Introduction

CRISC is an acronym for Certified in Risk and Information Systems Control. The ISACA defines CRISC as “the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.

CRISC certification is an earned qualification that verifies your knowledge and expertise in risk management. CRISC-certified professionals aid enterprises in understanding business risk and possess a technical understanding of implementing the most useful information security procedures and controls.

Course Outline

CRISC is an acronym for Certified in Risk and Information Systems Control. The ISACA defines CRISC as “the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.

CRISC certification is an earned qualification that verifies your knowledge and expertise in risk management. CRISC-certified professionals aid enterprises in understanding business risk and possess a technical understanding of implementing the most useful information security procedures and controls.

Domain 1 – Risk Management

  1. Collect and review environmental risk data.
  2. Identify potential vulnerabilities to people, processes and assets.
  3. Develop IT scenarios based on information and potential impact to the organization.
  4. Identify key stakeholders for risk scenarios.
  5. Establish risk register.
  6. Gain senior leadership and stakeholder approval of the risk plan.
  7. Collaborate to create a risk awareness program and conduct training.

Domain 2 – IT Risk Assessment

  1. Analyze risk scenarios to determine likelihood and impact.
  2. Identify current state of risk controls and their effectiveness.
  3. Determine gaps between the current state of risk controls and the desired state.
  4. Ensure risk ownership is assigned at the appropriate level.
  5. Communicate risk assessment data to senior management and appropriate stakeholders.
  6. Update the risk register with risk assessment data.

Domain 3 – Risk Response and Mitigation

  1. Align risk responses with business objectives.
  2. Develop consult with and assist risk owners with development risk
    action plans.
  3. Ensure risk mitigation controls are managed to acceptable levels.
  4. Ensure control ownership is appropriately assigned to establish
    accountability.
  5. Develop and document control procedures for effective control.
  6. Update the risk register.
  7. Validate that risk responses are executed according to risk action plans.

Domain 4 – Risk and Control Monitoring and Reporting

  1. Risk and control monitoring and reporting.
  2. Define key risk indicators (KRIs) and identify key performance indicators
    (KPIs) to enable performance measurement key risk indicators (KRIs)
    and key performance indicators (KPIs).
  3. Determine the effectiveness of control assessments.
  4. Identify and report trends/changes to KRIs/KPIs that affect control
    performance or the risk profile.

Register now!

Please enable JavaScript in your browser to complete this form.
How would you like to join?