
- Risk Profile
- Risk Appetite, Tolerance and Capacity
- Legal, Regulatory and Contractual Requirements
- Exercises – Multiple Choice questions in between chapters and at the end of each chapter
Day Two: Chapter 2: IT Risk Assessment
- Risk Events
- Threat Modelling and Threat landscape
- Vulnerability and Control Deficiency Analysis
- Risk Scenario Development
- Risk Assessment Concepts, Standards and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent, Residual and Current risk
- Exercises – Multiple Choice questions in between chapters and at the end of each chapter
Day Three: Chapter 3: Risk Response and Reporting
- Risk and Control Ownership
- Risk Treatment/Risk Response Options
- Third-party Risk Management
- Issues, Finding and Exception Management
- Management of Emerging risk
- Control Types, Standards and Frameworks
- Control Design, Selection and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis and Validation
- Risk and Control Monitoring Techniques
- Risk and Control Reporting Techniques
- Key Performances Indicators
- Key Risk Indicators
- Key Control Indicators
- Exercises – Multiple Choice questions in between chapters and at the end of each chapter
Day Four: Chapter 4: Information Technology and Security
- Enterprise Architecture
- IT Operations Management
- Project Management
- Enterprise Resiliency
- Data Life Cycle Management
- System Development Life Cycle
- Emerging Trends in Technology
- Information Security Concepts, Frameworks and Standards
- Information Security Awareness Training
- Data Privacy and Principles of Data Protection
- Exercises – Multiple Choice questions in between chapters and at the end of each chapter
Preparation for the exam
- Multiple Choice Questions (MCQ) like the exam and correction performed together
- Discussion and exchanges, hints, and tips to pass the exam.
- Blank Exam 150 MCQs
- Registration is to be made on the site www.isaca.org
- The exam consists of 150 MCQs that cover the CRISC® job practice domains.
Boek je training
Vul uw gegevens in om uw boeking te bevestigen.
