CRISC (Certified in Risk and Information Systems Control) Training Certification Course

About Course

CRISC (Certified in Risk and Information Systems Control) Training Certification is a specialized program aimed at professionals involved in managing and mitigating information system risks. It focuses on risk identification, assessment, response, and monitoring, with an emphasis on aligning IT with business objectives. This comprehensive course equips individuals with the knowledge and skills needed to develop effective risk management strategies and ensure information systems’ integrity, availability, and confidentiality. CRISC certification is highly regarded in the IT and risk management fields, making it an essential credential for IT professionals seeking to excel in risk assessment, control, and governance.

Course Content

DOMAIN 1 – Governance 26%

Organizational Strategy, Goals, and Objectives
Organizational Structure, Roles, and Responsibilities
Organizational Culture
Policies and Standards
Business Processes
Organizational Assets
Enterprise Risk Management and Risk Management Framework
Three Lines of Defense
Risk Profile
Risk Appetite and Risk Tolerance
Legal, Regulatory, and Contractual Requirements
Professional Ethics of Risk Management

About Course

What Will You Learn?

Course Content

DOMAIN 1 – Governance 26%

Organizational Strategy, Goals, and Objectives

Organizational Structure, Roles, and Responsibilities

Organizational Culture

Policies and Standards

Business Processes

Organizational Assets

Enterprise Risk Management and Risk Management Framework

Three Lines of Defense

Risk Profile

Risk Appetite and Risk Tolerance

Legal, Regulatory, and Contractual Requirements

Professional Ethics of Risk Management

DOMAIN 2 – IT Risk Assessment 20%

Risk Events (e.g., contributing conditions, loss result)

Threat Modelling and Threat Landscape

Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)

Risk Scenario Development

Risk Assessment Concepts, Standards, and Frameworks

Risk Register

Risk Analysis Methodologies

Business Impact Analysis

Inherent and Residual Risk

DOMAIN 3 – Risk Response and Reporting 32%

Risk Treatment / Risk Response Options

Risk and Control Ownership

Third-Party Risk Management

Issue, Finding, and Exception Management

Management of Emerging Risk

Control Types, Standards, and Frameworks

Control Design, Selection, and Analysis

Control Implementation

Control Testing and Effectiveness Evaluation

Risk Treatment Plans

Data Collection, Aggregation, Analysis, and Validation

Risk and Control Monitoring Techniques

Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)

Key Performance Indicators

Key Risk Indicators (KRIs)

Key Control Indicators (KCIs)

DOMAIN 4 – Information Technology and Security 22%

Enterprise Architecture

IT Operations Management (e.g., change management, IT assets, problems, incidents)

Project Management

Disaster Recovery Management (DRM)

Data Lifecycle Management

System Development Life Cycle (SDLC)

Emerging Technologies

Information Security Concepts, Frameworks, and Standards

Information Security Awareness Training

Business Continuity Management

Data Privacy and Data Protection Principles