Certified in Risk and Information Systems Control (CRISC) Official Course

Starts:  May 17, 2023 18:00 (IE)
Ends:  Jun 3, 2023 21:00 (IE)
Associated with  Ireland Chapter

This event is primarily for ISACA Ireland Chapter Members only.

The courses are offered with two pricing options.

Barebones - This is the full course delivered by Webinar and the printed materials posted out to attendees..

All - In In addition to the Barebones, this includes the Exam voucher (Remote Proctoring) Study Manual (electronic) and the CISA Review Questions, and the Answers & Explanations (QAE) Database (one year subscription)

In the event of the course being undersubscribed and no longer viable, the course will be canceled and full refunds made.

The Cut-off date for registration is Wednesday 10th May 2023

The Course will be delivered by webinar and is scheduled for the following dates and times:

Wednesday 17th May 18:00 to 21:00

Thursday 18th May 18:00 to 21:00

Wednesday 24th May 18:00 to 21:00

Thursday 25th May 18:00 to 21:00

Wednesday 31st May 18:00 to 21:00

Thursday 1st June 18:00 to 21:00

Saturday 3rd June 09:00 to 17:00

The sessions will not be recorded

Prerequisites.  None. However for someone to sit the exam, they should possess more than 3 years IT Risk experience.

Duration: As outlined - six evenings and one full day.

Course Description:

CRISC is the only enterprise IT risk-focused certification that prepares IT professionals to put agile risk management best practices in place to keep pace with the rapidly evolving business landscape. The comprehensive content outline ensures that CRISCs can become trusted advisors to upper management and the board, alerting them to vulnerabilities, potential impact, and solutions to mitigate these risks/threats proactively.

The course covers all four domians of the CRISC Syllabus.

DOMAIN 1—Governance

Organizational Governance Organizational Strategy, Goals, and Objectives Organizational Structure, Roles, and Responsibilities Organizational Culture Policies and Standards Business Processes Organizational Assets Risk Governance Enterprise Risk Management and Risk Management Framework Three Lines of Défense Risk Profile Risk Appetite and Risk Tolerance Legal, Regulatory, and Contractual Requirements Professional Ethics of Risk Management

DOMAIN 2—IT Risk Assessment

IT Risk Identification Risk Events (e.g., contributing conditions, loss result) Threat Modelling and Threat Landscape Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) Risk Scenario Development IT Risk Analysis and Evaluation B Risk Assessment Concepts, Standards, and Frameworks Risk Register Risk Analysis Methodologies Business Impact Analysis Inherent and Residual Risk

DOMAIN 3—Risk Response and Reporting

Risk Response Risk Treatment / Risk Response Options Risk and Control Ownership Third-Party Risk Management Issue, Finding, and Exception Management Management of Emerging Risk Control Design and Implementation Control Types, Standards, and Frameworks Control Design, Selection, and Analysis Control Implementation Control Testing and Effectiveness Evaluation Risk Monitoring and Reporting Risk Treatment Plans Data Collection, Aggregation, Analysis, and Validation Risk and Control Monitoring Techniques Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) Key Performance Indicators Key Risk Indicators (KRIs) Key Control Indicators (KCIs)

DOMAIN 4—Information Technology and Security

Information Technology Principles Enterprise Architecture IT Operations Management (e.g., change management, IT assets, problems, incidents) Project Management Disaster Recovery Management (DRM) Data Lifecycle Management System Development Life Cycle (SDLC) Emerging Technologies Information Security Principles Information Security Concepts, Frameworks, and Standards Information Security Awareness Training Business Continuity Management Data Privacy and Data Protection Principles


Everett Breakey