Certified In Risk And Information Systems Control Course Overview
Certified in Risk and Information Systems Control (CRISC) is an ISACA certification that demonstrates the holders’ ability to evaluate and identify IT risk and support enterprises accomplish their business objectives and long-term goals.
Since its inception in 2010, CRISC has leveled up the skills of 20,000 professionals worldwide and IT risk management competence and their ability to design, monitor, implement and maintain effective information security controls.
This training at Vinsys prepares you for the 4-hour CRISC exam with a focused, practical approach.
DOMAIN 1: GOVERNANCE (26%)
This domain breaks down into two governance subcategories:
Organizational Governance A
- Organizational strategy, goals, and objectives
- Organizational structure, roles, and responsibilities
- Organizational culture
- Policies and standards
- Business processes
- Organizational assets
Risk Governance B
- Enterprise risk management and risk management framework
- Three lines of defense
- Risk profile
- Risk appetite and risk tolerance
- Legal, regulatory and contractual requirements
- Professional ethics of risk management
DOMAIN 2: IT RISK ASSESSMENT (20%)
This domain breaks down into two distinct sections:
IT Risk Identification A
- Risk events (e.g., contributing conditions, loss result)
- Threat modeling and threat landscape
- Vulnerability and control deficiency analysis (e.g., root cause analysis)
- Risk scenario development
IT Risk Analysis and Evaluation B
- Risk assessment concepts, standards, and frameworks
- Risk register
- Risk analysis methodologies
- Business impact analysis
- Inherent and residual risk
DOMAIN 3: RISK RESPONSE AND REPORTING (32 PERCENT)
This domain is split into three sub-sections.
Risk Response A
- Risk treatment/risk response options
- Risk and control ownership
- Third-party risk management
- Issue, finding, and exception management
- Management of emerging risk
Control Design and Implementation B
- Control types, standards, and frameworks
- Control design, selection, and analysis
- Control implementation
- Control testing and effectiveness evaluation
Risk Monitoring and Reporting C
- Risk treatment plans
- Data collection, aggregation, analysis, and validation
- Risk and control monitoring techniques
- Risk and control reporting techniques (heatmap, scorecards, and dashboards)
- Key performance indicators
- Key risk indicators (KRIs)
- Key control indicators (KCIs)
DOMAIN 4: INFORMATION TECHNOLOGY AND SECURITY (22 PERCENT)
This domain is split into two sections.
Information Technology Principles A
- Enterprise architecture
- IT operations management (e.g., change management, IT assets, problems, and incidents)
- Project management
- Disaster recovery management (DRM)
- Data lifecycle management
- System development life cycle (SDLC)
- Emerging technologies
Information Security Principles B
- Information security concepts, frameworks, and standards
- Information security awareness training
- Business continuity management
- Data privacy and data protection principle
This Certified in Risk and Information Systems Control (CRISC) training is ideal for:
- CEOs/CFOs
- Chief Audit Executives
- Audit Partners/Heads
- CIOs/CISOs
- Chief Compliance/Privacy/Risk Officers
- Security Managers/Directors/Consultants
- IT Directors/Managers/Consultants
- Audit Directors/Managers/Consultants