Scribd
Upload
320 views

CRISC Syllabus Outline 1

This document provides a course syllabus for Certified in Risk and Information Systems Control (CRISC) certification exam preparation. The course aims to help IT and business professionals develop skills in risk identification, assessment, response, and monitoring of information systems controls. It is divided into 6 modules covering topics like risk frameworks, identification, assessment, mitigation, and monitoring. The course utilizes videos, lessons, and reviews to prepare students to make competent risk-based decisions and effectively manage organizational risks.

Uploaded by

Syed
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
320 views

CRISC Syllabus Outline 1

This document provides a course syllabus for Certified in Risk and Information Systems Control (CRISC) certification exam preparation. The course aims to help IT and business professionals develop skills in risk identification, assessment, response, and monitoring of information systems controls. It is divided into 6 modules covering topics like risk frameworks, identification, assessment, mitigation, and monitoring. The course utilizes videos, lessons, and reviews to prepare students to make competent risk-based decisions and effectively manage organizational risks.

Uploaded by

Syed
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

 

 
 

Course Syllabus

CRISC

Instructor Name​: Kelly Handerhan ​Instructor Website​:https://cybertrainit.com/

Instructor Contact​: [email protected] ​Course Creation Date​: 5/1/2019

Course Description and Goals

Course Description: ​Certified in Risk and Information Systems Control (CRISC) by ISACA is
for IT and business professionals who develop and maintain information system controls, and
whose job revolves around security operations and compliance. The CRISC is quickly being
implemented into operational and management level positions at organizations of almost any
size. While similar to CISA or CISM, this course focuses on four main areas: Risk Identification,
Assessment, Response and Mitigation, and Control Monitoring and Reporting. Our CRISC
course will prepare you for identifying, evaluating and managing risk through construction,
implementation and maintenance of IS controls.

Who is this course For? ​IT and business professionals

Course Goals: ​By the end of this course, students should be able to:

❏ Effectively prepare and enact strategic and focused plans to mitigate risk
❏ Make competent risk-based decisions
❏ Set common language and perspective risks that can become the baseline for risk
management within their organizations

Course Outline
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 

Module 1​ | Welcome and Introduction


Lesson 1.1: Welcome and Introduction (02:40)
Lesson 1.2: Who is ISACA? (02:46)
Lesson 1.3: Who Should Take CRISC? (04:49)
Lesson 1.4: The Exam (04:24)

Module 2​ | Preliminary
Lesson 2.1: Introduction to Information Security Risks (04:25)
Lesson 2.2: Risk Governance vs. Risk Management (07:25)
Lesson 2.3: Risk Definitions (10:07)
Lesson 2.4: IT Risk Management (07:14)
Lesson 2.5: IT Security Basic (08:40)
Lesson 2.6: Risk Management for IT Projects (06:14)
Lesson 2.7: ISACA’s Framework and Lifecycle (03:25)
Lesson 2.8: Review Questions (03:05)

Module 3​ | Risk Identification


Lesson 3.1: Risk Identification Intro (02:50)
Lesson 3.2: ISO 270005 Framework (08:45)
Lesson 3.3: NIST 800-39 Risk Framing (09:29)
Lesson 3.4: NIST 800-39 Risk Assessment (01:13)
Lesson 3.5: NIST 800-39 Risk Response (07:01)
Lesson 3.6: NIST 800-39 Risk Monitoring (06:23)
Lesson 3.7: NIST 800-30 Intro (04:01)
Lesson 3.8: NIST 800-30 Risk Assessment Methodology (05:51)
Lesson 3.9: NIST 800-37 Revision 1 and Revision 2 (08:14)
Lesson 3.10: Alignment with the Business (15:34)
Lesson 3.11: Risk Culture (09:40)
Lesson 3.12: Roles and Responsibilities (07:02)
Lesson 3.13: The Risk Register (09:49)
Lesson 3.14: Risk Scenarios (08:10)
Lesson 3.15: Hardware and Software Risks (06:58)
Lesson 3.16: Network Risks (08:30)
Lesson 3.17: Emerging Risks (03:53)
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 

Lesson 3.18: 3rd Party Risks (02:21)

Module 4​ | Risk Assessment


Lesson 4.1: Risk Assessment Intro (02:34)
Lesson 4.2: Tools and Techniques Part 1 (08:06)
Lesson 4.3: Tools and Techniques Part 2 (06:44)
Lesson 4.4: Business Impact Analysis (08:00)
Lesson 4.5: Controls Assessment (02:04)
Lesson 4.6: Stride Threat Modeling (03:11)
Lesson 4.7: Gap Analysis (06:43)
Lesson 4.8: Risk Analysis Methodologies (14:14)
Lesson 4.9: Risk Assessment Report (04:03)

Module 5​ | Risk Mitigation


Lesson 5.1: Risk Mitigation Reduction (04:32)
Lesson 5.2: Risk Mitigation Transference and Acceptance (05:20)
Lesson 5.3: Information Security Concepts (05:45)
Lesson 5.4: Security Program Requirements (04:34)
Lesson 5.5: Essential Elements of an Information Security Program (02:16)
Lesson 5.6: Introduction to Information Security Frameworks - ISO 27002 (07:55)
Lesson 5.7: Information Security Frameworks (05:20)
Lesson 5.8: Information Security Architecture (03:05)
Lesson 5.9: Security Operations Events Monitoring (07:31)
Lesson 5.10: Secure Engineering and Threat Modeling (07:39)
Lesson 5.11: Protecting the Network - Segmentation (06:52)
Lesson 5.12: Protecting the Network - Wireless Security (06:03)
Lesson 5.13: Protecting the Network - Services (06:05)
Lesson 5.14: Protecting the Network Through Detection and Network Access Control
(02:49)
Lesson 5.15: Data and Endpoint Security (04:59)
Lesson 5.16: Selecting a Mitigation Strategy (06:49)
Lesson 5.17: Types of Mitigating Controls (07:52)
Lesson 5.18: Identity and Access Management (05:14)
Lesson 5.19: Third Party Governance (07:17)
Lesson 5.20: Policies, Procedures, Standards, and Guidelines (05:06)
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 

Lesson 5.21: Certification and Accreditation (08:51)

Module 6​ | Risk Monitoring and Control


Lesson 6.1: Risk, Control Monitoring, and Reporting (05:41)
Lesson 6.2: Key Risk Indicators (KRIs) (10:53)
Lesson 6.3: Tools for Risk Monitoring (05:21)

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

You might also like