This 3-Day training prepares the professionals who want to pass the ISACA’s Certified in Risk and Information System Control CRISC® exam.
The program covers the four key areas covered in the exam: IT risk identification, IT Risk Assessment, Risk and Response and Mitigation, Risk and Control Monitoring and Reporting
The program is aligned on the latest Edition (6th) of the CBK (Common Body of Knowledge) from the ISACA®
CRISC certification is recognised around the world.
Master the risk management approach according the CRISC
Apply the best responses strategies to the risks weighing on the information system
Use best risk monitoring practices
Define information system controls
Use best practices to monitor and maintain these controls
-Candidates must apply for certification within 5 years of having passed the exam.
-A minimum of 3-years experience of cumulative work experience performing the tasks of a CRISC® professional across at least two of the four CRISC domains is required for the certification.
Of these two domains, one must be in either domain 1 or 2.
-Adhere to the ISACA® code of Professional Ethics
-Agree to comply with the CRISC® continuing education policy.
Job roles that can benefit from CRISC® training include, but are not limited to:
Information Security consultants
CRISC® exam candidates and anyone keen to improve their knowledge in the field of risk management and IS control.
Participants who have completed an ISO 27005 or ISO 31000 course
People working with an ERM (Enterprise Risk Management) framework
There is no prerequisite to take the CRISC® exam; however, in order to apply for CRISC® certification you must meet the necessary experience requirements as determined by ISACA®.
Participants should have a basic knowledge of the areas to be covered. The course consists of intense preparation for the certification exam.
English required for the exam.
Chapter 1 : IT Risk Identification
Risk Capacity, Risk Appetite, and Risk Tolerance
Risk Culture and Communication
Elements of risks
Information security Risk Concepts and principles
The IT Risk Strategy of the Business
IT Concepts and Areas of concern for the Risk Practitioner
Methods of risk identification
IT Risk Scenarios
Ownership and Accountability
The IT Risk Register
Chapter 2 : IT Risk Assessment
Risk Assessment Techniques
Analysing Risk Scenarios
Current State of Controls
Change in the Risk Environment
Project and Program Management
Risk and Controls Analysis
Risk Analysis Methodologies
Documenting Risk Assessments
Chapter 3 : Risk Response and Mitigation
Aligning, Risk Response with Business Objectives
Risk Response Options
Vulnerabilities Associated with New Controls
Developing a Risk Action Plan
Business Process Review Tools and Techniques
Control Design and Implementation
Control Monitoring and Effectiveness
Types of Risk
Control Activities, Objectives, Practices and Metrics
Systems Control Design and Implementation
Impact of Emerging Technologies on Design and Implementation of Controls
Risk Management Procedures and Documentation
Chapter 4 : Risk and Control Monitoring and Reporting
Key Risk Indicators
Key Performance Indicators
Data Collection and Extraction Tools and Techniques
Control Assessment Types
Results of Control Assessment
Changes of the IT Risk Profile
Multiple Choice Questions (MCQ) similar to the exam and correction performed together
Discussion and exchanges, hints and tips to pass the exam.
Registration to be made on the site www.isaca.org, the closing of the registration is done 2 months before the date of the examination.
The exam consists of 150 MCQ that cover the CRISC® job practice domains.