The course is prepared and delivered by referencing the ISACA CRISC (Certified in Risk and Information Systems Control) Review Manual 6th edition. The intention is that the learner has the overview and foundation to prepare for the ISACA CRISC Exam in addition to gaining the knowledge on IT Risk. (Below extracted from the ISACA CRISC Manual table of contents)
Domain 1 IT Risk Identification
- Risk Capacity, Risk Appetite and Risk tolerance
- Risk Culture, Communication,
- Information Security Risk Concepts and Principals
- IT Risk Strategy of the Business
- IT Concepts and areas of concern for the Risk Practitioner
- Methods of risk identification
- IT Risk Scenarios
- Awareness, ownership and accountability
- IT Register
Domain 2 IT Risk Assessment
- Risk Analysis Methodologies
- Risk Assessment techniques
- Analysis Risk Scenarios
- Risk environment and current state of controls
- Risk and control analysis
- Risk evaluation and prioritisation
- Project and Program management
Domain 3 Risk Response and Mitigation
- Align risk response action plan with Business Objectives
- Business Review tools and techniques
- Control design, implementation, monitoring, effectiveness and vulnerability check
- Control activities, objectives, practices and Metrics
- Impact of emerging technologies on Control design and implementation
Domain 4 Risk and Control Monitoring and Reporting
- Key Risk and Performance Indicators
- Data collection and extraction tools and techniques
- Control Assessment types, results, and Monitoring and Control
- Change to the Risk profile
