This 4-Day training prepares the professionals who want to pass the ISACA’s Certified in Risk and Information System Control CRISC® exam.
The program covers the four key areas covered in the exam: Governance, Risk Assessment, Risk Response and Reporting, Technology and Security
The program is aligned on the latest Edition (8th) of the CBK (Common Body of Knowledge) from the ISACA®
CRISC® certification is recognised around the world.
Master the risk management approach according the CRISC®
Apply the best responses strategies to the risks weighing on the information system
Use best risk monitoring practices
Define information system controls
Use best practices to monitor and maintain these controls
-Candidates must apply for certification within 5 years of having passed the exam.
-A minimum of 3-year experience of cumulative work experience performing the tasks of a CRISC® professional across at least two of the four CRISC® domains is required for the certification.
Of these two domains, one must be in either domain 1 or 2.
-Adhere to the ISACA® code of Professional Ethics
-Agree to comply with the CRISC® continuing education policy.
Job roles that can benefit from CRISC® training include, but are not limited to:
CISO - Information Security consultants -Governance Consultants -Cybersecurity Consultants - IT professionals -Risk professionals -Control professionals -Project managers -Business analysts -Compliance professionals - Auditors -
CRISC®(R) exam candidates and anyone keen to improve their knowledge in the field of risk management and IS control.
Participants who have completed an ISO 27005 or ISO 31000 course
People working with an ERM (Enterprise Risk Management) framework
There is no prerequisite to take the CRISC® exam; however, to apply for CRISC® certification you must meet the necessary experience requirements as determined by ISACA.
Participants should have a basic knowledge of the areas to be covered. The course consists of intense preparation for the certification exam.
English required for the exam.
Day One
Introduction
Chapter 1: Governance
Part A: Organizational Governance
-Strategy, Goals and Objectives
-Organizational structure, Roles and Responsibilities
-Organizational Culture and Ethics
-Policies and Standards
-Business Process Review and Resilience
-Organizational Asset Management
Part B: Risk Governance
-Enterprise Risk Management
-Lines of Defense
-Risk Profile
-Risk Appetite, Tolerance and Capacity
-Risk Frameworks, Legal, Regulatory and Contractual Requirements
-Exercises - Multiple Choice questions in between chapters and at the end of each chapter
Day Two
Chapter 2: Risk Assessment
Part A: Risk Identification
-Risk Events
-Threat Modelling and Threat landscape
-Vulnerability and Control Deficiency Analysis
-Risk Scenario Development and Evaluation
Part B: Risk Analysis
-Risk Assessment Concepts, and Standards
-Business Impact Analysis
-Risk Register
-Risk Analysis Methodologies
-Inherent, Residual and Current risk
-Exercises - Multiple Choice questions in between chapters and at the end of each chapter
Day Three
Chapter 3: Risk Response and Reporting
Part A: Risk Response
-Risk Response Options
-Risk and Control Ownership
-Vendor/Supply Chain Risk Management
-Issues, Findings, and Exception Management
Part B: Control Design
-Control Frameworks, Types and Standards
-Control Design, Selection, Implementation and Analysis
-Control Testing Technologies
Part C: Risk Monitoring and Reporting
-Risk Actions Plans
-Data Collection, Aggregation, Analysis, Validation
-Risk and Controls Metrics
-Risk and Control Monitoring Techniques
-Risk and Control Reporting Techniques
-Monitoring and Reporting of Emerging Risk
-Exercises - Multiple Choice questions in between chapters and at the end of each chapter
Day Four
Chapter 4: Technology and Security
Part A: Technology Principles
-Technology Roadmaps and Enterprise Architecture
-Operations Management
-System Development Life Cycle
-Data Life Cycle Management
-Portfolio and Project Management
-Technology Resilience and Disaster Response/Recovery
-Emerging Technologies
Part B: Information Security Principles
-Security Concepts, Frameworks, and Standards
-Security/Risk Awareness and Training
-Data Privacy and Data Protection Principles
-Exercises - Multiple Choice questions in between chapters and at the end of each chapter
Multiple Choice Questions (MCQ) like the exam and correction performed together
Discussion and exchanges, hints, and tips to pass the exam.
Blank Exam.
Registration to be made on the site www.isaca.org,
The exam consists of 150 MCQ that cover the CRISC® job practice domains.
Back Registration