top of page

CRISC Course  Training

The Certified in Risk and Information Systems Control (CRISC) certification is tailored for
professionals in IT who are responsible for managing risk and ensuring the security of information
systems.

REASONS TO CHOOSE

✔ Expert Training Sessions from skilled and experienced Instructors
✔ Certificate of Attendance for Risk and Information Systems Control (CRISC) boot camp
 Digital Delegate Materials

CRISC Course Details

Untitled design (65).png

Certified Risk and Information Systems Control (CRISC) Course Outline

Domain 1: Governance
Module 1: Organisational Governance

  • Strategy, Goals, and Objectives of the Organisation

  • Structure, Roles, and Responsibilities

  • Organisational Culture and Environment

  • Policies, Standards, and Compliance

  • Business Process Evaluation

  • Management of Organisational Assets

Module 2: Risk Governance

  • Enterprise Risk Management (ERM) and Risk Management Frameworks

  • The Three Lines of Defence Model

  • Risk Profile and its Components

  • Risk Appetite, Tolerance, and Capacity

  • Legal, Regulatory, and Contractual Obligations

  • Professional Ethics in Risk Management

 

Domain 2: IT Risk Assessment
Module 3: IT Risk Identification

  • Identifying Risk Events and Threats

  • Threat Modelling and the Threat Landscape

  • Analysis of Vulnerabilities and Control Deficiencies

  • Development of Risk Scenarios

 

 

Module 4: IT Risk Analysis, Evaluation, and Assessment

  • Risk Assessment Concepts, Standards, and Frameworks

  • Maintaining a Risk Register

  • Risk Analysis Methods

  • Conducting Business Impact Analysis (BIA)

  • Inherent, Residual, and Current Risk Assessment

 

Domain 3: Risk Response and Reporting

Module 5: Risk Response

  • Ownership of Risks and Controls

  • Risk Treatment and Response Strategies

  • Managing Third-Party Risks

  • Addressing Issues, Findings, and Expectations

  • Emerging Risk Management

 

Module 6: Control Design and Implementation

  • Types of Controls, Standards, and Frameworks

  • Control Selection, Design, and Evaluation

  • Implementing Effective Controls

  • Testing Controls and Evaluating Their Effectiveness

 

Module 7: Risk Monitoring and Reporting

  • Developing Risk Treatment Plans

  • Techniques for Data Collection, Aggregation, and Validation

  • Monitoring Risks and Controls

  • Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and Key Control Indicators (KCIs)

 

Domain 4: Information Technology and Security
Module 8: Information Technology Principles

  • Enterprise Architecture Fundamentals

  • IT Operations and Project Management

  • Building Enterprise Resilience

  • Managing the Data Lifecycle

  • The System Development Lifecycle (SDLC)

  • Emerging Trends in Technology

 

Module 9: Information Security Principles

  • Information Security Frameworks and Standards

  • Training and Awareness in Information Security

  • Data Privacy and Principles of Data Protection

Show more

bottom of page