ISACA CERTIFIED in Risk and Information System Control
The target audience for training
- IT risk management professionals with at least 3 years' relevant professional experience in IT risk and information systems control, including:
- IT Managers
- IT Risk Analysts
- IT Consultants
- IT risk/security advisory managers
- IT Compliance Officers
- IT risk assessment specialists
What you will learn
This course is a preparation for the CRISC certification exam using proven instructional design techniques and interactive activities. The course covers the four CRISC domains and each section corresponds directly to CRISC professional practice.
The course includes videos, interactive e-learning modules, downloadable work tools, case study activities and a practical exam. Learners will be able to work through the course at their own pace, following a recommended structure, or target their preferred areas of professional practice. Learners can also start and stop the course according to their study schedule, picking up exactly where they left off the next time they access the course.
Training programme
- Duration: 3 days
Area 1 - Governance
- Risk assessment concepts, standards and frameworks
- Strategy, objectives and organisational goals
- Organisational structure, roles and responsibilities
- Organisational culture and assets
- Policies, standards and business processes
- Enterprise risk management, risk management frameworks and the three lines of defence
- Risk profile, risk appetite and risk tolerance
- Navigation of the professional ethics of risk management and requirements in terms of laws, regulations and controls
Area 2: Risk assessment
- Risk events, threat modelling and the threat landscape
- Analysis of vulnerabilities and control deficiencies
- Development of risk scenarios
- Risk register
- Risk analysis methodologies
- Business impact analysis
- Inherent, residual and current risk
Area 3: Risk Response and Reporting
- Risk treatment options
- Risk and control ownership
- Managing risks related to processes, third parties and emerging sources
- Types, standards and control frameworks
- Design, selection and analysis of controls
- Implementation, testing and effectiveness of controls
- Risk management plans
- Data collection, aggregation, analysis and validation
- Techniques for monitoring and reporting on risks and controls
- Performance, risk and control indicators
Area 4: Information Technology and Security
- Enterprise Architecture
- IT operations management
- Project management
- Disaster recovery management
- Data lifecycle management
- Systems development life cycle
- Emerging technologies
- Information security concepts, frameworks, standards and awareness training
- Business continuity management
- Confidentiality and data protection principles
Training objectives
The CRISC designation will not only certify professionals with knowledge and experience in identifying and assessing entity-specific risks, but will also help them to assist companies in achieving their business objectives by designing, implementing, monitoring and maintaining effective and efficient risk-based information security controls.
Training prerequisites
To obtain CRISC certification, a minimum of three years of cumulative professional experience is required, during which you have performed the duties of a CRISC professional in at least two of the four CRISC domains. Of these two required areas, one must be either Area 1 or Area 2.
Contents of the official kit
Full Kit : Review Manual, QAE, Exam
- Language : French
- Level : Advanced
- Certification body : ISACA
- Certification: Yes
- Accessibility : Yes
- Duration: 3 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).
English 
French