Welcome to Comnet Group Inc.

Courses

Certified in Risk and Information Systems Control (CRISC®)

Course number: CGICRISC40 - 3 Days (weekdays or on-demand)

This course builds practical expertise in risk and information systems control—essential skills for today’s digital enterprises. Developed around the latest ISACA certification framework, the course equips students to assess IT and enterprise risk, develop effective risk response plans, and monitor control performance. Students will acquire the insight and preparation necessary to pursue the CRISC certification exam, enhance governance capabilities, and meet the challenges of modern compliance and risk management roles.

Course Objectives

This course prepares students to:

  • Identify and assess IT and enterprise risk in support of strategic business goals
  • Recommend and implement appropriate information security and IS controls
  • Build risk response and mitigation plans aligned to business priorities
  • Establish governance processes for continuous monitoring and reporting
  • Prepare for the CRISC certification exam through real-world examples, CRISC exam prep, and sample CRISC questions
Prerequisites
  • As part of the CRISC prerequisites, candidates must have a minimum of three years of professional work experience in information systems auditing, control, or security
Target Audience

IT risk management professionals with at least 3 years of relevant professional work experience in IT risk and information systems control including:

  • Security Directors/Managers/Consultants
  • Compliance/Risk/Privacy Directors and Managers
  • IT Audit Directors/Managers/Consultants
  • Compliance/Risk/Control Staff
Certification

Certified in Risk and Information Systems Control (CRISC)

Exam

ISACA Certified in Risk and Information Systems Control
(CRISC) Exam

Accreditation

Post class completion, students can appear for the ISACA Certified in Risk and Information Systems Control (CRISC) exam.

Course Outline
Domain 1: Governance
  • Risk Assessment Concepts, Standards and Frameworks
  • Organizational Strategy, Goals and Objectives
  • Organizational Structure, Roles and Responsibilities
  • Organizational Culture and Assets
  • Policies, Standards and Business Processes
  • Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
  • Risk Profile, Risk Appetite and Risk Tolerance
  • Navigating Professional Ethics of Risk Management and Requirements in Laws, Regulations and Controls
Domain 2: IT Risk Assessment
  • Risk Events, Threat Modeling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current Risk
Domain 3: Risk Response and Reporting
  • Risk Treatment/Risk Response Options
  • Risk and Control Ownership
  • Managing Risk from Processes, Third Parties and Emerging Sources
  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation, Testing and Effectiveness
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring and Reporting Techniques
  • Performance, Risk and Control Metrics
Domain 4: Information Technology and Security
  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Disaster Recovery Management
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Technologies
  • Information Security Concepts, Frameworks, Standards and Awareness Training
  • Business Continuity Management
  • Data Privacy and Protection Principles

Available Formats

Live Online
Register
To use reCAPTCHA you must get an API key from https://www.google.com/recaptcha/admin