Certified in Risk and Information Systems Control (CRISC)
Gain instant recognition and credibility with ISACA’s Risk and Information Systems Control (CRISC®) certification and advance in your profession.
Module 1: Risk IdentificationRisk Identification ObjectivesRisk Identification OverviewConcepts of IT RiskRisk Management StandardsRisk Identification FrameworksAssetsThreatsVulnerabilitiesElements of RiskPenetration TestingCOBIT 5ISORisk ScenariosCommunicating RiskRisk AwarenessOrganizational Structures and CultureRisk within the EnterpriseCompliancePrinciples of RiskConclusion
Module 2: Risk AssessmentRisk Assessment ObjectivesRisk Assessment OverviewRisk Assessment TechniquesRisk Assessment AnalysisMethodologiesControl AssessmentRisk Evaluation and Impact AssessmentRisk and Control AnalysisThird-Party ManagementSystem Development LifecycleDeveloping TechnologiesEnterprise ArchitectureConclusion
Module 3: Risk Response and MitigationRisk Response and Mitigation ObjectivesRisk Response and Mitigation OverviewRisk Response OptionsResponse AnalysisRisk Response PlansControl Objectives and PracticesControl OwnershipSystems Control Design ImplementationControl and CountermeasuresBusiness ContinuityDisaster RecoveryRisk AccountabilityInherent and Residual RiskConclusion
Module 4: Risk and Control Monitoring and ReportingRisk and Control Monitoring and Reporting ObjectivesRisk and Control Monitoring and Reporting OverviewKey Risk Indicators (KRIs)Data CollectionMonitoring ControlsControl AssessmentsPenetration TestingVulnerability AssessmentsThird-Party AssuranceMaturity Model AssessmentTechniques for ImprovementCapability Maturity ModelIT Risk ProfileConclusion
About The Course
Certified in Risk and Information Systems Control (CRISC) certification is an ideal credential for mid-career professionals who perform various roles in enterprise risk management and control.
It is developed by one of the globally renowned certification body ISACA to upscale your career in IT.
Moreover, this certification course prepares the candidate for dealing with real-world threats with relevant tools to assess, govern, and mitigate risk.
After qualifying this certification, a professional can be hired as a senior IT auditor, security engineer architect, IT security analyst, or information assurance program manager.
This course teaches you about core aspects such as:
- Risk and Information Systems Control
- Understanding enterprise risk
- Plan, execute, scrutinize, and retain information systems controls.
- Risk: identification, evaluation, assessment, response, and monitoring
- IS control design and execution
- IS control maintenance and monitoring
The course itself has no prerequisites, but you should be familiar with the CRISC job practice domains. To receive CRISC certification, you must meet the work experience requirements of 3 years of experience across at least 2 of the four CRISC domains, some of which must be in either Domain 1 or 2.
The four domains are as follows:
- IT Risk Identification
- IT Risk Assessment
- Risk Response and Mitigation
- Risk and Control Monitoring and Reporting