C)ISRM: Certified Information Systems Risk Manager
Target group
- IS Security Officers
- Privacy Officers
- Health IS Managers
- Risk Mangers
- Info Security Managers
- Government Employees
Description
Mile2’s Certified Information Systems Risk Manager, C)ISRM, course is made for IT and IS professionals who are involved with all aspects of risk management. First, you will learn to assess a system, then implement risk controls. Finally, you will be able to monitor and maintain risk procedures. With this training, you will be able to identify risks associated with specific industries. After course completion, you will be able to design, implement, monitor and maintain risk-based, efficient and effective IS controls.
Program
- Duration : 4 days
C)ISRM Part I: The Big Picture
- Part 1 Learning Objectives
- Section Topics
- Overview of Risk Management
- Risk and Opportunity Management
- Responsibility vs. Accountability
- Risk Management , Roles and Responsibilities
- Relevance of Risk Management Frameworks, Standards and Practices
- Frameworks
- Standards
- Practices
- Relevance of Risk Governance
- Overview of Risk Governance
- Objectives of Risk Governance
- Foundation of Risk Governance
- Risk Appetite and Risk Tolerance
- Risk Awareness and Communication
- Key Concepts of Risk Governance
- Risk Culture
C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation
- Domain 1 Learning Objectives
- Task Statements
- Knowledge Statements
- The Process
- Describing the Business Impact of IT Risk
- IT Risk in the Risk Hierarchy
- IT Risk Categories
- High Level Process Phases
- Definition of Risk Scenario
- Risk Scenario Development
- Risk Registry & Risk Profile
- Risk Scenario Components
- Risk Scenario Development Enablers
- Systemic, Contagious or Obscure Risk
- Generic IT Risk Scenarios
- Definitions and Examples of Risk Factors
- Risk Factors— External Environment
- Risk Factors— Risk Management Capability
- Risk Factors— IT Capability
- Risk Factors— IT Related Business Capabilities
- Methods for Analyzing IT Risk
- Likelihood and Impact
- Risk Analysis Output
- Risk Analysis Methods
- Risk Analysis Methods—Quantitative
- Risk Analysis Methods—Qualitative
- Risk Analysis Methods—for HIGH impact risk types
- Risk Analysis Methods Risk Analysis Methods—Business Impact Analysis (BIA)
- Methods for Assessing IT Risk
- Identifying and Assessing IT Risk
- Adverse Impact of Risk Event Business Impacts From IT Risk
- Business Related IT Risk Types
- IT Project-Related Risk
C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation Cont.
- Risk Components—Inherent Risk
- Risk Components—Residual Risk
- Risk Components—Control Risk
- Risk Components—Detection Risk
- Business Risk and Threats Addressed By IT Resources
- Identifying and Assessing IT Risk
- Methods For Describing IT Risk In Business Terms
C)ISRM Part II - Domain 2 - Risk Response
- Domain 2 Learning Objectives
- Task Statements
- Knowledge Statements
- Risk Response Objectives
- The Risk Response Process
- Risk Response Options
- Risk Response Parameters
- Risk Tolerance and Risk Response Options
- Risk Response Prioritization Options
- Risk Mitigation Control Type
- Risk Response Prioritization Factors
- Risk Response Tracking, Integration and Implementation
- Process Phases
- Phase 1—Articulate Risk
- Phase 2—Manage Risk
- Phase 3—React To Risk Events
C)ISRM Part II - Domain 3 - Risk Monitoring
- Learning Objectives
- Task Statements
- Knowledge Statements
- Essentials
- Risk Indicators
- Risk Indicator Selection Criteria
- Key Risk Indicators
C)ISRM Part II - Domain 3 - Risk Monitoring
- Risk Monitoring
- Risk Indicator Types and Parameters
- Risk Indicator Considerations
- Criteria for KRI Selection
- Benefits of Selecting Right KRIs
- Disadvantages of Wrong KRIs
- Changing KRIs
- Gathering KRI Data
- Steps to Data Gathering
- Gathering Requirements
- Data Access Data Preparation
- Data Validating Considerations
- Data Analysis
- Reporting and Corrective Actions
- Optimizing KRIs
- Use of Maturity Level Assessment
- Assessing Risk Maturity Levels
- Risk Management Capability Maturity Levels
- Changing Threat Levels
- Monitoring Changes in Threat Levels
- Measuring Changes in Threat Levels
- Responding to Changes in Threat Levels
- Threat Level Review
- Changes in Asset Value
- Maintain Asset Inventory
- Risk Reporting
- Reporting Content
- Effective Reports
- Report Recommendations
- Possible Risk Report Recipients
C)ISRM Part II Domain 4 - IS Control Design and Implementation
- Domain 4 Learning Objectives
- Task Statements
- Knowledge Statements
- C)ISRM Involvement
- Control Definition
- Control Categories
- Control Types and Effects
- Control Methods
- Control Design Considerations
- Control Strength
- Control Strength
- Control Costs and Benefits
- Potential Loss Measures
- Total Cost of Ownership For Controls
- Role of the C)ISRM in SDLC
- The SDLC Process
- The Systems Development Life Cycle (SDLC)
- ‘Meets and Continues to Meet’
- SDLC
- SDLC Phases
- Addressing Risk Within the SDLC
- Business Risk versus Project Risk
- Understanding Project Risk
- Addressing Business Risk
- Understanding Business and Risk Requirements
- Understand Business Risk
- High Level SDLC Phases
- Project Initiation
- Phase 1 – Project Initiation
- Phase 1 Tasks
- Task 1—Feasibility Study
- Feasibility Study Components
- Determining Feasibility
- Outcomes of the Feasibility Study
- Task 2—Define Requirement
- Requirement Progression
- Business Information Requirements (COBIT)
- Requirements Success Factors
C)ISRM Part II Domain 4 - IS Control Design and Implementation
- Task 3—Acquire Software “Options”
- Software Selection Criteria
- Software Acquisition
- Software Acquisition Process
- Leading Principles for Design and Implementation
- C)ISRM Responsibilities
- Key System Design Activities:
- Steps to Perform Phase 2
- Phase 2 – Project Design and Development
- System Testing
- Test Plans
- Project Testing
- Types of Tests
- UAT Requirements
- Certification and Accreditation
- Project Status Reports
- Phase 3 – Project Testing
- Testing Techniques
- Verification and Validation
- Phase 4 – Project Implementation
- Project Implementation
- Implementation Phases
- Phase 4 – Project Implementation
- End User Training Plans & Techniques
- Training Strategy
- Data Migration/Conversion Considerations
- Risks During Data Migration
- Data Conversion Steps
- Implementation Rollback
- Data Conversion Project Key Considerations
- Changeover Techniques
- Post-Implementation Review
- Performing Post-Implementation Review
- Measurements of Critical Success Factors
- Closing a Project
- Project Management and Controlling
- Project Management Tools and Techniques
- Project Management Elements
- Project Management Practices
- PERT chart and critical path
- PERT Attribute
Goal
Upon completion, Certified Information Systems Risk Manager students will be prepared to pass the C)ISRM exam.
Prerequisites
- Mile2’s C)SP
- 12 months of IT experience
- Langue : Anglais
- Niveau : Level 400
- Organisme de certification : Mile2
- Certification : Oui
- Accesibilité : Oui
- Durée : 4 Jours
