CRISC Certification Course Content.pdf
0 likes184 views
The CRISC certification training program at InfoSec Train is designed for professionals who manage enterprise risks through information system controls, aimed at enhancing their technical expertise. The program includes a 32-hour instructor-led training with a money back guarantee and support for participants until they achieve their certification goals. The CRISC exam assesses proficiency in risk management across four key domains: governance, IT risk assessment, risk response and reporting, and information technology and security.
CRISC Certification Course Content.pdf
- 1. w w w . i n f o s e c t r a i n . c o m W W W . I N F O S E C T R A I N . C O M
- 2. w w w . i n f o s e c t r a i n . c o m CRISC Introduction Certified in Risk and Information System Control (CRISC) certification training program at Infosec Train is developed for those professionals who identify and manage the enterprise risks by implementing information system controls. The training will help you understand the impacts of IT risks and gain technical expertise in implementing proper information security controls to confront the challenges posed by these risks. CRISC is the most current and rigorous assessment available to evaluate IT professionalsโ risk management proficiency and other employees within an enterprise or financial institute. Those who earn CRISC help enterprises understand business risks and have the technical knowledge to implement appropriate IS controls.
- 3. w w w . i n f o s e c t r a i n . c o m CRISC Course Highlights 100% Money Back Guarantee Extended Post Training Not satisfied with your training on Day 1? You can get a refund or enroll in a different course. Get extended support even after you finish your training. Weโre here for you until you reach your certification goals. 32-Hrs Instructor-led Training Accredited Instructors Telegram Discussion Group
- 4. w w w . i n f o s e c t r a i n . c o m Who Should Attend CEOs/CFOs CIOs/CISOs Audit Partners/Heads Security Managers/ Directors/Consultants Chief Audit Executives Chief Compliance/ Privacy/Risk Officers CISM Exam Information Certification Certified in Risk and Information Systems Control Exam Duration 4 Hours Number of Questions 150 Exam Pattern Multiple Choice Passing Marks 450 out of 800 Languages English, French, German, Hebrew, Italian, Japanese, Korean, Spanish, Turkish, Chinese
- 5. w w w . i n f o s e c t r a i n . c o m Happy Learners Across the World w w w . i n f o s e c t r a i n . c o m
- 6. w w w . i n f o s e c t r a i n . c o m DOMAIN 1 GOVERNANCE 26% DOMAIN 2 IT RISK ASSESSMENT 20% DOMAIN 4 INFORMATION TECHNOLOGY AND SECURITY 20% CRISC Domains 32% DOMAIN 3 RISK RESPONSE AND REPORTING
- 7. w w w . i n f o s e c t r a i n . c o m 26% DOMAIN 1 GOVERNANCE AโORGANIZATIONAL GOVERNANCE BโRISK GOVERNANCE The governance domain interrogates your knowledge of information about an organizationโs business and IT environments, organizational strategy, goals and objectives, and examines potential or realized impacts of IT risk to the organizationโs business objectives and operations, including Enterprise Risk Management and Risk Management Framework. โข Organizational Strategy, Goals, and Objectives โข Organizational Structure, Roles and Responsibilities โข Organizational Culture โข Policies and Standards โข Business Processes โข Organizational Assets โข Enterprise Risk Management and Risk Management Framework โข Three Lines of Defense โข Risk Profile โข Risk Appetite and Risk Tolerance โข Legal, Regulatory and Contractual Requirements โข Professional Ethics of Risk Management
- 8. w w w . i n f o s e c t r a i n . c o m 20% DOMAIN 2 IT RISK ASSESSMENT AโIT RISK IDENTIFICATION BโIT RISK ANALYSIS AND EVALUATION This domain will certify your knowledge of threats and vulnerabilities to the organizationโs people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios. โข Risk Events (e.g., contributing conditions, loss result) โข Threat Modelling and Threat Landscape โข Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) โข Risk Scenario Development โข Risk Assessment Concepts, Standards and Frameworks โข Risk Register โข Risk Analysis Methodologies โข Business Impact Analysis โข Inherent and Residual Risk
- 9. w w w . i n f o s e c t r a i n . c o m 32% DOMAIN 3 RISK RESPONSE AND REPORTING AโRISK RESPONSE BโCONTROL DESIGN AND IMPLEMENTATION CโRISK MONITORING AND REPORTING This domain deals with the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders. โข Risk Treatment / Risk Response Options โข Risk and Control Ownership โข Third-Party Risk Management โข Issue, Finding and Exception Management โข Management of Emerging Risk โข Control Types, Standards and Frameworks โข Control Design, Selection and Analysis โข Control Implementation โข Control Testing and Effectiveness Evaluation โข Risk Treatment Plans โข Data Collection, Aggregation, Analysis and Validation โข Risk and Control Monitoring Techniques โข Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) โข Key Performance Indicators โข Key Risk Indicators (KRIs) โข Key Control Indicators (KCIs)
- 10. w w w . i n f o s e c t r a i n . c o m INFORMATION TECHNOLOGY AND SECURITY 22% DOMAIN 4 AโINFORMATION TECHNOLOGY PRINCIPLES BโINFORMATION SECURITY PRINCIPLES In this domain we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training. โข Enterprise Architecture โข IT Operations Management (e.g., change management, IT assets, problems, incidents) โข Project Management โข Disaster Recovery Management (DRM) โข Data Lifecycle Management โข System Development Life Cycle (SDLC) โข Emerging Technologies โข Information Security Concepts, Frameworks and Standards โข Information Security Awareness Training โข Business Continuity Management โข Data Privacy and Data Protection Principles
- 11. w w w . i n f o s e c t r a i n . c o m www.infosectrain.com I sales@infosectrain.com