Paths

Risk Management and Information Systems Control

Author: Kevin Henry

This path provides foundational knowledge of the process of information systems risk management. The process of risk management is used in establishing an information security... Read more

Path Courses

These courses will help prepare you for the ISACA® CRISC™ (Certified in Risk and Information Systems Control™) exam, with coverage of the 2015 CRISC™ Job Practice Areas.

Risk Management and Information Systems Control: Introduction to Risk

by Kevin Henry

Oct 27, 2016 / 1h 11m

1h 11m

Start Course
Description

In this course, Risk Management and Information Systems Control: Introduction to Risk, you'll have the opportunity to gain a high-level understanding of the risk management process. This includes delving into knowledge of threats and attacks and exploring the mysteries and terminologies of risk management. This course helps prepare you for certification under ISACA's CRISC certification. First, you'll learn about the common approaches used to identify and manage risk. Next, you'll learn about the risk management terminology and standards. Finally, you'll wrap up the course learning about corporate governance. By the end of this course, you will have the foundational knowledge needed to perform an effective risk management program.

Table of contents
  1. Course Overview1m
  2. Introduction to Risk Management27m
  3. Risk Management Certification8m
  4. Risk and Governance: An Overview of Risk Governance8m
  5. Risk Context and Risk Factors10m
  6. Areas of Risk14m

Risk Management and Information Systems Control: Risk Identification

by Kevin Henry

Nov 4, 2016 / 1h 50m

1h 50m

Start Course
Description

Risk management is a challenge for most organizations. This course, Risk Management and Information Systems Control: Risk Identification, addresses the key parts of the risk management process starting with risk identification. The course first examines the factors that influence risk, from management attitudes and awareness to laws and standards. Next, you will learn about how to identify asset values, threats, and vulnerabilities in your organization. Last, you will learn about management's responsibilities when it comes to risk identification. By the end of this course, you will understand how to perform risk identification in your organization.

Table of contents
  1. Course Overview2m
  2. Key Topics and the Learning Objectives18m
  3. The Methodology of Risk Identification15m
  4. Gathering Risk Data and Culture22m
  5. Ethics, Laws, and Standards16m
  6. Asset Values, Threats, and Vulnerabilities21m
  7. Management Responsibilities and Awareness13m

Risk Management and Information Systems Control: IT Risk Assessment

by Kevin Henry

Dec 16, 2016 / 1h 31m

1h 31m

Start Course
Description

This course addresses the third part of the risk management effort, the assessment and prioritization of risk. This will ensure that management is provided complete and accurate information required to make the appropriate risk response decision. You will learn the process of risk assessment including threat and vulnerability identification, analysis of impact and likelihood of risk, and the process of communicating risk to management. As a candidate for the CRISC examination, it is essential to have a solid understanding of risk assessment.

Table of contents
  1. Course Overview2m
  2. Key Topics and the Learning Objectives6m
  3. Risk Identification vs. Risk Assessment10m
  4. Impact of Culture on Risk12m
  5. Controls and Controls Gap20m
  6. Determining Risk28m
  7. Risk Areas to Consider10m

Risk Management and Information Systems Control: Risk Response and Mitigation

by Kevin Henry

Dec 16, 2016 / 1h 33m

1h 33m

Start Course
Description

The development of a risk response strategy is based on many factors including cost, culture, other projects, and available resources. You will first examine the factors that influence the risk response decision and how to ensure that the risk faced by the organization is within management defined limits. Next, you will cover the topics of inherent risk, data protection, and data encryption. Last, you will look at risk areas to consider in your organization. By the end of this course, you will be one step closer to being prepared for the ISACA CRISC certification examination.

Table of contents
  1. Course Overview2m
  2. Key Topics and the Learning Objectives10m
  3. Risk Response Goals and Alternatives6m
  4. Selecting a Risk Response18m
  5. Inherent Risk10m
  6. Data Protection7m
  7. Data Encryption10m
  8. Risk Areas to Consider28m

Risk Management and Information Systems Control: Risk and Control Monitoring and Reporting

by Kevin Henry

Dec 20, 2016 / 48m

48m

Start Course
Description

Risk is an ever-changing world as new technologies, threats, and vulnerabilities threaten to affect business goals and mission. The risk practitioner must be ever-alert and diligent to observe and communicate with management on the effectiveness and efficiency of the risk management process. In this course, Risk Management and Information Systems Control: Risk and Control Monitoring and Reporting, you will learn about how to monitor risk, evaluate IT controls, communicate risk monitoring results, and update the risk register. By the end of this course, you'll have an understanding of risk monitoring and the way that risk monitoring supports the overall process and goals of risk management.

Table of contents
  1. Course Overview1m
  2. Key Topics and the Learning Objectives6m
  3. Metrics and Key Risk Indicators14m
  4. Data Collection Sources11m
  5. Vulnerability Assessments and Penetration Tests8m
  6. Third Party Assurance and Reporting5m

What you will learn

  • The process of risk management and the establishment of adequate security controls
  • How to identify IT risk in order to aid in the execution of enterprise IT risk management strategy
  • How to analyze and evaluate IT risk to determine the likelihood and impact on business objectives
  • How to determine and evaluate risk response options
  • How to monitor and report on IT risk and controls

Pre-requisites

CRISC™ candidates are required to have a minimum of three years of cumulative work experience performing tasks across at least two of the four CRISC™ domains. This path does not require any prior knowledge or experience.