Certified Risk and Information Systems Control (CRISC) Training

• Identify the universe of IT risk to contribute to the execution of the IT risk management strategy
• Analyze and evaluate IT risk to determine the likelihood and impact on business objectives
• Determine risk response options and evaluate their efficiency and effectiveness to manage risk
• Continuously monitor and report on IT risk and controls

• Recorded Videos After Training
• Digital Learning Material
• Course Completion Certificate
• 24x7 After Training Support

• Professionals preparing to become CRISC certified.
• Risk practitioners
• Students or recent graduates
• CEOs/CFOs
• Chief Audit Executives
• Audit Partners/Heads
• CIOs/CISOs
• Chief Compliance/Privacy/Risk Officers
• Security Managers/Directors/Consultants
• IT Directors/Managers/Consultants
• Audit Directors/Managers/Consultant

• Minimum 3 years of work experience in IT risk management and IS control
• Candidates should know how to identify IT risks
• Should be able to perform IT risk assessment, risk response and mitigation
• Know how to do risk and control monitoring and reporting

• Multisoft Systems will provide you with a training completion certificate after completion of Certified Risk and Information Systems Control (CRISC) Online Training Course.

Module1. Governance

• Organizational Governance 
• Organizational Strategy, Goals, and Objectives
• Organizational Structure, Roles, and Responsibilities
• Organizational Culture
• Policies and Standards
• Business Processes
• Organizational Assets
• Risk Governance     
• Enterprise Risk Management and Risk Management Framework
• Three Lines of Defense
• Risk Profile
• Risk Appetite and Risk Tolerance
• Legal, Regulatory, and Contractual Requirements
• Professional Ethics of Risk Management

Module 2. IT Risk Assessment

• IT Risk Identification 
• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development
• IT Risk Analysis and Evaluation 
• Risk Assessment Concepts, Standards, and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk

Module 3. Risk Response and Reporting

• Risk Response 
• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding, and Exception Management
• Management of Emerging Risk
• Control Design and Implementation 
• Control Types, Standards, and Frameworks
• Control Design, Selection, and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
• Risk Monitoring and Reporting 
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis, and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)

Module 4. Information Technology and Security

• Information Technology Principles 
• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies
• Information Security Principles 
• Information Security Concepts, Frameworks, and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles