This course provides intensive revision across all 4 CRISC job practice domains.
Domain 1 — Governance
- Key Risk Concepts
- Organisational Strategy, Goals and Objectives
- Organisational Structure, Roles and Responsibilities
- Organisational Culture and Assets
- Policies, Standards and Business Process Review
- Risk Governance Overview
- Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
- Risk Profile, Risk Appetite and Risk Tolerance
- Professional Ethics, Laws, Regulations and Contracts
Domain 2 – IT Risk Assessment
- Risk Events
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Scenario Development
- Risk Assessment Concepts, Standards and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent, Residual and Current Risk
Domain 3 – Risk Response and Reporting
- Risk and Control Ownership
- Risk Treatment/Risk Response Options
- Managing Risk from Processes, Third Parties and Emergent Sources
- Control Types, Standards and Frameworks
- Control Design, Selection and Analysis
- Control Implementation, Testing and Effectiveness Evaluation
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis and Validation
- Risk and Control Monitoring and Reporting Techniques
- Metrics
Domain 4 – Information Technology and Security
- Enterprise Architecture
- IT Operations Management
- Project Management
- Enterprise Resiliency
- Data Life Cycle Management
- System Development Life Cycle
- Emerging Technologies
Final Session – CRISC Sample Exam Questions