Course description

CRISC Training provides the delegates with adequate knowledge and understanding of relevant concepts and practices in information system risk and control management in alignment with Enterprise Risk Management strategy. Upon completion of CRISC training, delegates will be able to:
  • Develop an IT risk management strategy in support of business objectives and in alignment with the Enterprise Risk Management strategy;
  • Analyse and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision-making;
  • Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives;
  • Continuously report on IT risk and controls to relevant stakeholders to ensure the continued effectiveness and efficiency of the IT risk management strategy and its alignment with business objectives.

Course content

CRISC course content consists of four domains as outlined below: Domain 1 – Risk Management
  • Collect and review environmental risk data;
  • Identify potential vulnerabilities to people, processes and assets;
  • Develop IT scenarios based on information and potential impact to the organisation;
  • Identify key stakeholders for risk scenarios;
  • Establish risk register;
  • Gain senior management and stakeholder approval of the risk plan;
  • Collaborate to create a risk awareness program and conduct training.
Domain 2 – IT Risk Assessment
  • Analyse risk scenarios to determine likelihood and impact;
  • Identify current state of risk controls and their effectiveness;
  • Determine gap between the current state of risk controls and desired state;
  • Ensure risk ownership is assigned at the appropriate level;
  • Communicate risk assessment data to senior management and appropriate stakeholders;
  • Update the risk register with risk assessment data.
Domain 3 – Risk Response and Mitigation
  • Align risk responses with business objectives;
  • Develop, consult with and assist risk owners with development of risk action plans;
  • Ensure risk mitigation controls are managed to acceptable levels;
  • Ensure control ownership is appropriately assigned to establish accountability;
  • Develop and document control procedures for effective control;
  • Update the risk register;
  • Validate that risk responses are executed according to risk action plans.
Domain 4 – Risk and Control Monitoring and Reporting
  • Risk and Control Monitoring and Reporting;
  • Define key risk indicators (KRIs) and key performance indicators (KPIs) to enable performance measurement;
  • Determine the effectiveness of control assessments;
  • Identify and report trends and changes to KRIs/KPIs that affect control performance or risk profile.

Course Objectives

  • CRISC certification ensures you are recognized as a professional with the skills and experience to provide value and insight from an overall organizational perspective on both IT risk and control.
  • One of the key CRISC domains focuses on the organizational framework for managing and mitigating risk across business processes and technology.
  • CRISC holders are able to establish a common language to communicate within IT and to stakeholders throughout the enterprise about risk.
  • With CRISC certification, your enterprise can rely on your input to make effective risk-based decisions and prioritize resources to areas that are most at risk.
  • With the CRISC certification you will understand information systems control design and implementation and control monitoring and maintenance.
  • CRISC certification affirms your ability to plan and implement appropriate control measures and frameworks that further mitigate enterprise risk without stifling innovation

Target audience

  • Information Security Risk Analysis
  • Cyber Security Consultant
  • Technology Risk Analysis

Location / Delivery

  • Online

Start date

  • June 28, 2019


  • NA


  • £186.00 £219.00

Related Courses

Certification & Exams