Certified in Risk and Information Systems Control | CRISC

Certified in Risk and Information Systems Control | CRISC

The CRISC training prepares you strategically for the unique challenges of IT and enterprise risk management. You will learn all about identifying and managing (business) risks by developing, implementing and maintaining controls appropriate to the information systems (IS) in your organization.

This training enables you to assess IT risks in terms of their danger to the organization, valuable or sensitive data and the objectives used. You will then learn to draw up plans to reduce and, where possible, avoid these risks. In doing so, you will take into account conditions of governance and compliance, efficiency and continued performance.

Doelstellingen

The Certified in Risk and Information Systems Control certification is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

The CRISC designation will not only certify professionals who have knowledge and experience identifying and evaluating entity-specific risk, but also aid them in helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
– Governance (25%)
– IT Risk Assessment (20%)
– Risk Response and Reporting (32%)
– Information Technology and Security (22%)

Voorkennis

There is no prerequisite to take the CRISC exam; however, in order to apply for CRISC certification you must meet the necessary experience requirements as determined by ISACA

Voor wie

CRISC is for IT professionals, risk professionals, business analysts, and project manager and/or compliance professionals and anyone who has job responsibilities in the following areas: Risk identification, assessment, evaluation, risk response, monitoring and IS control design/monitoring and implementation/maintenance.

Inhoud

DOMAIN 1—Governance 26%
Organizational Governance A
– Organizational Strategy, Goals, and Objectives
– Organizational Structure, Roles, and Responsibilities
– Organizational Culture
– Policies and Standards
– Business Processes
– Organizational Assets
Risk Governance B
– Enterprise Risk Management and Risk Management Framework
– Three Lines of Defense
– Risk Profile
– Risk Appetite and Risk Tolerance
– Legal, Regulatory, and Contractual Requirements
– Professional Ethics of Risk Management
DOMAIN 2—IT Risk Assessment 20%
IT Risk Identification A
– Risk Events (e.g., contributing conditions, loss result)
– Threat Modelling and Threat Landscape
– Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
– Risk Scenario Development
IT Risk Analysis and Evaluation B
– Risk Assessment Concepts, Standards, and Frameworks
– Risk Register
– Risk Analysis Methodologies
– Business Impact Analysis
– Inherent and Residual Risk
DOMAIN 3—Risk Response and Reporting 32%
Risk Response A
– Risk Treatment / Risk Response Options
– Risk and Control Ownership
– Third-Party Risk Management
– Issue, Finding, and Exception Management
– Management of Emerging Risk
Control Design and Implementation B
– Control Types, Standards, and Frameworks
– Control Design, Selection, and Analysis
– Control Implementation
– Control Testing and Effectiveness Evaluation
Risk Monitoring and Reporting C
– Risk Treatment Plans
– Data Collection, Aggregation, Analysis, and Validation
– Risk and Control Monitoring Techniques
– Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
– Key Performance Indicators
– Key Risk Indicators (KRIs)
– Key Control Indicators (KCIs)
DOMAIN 4—Information Technology and Security 22%
Information Technology Principles A
– Enterprise Architecture
– IT Operations Management (e.g., change management, IT assets, problems, incidents)
– Project Management
– Disaster Recovery Management (DRM)
– Data Lifecycle Management
– System Development Life Cycle (SDLC)
– Emerging Technologies
Information Security Principles B
– Information Security Concepts, Frameworks, and Standards
– Information Security Awareness Training
– Business Continuity Management
– Data Privacy and Data Protection Principles

Exclusief examen

Certified in Risk and Information Systems Control | CRISC

DutchTrain is een officieel geaccrediteerd Test Center voor Pearson Vue Test, Prometric, Kryterion, Castle Worldwide, Certiport & PSI. U bent bij ons van harte welkom voor examens welke via deze Test Centers beschikbaar zijn. Examens kunnen elke dag, binnen kantooruren, worden afgenomen.

Duur

4 dagen

Deze training is ook beschikbaar als

– Education On Demand (e-learning)
– Maatwerktraining, neem hiervoor contact op met een van onze opleidingsadviseurs.