Course Description
This course provides a review of topics and exam preparation for the CRISC (Certified in Risk and Information Systems Control) certification. The CRISC Certification is an industry-leading program that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise. CRISC is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.
In this course students prepare for the CRISC exam by studying and understanding the 4 Domains:
- Domain 1: IT Risk Identification
- Domain 2: IT Risk Assessment
- Domain 3: Risk Response Mitigation
- Domain 4: Risk and Control Monitoring and Reporting
In addition, the application and testing process for the CRISC certification exam as well as key topics on the exam will be covered.
Course Outline
Day 1 - Risk identification, assessment and evaluation
- Intro to Risk Management
- System Development Life Cycles
- Understanding the enterprise
- Legal, regulatory and contractual requirements
- Working with stakeholders
- Asset management
- Information threats
- Vulnerability analysis
- Understanding impacts
- Validating risk appetite and tolerance
Day 2 - Risk Response & Risk Monitoring
- Develop and implement risk responses
- Evaluating risk response options
- Validation of efficiency, effectiveness and economy
- Developing of the risk profile
- Developing of business cases
- Collect and validate data that measure key risk indicators (KRIs)
- Facilitating independent risk assessments and process reviews
- Identifying and reporting
Day 3 - Information Systems Control Design and Implementation
- Understanding of the business process objectives
- Design information systems controls
- Facilitate the identification of resource
- Ensuring implementation within time, budget and scope
- Provide progress reports
- Implementing information systems controls
- Identification of metrics and key performance indicators (KPIs)
- Assess and recommend tools
Day 4 - Control Monitoring and Maintenance
- Plan, supervise and conduct testing
- Review information systems policies, standards and procedures
- Using CMMI to evaluate the current state of information systems processes
- Correcting information systems control deficiencies and maturity gaps
- Provide information systems control status
Day 5 – Review and Practice Test
- Understanding multiple-choice exams strategies
- Time management for exam
- Practice test and reviewing answers
Additional Information
SLU's CRISC Course Kit: (included in the course fee):
- CRISC Review Manual by ISACA
- CRISC Review Questions, Answers & Explanations Subscription by ISACA
Prerequisites
IT professionals interested in earning CRISC (Certified in Risk and Information Systems Controls) certification. CRISC is for IT professionals, risk professionals, business analysts, project manager and/or compliance professionals, who work towards evaluation and mitigation of risk, and who have job experience in the following areas: Risk identification, assessment and evaluation, Risk response and monitoring and IS control design/monitoring and implementation/maintenance. To register for the exam, individuals must provide evidence of appropriate work experience in risk management and information system control as defined by the CRISC® job practice.
Duration
30 Hours | 5 Days or 10 NightsApplies Towards the Following Certificates
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.