Scribd Logo
Upload

Welcome to Scribd!

  • CRISC Syllabus

    Uploaded by

    Birhan
    25 views4 pages
    This document provides a course syllabus for a Certified in Risk and Information Systems Control (CRISC) certification preparation course. The course aims to prepare IT and business professionals to identify, evaluate, and manage risk through constructing, implementing, and maintaining information system controls. It is divided into 6 modules covering topics like risk identification, assessment, response, information technology security controls, and governance frameworks. The course objectives are to effectively mitigate risk, communicate a business-focused perspective of risk, and establish a common risk management baseline.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a course syllabus for a Certified in Risk and Information Systems Control (CRISC) certification preparation course. The course aims to prepare IT and business professionals to identify, evaluate, and manage risk through constructing, implementing, and maintaining information system controls. It is divided into 6 modules covering topics like risk identification, assessment, response, information technology security controls, and governance frameworks. The course objectives are to effectively mitigate risk, communicate a business-focused perspective of risk, and establish a common risk management baseline.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views4 pages

    CRISC Syllabus

    Uploaded by

    Birhan
    This document provides a course syllabus for a Certified in Risk and Information Systems Control (CRISC) certification preparation course. The course aims to prepare IT and business professionals to identify, evaluate, and manage risk through constructing, implementing, and maintaining information system controls. It is divided into 6 modules covering topics like risk identification, assessment, response, information technology security controls, and governance frameworks. The course objectives are to effectively mitigate risk, communicate a business-focused perspective of risk, and establish a common risk management baseline.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Course Syllabus

    Certified In Risk and Information Systems Control


    (CRISC)
    Instructor Name: Kelly Handerhan Course Creation Date: 2/24/22

    Course Description and Goals

    Course Description: Certified in Risk and Information Systems Control (CRISC) by ISACA is
    for IT and business professionals who develop and maintain information system controls, and
    whose job revolves around security operations and compliance. CRISC is implemented into
    operational and management level positions at organizations of almost any size. This course
    focuses on four main domain areas: (1) IT Risk Identification, (2) IT Risk Assessment, (3) Risk
    Response and Reporting, and (4) Information Technology and Security. Our CRISC course will
    prepare you for identifying, evaluating, and managing risk through the construction,
    implementation, and maintenance of IS controls.

    Target Audience: IT and business professionals Please see isaca.org

    Course Level: Advanced

    Course Outcomes: By the end of this course, you should be able to:

    ● Effectively prepare and enact strategic and focused plans to mitigate risk
    ● Explain the advantages of approaching security by focusing on the business
    ● Set common language and perspective risks that can become the baseline for risk
    management within their organizations

    Brought to you by: Develop your team with the fastest growing catalog in the
    cybersecurity industry. Enterprise-grade workforce development
    management, advanced training features and detailed skill gap and
    competency analytics.
    1
    Course Outline

    Module 1 | Course Overview and Instructor Introduction


    ● Lesson 1.1: Welcome and Introduction
    ● Lesson 1.2: The CRISC Exam

    Module 2 | Introduction to Information Security and Risk Management


    ● Lesson 2.1: Risk Definitions
    ● Lesson 2.2: Principles of Information Security

    Module 3 | Domain 1 - Governance


    ● Lesson 3.1: Governance Overview
    ● Lesson 3.2: Understanding GRC (Governance, Risk, and Compliance)
    ● Lesson 3.3: Liability
    ● Lesson 3.4: Information Security Strategy and Roadmap
    ● Lesson 3.5: Frameworks: ISO 27000 Series
    ● Lesson 3.6: Frameworks: NIST CSF
    ● Lesson 3.7: ISACA’s IT Risk Framework
    ● Lesson 3.8: Information Security Program
    ● Lesson 3.9: Information Security Policies
    ● Lesson 3.10: Standards, Procedures, Guidelines, and Baselines
    ● Lesson 3.11: Information Security Controls
    ● Lesson 3.12: Project Management
    ● Lesson 3.13: Risk Culture
    ● Lesson 3.14: Ethics

    Module 4 | Domain 2 - Risk Assessment


    ● Lesson 4.1: Risk Assessment Overview
    ● Lesson 4.2: Risk Identification
    ● Lesson 4.3: Threat Modeling and Risk Scenarios
    ● Lesson 4.4: Risk Register
    ● Lesson 4.5: NIST 800-39
    ● Lesson 4.6: NIST 800-30
    ● Lesson 4.7: Risk Assessment and Analysis

    Brought to you by: Develop your team with the fastest growing catalog in the
    cybersecurity industry. Enterprise-grade workforce development
    management, advanced training features and detailed skill gap and
    competency analytics.
    2
    ● Lesson 4.8: NIST SP 800-37 Rev 1 and SDLC
    ● Lesson 4.9: ISO 27005 Risk Management Standard
    ● Lesson 4.10: Risk Assessment Tools and Techniques
    ● Lesson 4.11: Cost-Benefit Analysis and ROI

    Module 5 | Domain 3 - Risk Response and Reporting


    ● Lesson 5.1: Risk Response and Reporting Overview
    ● Lesson 5.2: Risk Action Plan
    ● Lesson 5.3: Risk Acceptance
    ● Lesson 5.4: Risk Mitigation
    ● Lesson 5.5: Risk Avoidance, Sharing, and Transfer
    ● Lesson 5.6: Information Security Program Stakeholders
    ● Lesson 5.7: Control Design
    ● Lesson 5.8: Risk Monitoring and Reporting

    Module 6 | Domain 4 - IT and Security


    ● Lesson 6.1: IT Security and Data Protection Overview
    ● Lesson 6.2: Data Classification
    ● Lesson 6.3: States of Data
    ● Lesson 6.4: Secure Data Disposal
    ● Lesson 6.5: Mitigating External Risks
    ● Lesson 6.6: Mitigating Internal Risks
    ● Lesson 6.7: Identity and Access Management
    ● Lesson 6.8: Identity Management
    ● Lesson 6.9: Auditing
    ● Lesson 6.10: Vulnerability Assessment - Part 1
    ● Lesson 6.11: Vulnerability Assessment - Part 2
    ● Lesson 6.12: Penetration Testing - Part 1
    ● Lesson 6.13: Penetration Testing - Part 2
    ● Lesson 6.14: Monitoring
    ● Lesson 6.15: Configuration and Change Management
    ● Lesson 6.16: Third-Party Governance
    ● Lesson 6.17: Cloud Integration
    ● Lesson 6.18: Business Continuity and Disaster Recovery

    Brought to you by: Develop your team with the fastest growing catalog in the
    cybersecurity industry. Enterprise-grade workforce development
    management, advanced training features and detailed skill gap and
    competency analytics.
    3
    ● Lesson 6.19: Course Conclusion

    Brought to you by: Develop your team with the fastest growing catalog in the
    cybersecurity industry. Enterprise-grade workforce development
    management, advanced training features and detailed skill gap and
    competency analytics.
    4

    You might also like