CRISC® Certified in Risk and Information Systems Control (3 Days): Course Contents | ALC Training News

  • No comments
This course provides intensive revision across all 4 CRISC job practice domains.
Domain 1 — Governance
  • Key Risk Concepts
  • Organisational Strategy, Goals and Objectives
  • Organisational Structure, Roles and Responsibilities
  • Organisational Culture and Assets
  • Policies, Standards and Business Process Review
  • Risk Governance Overview
  • Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
  • Risk Profile, Risk Appetite and Risk Tolerance
  • Professional Ethics, Laws, Regulations and Contracts
Domain 2 – IT Risk Assessment
  • Risk Events
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • Risk Assessment Concepts, Standards and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current Risk
Domain 3 – Risk Response and Reporting
  • Risk and Control Ownership
  • Risk Treatment/Risk Response Options
  • Managing Risk from Processes, Third Parties and Emergent Sources
  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation, Testing and Effectiveness Evaluation
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring and Reporting Techniques
  • Metrics
Domain 4 – Information Technology and Security
  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Enterprise Resiliency
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Technologies
Final Session – CRISC Sample Exam Questions


Deb Kirman