What you’ll learn
A Certified in Risk and Information Systems Control (CRISC) certification demonstrates your IT risk management expertise. By taking a proactive approach, you will learn how to enhance your organisation’s business resilience, deliver stakeholder value and optimise risk management across the enterprise. As a CRISC, you will be ready to address emerging technology, including AI risk assessment and general best practices for risk management and mitigation related to AI data governance and ethics.
ISACA at Lumify Work
ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide.
Lumify Work is an Accredited Elite Partner of ISACA.
Who is the course for?
This course is designed for mid-career IT and business professionals, including:
Security Directors, Managers, and Consultants
Compliance/Risk/Privacy Directors and Managers
IT Audit Directors, Managers, and Consultants
Compliance/Risk/Control Staff
Course subjects
Domain 1: Governance
The governance domain interrogates your knowledge of information about an organisation’s business and IT environments, organisational strategy, goals and objectives, and examines potential or realised impacts of IT risk to the organisation’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework.
Topics:
Strategy, Goals and Objectives
Organisational Structure, Roles, and Responsibilities
Organisational Culture and Ethics
Policies and Standards
Business Processes and Resilience
Organisational Assets
Enterprise Risk Management
Lines of Defense
Risk Profile
Risk Appetite and Risk Tolerance
Risk Frameworks, Legal, Regulatory, and Contractual Requirements
Domain 2: IT Risk Assessment
This domain will certify your knowledge of threats and vulnerabilities to the organisation’s people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios.
Topics:
Risk Events
Threat Modelling and Threat Landscape
Vulnerability Management
Risk Scenario Development
Risk Assessment Concepts and Standards
Business Impact Analysis
Risk Register
Risk Analysis Methodologies
Inherent and Residual Risk
Domain 3: Risk Response and Reporting
This domain deals with the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders.
Topics:
Risk Response Options
Risk and Control Ownership
Vendor/Supply Chain Risk Management
Issue, Finding, and Exception Management
Control Frameworks, Types, and Standards
Control Design, Selection, Implementation and Analysis
Control Testing Methodologies
Risk Action Plans
Data Collection, Aggregation, Analysis, and Validation
Risk and Control Metrics
Risk and Control Monitoring Techniques
Risk and Control Reporting Techniques
Monitoring and Reporting of Emerging Risks
Domain 4: Information Technology and Security
In this domain we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training.
Topics:
Technology Roadmaps and Enterprise Architecture
Operations Management
System Development Life Cycle
Data Lifecycle Management
Portfolio and Project Management
Technology Resilience and Disaster Response/Recovery
Emerging Technologies
Security Concepts, Frameworks, and Standards
Security/Risk Awareness and Training
Data Privacy and Data Protection Principles
Prerequisites
There are no prerequisites for taking this course or the CRISC Exam. However, in order to apply for CRISC certification, the candidate must meet the necessary experience requirements as determined by ISACA.
To obtain the CRISC Certification, a candidate must pass the CRISC Exam and have the relevant full-time work experience in the CRISC exam content outline: three or more years of experience in IT risk management and IS control.
Industry Association Recognition
This course is eligible for Continuing Professional Education (CPE) hours/points to assist in maintaining your ISACA certification.
If you wish to claim CPEs, Lumify Work can verify your attendance. Please complete this ISACA form and email us at training@lumifywork.com.
Lumify Work is proud to be Cyber Security Training Business of the Year
FREE E-BOOK: Meeting the Cyber Security Challenge
What are the top challenges in cyber security? Gain insight into how organisations can address challenges through cyber security training programs that build a skilled and diverse cyber workforce.
Terms & Conditions
The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.
