Intro to Risk Management
System Development Life Cycles
Understanding the enterprise
Legal, regulatory and contractual requirements
Working with stakeholders
Asset management
Information threats
Vulnerability analysis
Understanding impacts
Validating risk appetite and tolerance
Develop and implement risk responses
Evaluating risk response options
Validation of efficiency, effectiveness and economy
Developing of the risk profile
Developing of business cases
Collect and validate data that measure key risk indicators (KRIs)
Facilitating independent risk assessments and process reviews
Identifying and reporting
Understanding of the business process objectives
Design information systems controls
Facilitate the identification of resource
Ensuring implementation within time, budget and scope
Provide progress reports
Implementing information systems controls
Identification of metrics and key performance indicators (KPIs)
Assess and recommend tools
Plan, supervise and conduct testing
Review information systems policies, standards and procedures
Using CMMI to evaluate the current state of information systems processes
Correcting information systems control deficiencies and maturity gaps
Provide information systems control status
Understanding multiple-choice exams strategies
Time management for exam
Practice test and reviewing answers

IT professionals interested in earning CRISC® (Certified in Risk and Information Systems Controls) certification. CRISC® is for IT professionals, risk professionals, business analysts, project manager and/or compliance professionals, who work towards evaluation and mitigation of risk, and who have job experience in the following areas: Risk identification, assessment and evaluation, Risk response and monitoring and IS control design/monitoring and implementation/maintenance.
To register for the exam, individuals must provide evidence of appropriate work experience in risk management and information system control as defined by the CRISC® job practice.