Home Our Courses Short Courses

Programme Overview

Certified Information Systems Auditor
Course Synopsis

In this course, you'll cover all four domains of the Certified in Risk and Information Systems Control (CRISC) exam and gain the knowledge and concepts required to obtain CRISC certification. Since its inception in 2010, the CRISC certification is for IT and business professionals who identify and manage risks through the development, implementation, and maintenance of appropriate information systems (IS) controls.

Certification By

Who Should Attend?

IT people with more than five years experience and manages information security infrastructure.

  • IT professionals
  • Risk professionals
  • Compliance professionals
  • Project managers
  • Control professionals
  • Business analysts
  • Information Security Governance
    • Asset Identification
    • Risk Assessment
    • Vulnerability Assessments
    • Asset Management
  • Risk Identification
    • Good Practices for Risk Management
    • Components of Risk Management
    • Methods for Risk Identification
    • Risk Culture and Communication
    • The Businesses IT Risk Structure
    • Risk Principles and Concepts
    • Vulnerabilities and Threats
    • Assets
    • Threats
    • Vulnerabilities
    • Vulnerability Assessment
    • Pen Testing
    • Probability/Likelihood
    • IT Risk
    • IT Risk Scenarios
    • Ownership and Accountability
    • Other Risk Concepts
    • Risk Awareness
  • IT Risk Asssessment
    • Risk Assessment vs. Risk Identification
    • Techniques for Risk Assessment
    • Risk Scenarios
    • Analyzing the Current State of Controls
    • Risk and Control Analysis
    • Risk Analysis Techniques
    • Incident Response
    • Business Risk
    • Risk Associated with Enterprise ArcManagement of Data
    • Emerging Technologies and Threats
    • Industry Trends
    • Third Party Management
    • Project and Program Management
    • SDLC
    • Recovery and Business Continuity
    • Risk Assessment Reports
    • Ownership of Risk and Accountability
    • Communication of Report Results
  • Risk Response and Mitigation
    • Risk Response and Business Objectives Alignment
    • Response Options
    • Techniques for Analysis
    • New Controls and Related Vulnerabilities
    • A Risk Action Plan
    • Techniques for BPR
    • Design and Implementation of Controls
    • Control Monitoring
    • Inherent and Residual Risk
    • Control Objectives Practices and Metrics
    • Cryptography as a Control
    • Control Design and Implementation
    • Emerging Technologies and Controls
    • Ownership of Controls
    • Management Procedures and Documentation
    • Response and Action Plan
  • Physical Security
    • Key Risk Indicators
    • Risk Management Life Cycle
    • Key Performance and Goal Indicators
    • Data Collection and Extracting Techniques
    • Changes in Risk Profile
    • Monitoring Controls
    • Control Assessment Types
    • Control Assessment Results
    • Risk Profile Changes

Register Now

Training Style

This program is delivered using "blended learning". This involves classroom lecturing, highly intensive case study/role playing reviews, classroom interaction, lab activities and live demos.

Course Objectives
Course Objectives
  • Risk Identification
  • IT Risk Assessment
  • Risk Response and Mitigation
  • Risk and Control Monitoring and Reporting
Duration & Venue

21-24 April 2020

International University of Malaya-Wales