(CRISC) Certified In Risk and Information System Control

• There is no prerequisite to take the CRISC® exam; however, in order to apply for CRISC® certification, you must meet the necessary experience requirements as determined by ISACA.
• Participants should have a basic knowledge of the areas to be covered. The course consists of intense preparation for the certification exam.
• English is required for the exam.

This 4-Day training prepares the professionals who want to pass the ISACA’s Certified in Risk and Information System Control CRISC® exam. The program covers the four key areas covered in the exam: Governance, IT Risk Assessment, Risk Response and Reporting, Information Technology and Security The program is aligned on the latest Edition (7th) of the CBK (Common Body of Knowledge) from the ISACA®CRISC® certification is recognised around the world.

Day One: Introduction & Chapter 1: Governance

• Organizational Strategy, Goals and Objectives
• Organization structure, Roles and Responsibilities
• Organizational Structure
• Policies and Standards
• Business Process Review
• Organization assets
• Enterprise Risk Management and Risk Management Frameworks
• Three Lines of Defence
• Risk Profile
• Risk Appetite, Tolerance and Capacity
• Legal, Regulatory and Contractual Requirements
• Exercises - Multiple Choice questions in between chapters and at the end of each chapter

Day Two: Chapter 2: IT Risk Assessment

• Risk Events
• Threat Modelling and Threat landscape
• Vulnerability and Control Deficiency Analysis
• Risk Scenario Development
• Risk Assessment Concepts, Standards and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent, Residual and Current risk
• Exercises - Multiple Choice questions in between chapters and at the end of each chapter

Day Three: Chapter 3: Risk Response and Reporting 

• Risk and Control Ownership
• Risk Treatment/Risk Response Options
• Third-party Risk Management
• Issues, Finding and Exception Management
• Management of Emerging risk
• Control Types, Standards and Frameworks
• Control Design, Selection and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques
• Key Performances Indicators
• Key Risk Indicators
• Key Control Indicators
• Exercises - Multiple Choice questions in between chapters and at the end of each chapter

Day Four: Chapter 4: Information Technology and Security

• Enterprise Architecture
• IT Operations Management
• Project Management
• Enterprise Resiliency
• Data Life Cycle Management
• System Development Life Cycle
• Emerging Trends in Technology
• Information Security Concepts, Frameworks and Standards
• Information Security Awareness Training
• Data Privacy and Principles of Data Protection
• Exercises - Multiple Choice questions in between chapters and at the end of each chapter

Preparation for the exam

• Multiple Choice Questions (MCQ) like the exam and correction performed together
• Discussion and exchanges, hints, and tips to pass the exam.
• Blank Exam 150 MCQs
• Registration is to be made on the site www.isaca.org
• The exam consists of 150 MCQs that cover the CRISC® job practice domains.

Classroom Courses