This course provides intensive revision across all 4 CRISC job practice domains.

Domain 1 — Governance

• Key Risk Concepts
• Organisational Strategy, Goals and Objectives
• Organisational Structure, Roles and Responsibilities
• Organisational Culture and Assets
• Policies, Standards and Business Process Review
• Risk Governance Overview
• Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
• Risk Profile, Risk Appetite and Risk Tolerance
• Professional Ethics, Laws, Regulations and Contracts

Domain 2 – IT Risk Assessment

• Risk Events
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent, Residual and Current Risk

Domain 3 – Risk Response and Reporting

• Risk and Control Ownership
• Risk Treatment/Risk Response Options
• Managing Risk from Processes, Third Parties and Emergent Sources
• Control Types, Standards and Frameworks
• Control Design, Selection and Analysis
• Control Implementation, Testing and Effectiveness Evaluation
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis and Validation
• Risk and Control Monitoring and Reporting Techniques
• Metrics

Domain 4 – Information Technology and Security

• Enterprise Architecture
• IT Operations Management
• Project Management
• Enterprise Resiliency
• Data Life Cycle Management
• System Development Life Cycle
• Emerging Technologies

Final Session – CRISC Sample Exam Questions