Paths

Risk Management and Information Systems Control

Author: Kevin Henry

This path provides foundational knowledge of the process of information systems risk management. The process of risk management is used in establishing an information security... Read more

Path Courses

These courses will help prepare you for the ISACA® CRISC™ (Certified in Risk and Information Systems Control™) exam, with coverage of the 2015 CRISC™ Job Practice Areas.

1

Risk Management and Information Systems Control: Introduction to Risk

by Kevin Henry

Oct 27, 2016 / 1h 11m

Intermediate • 1h 11m

Start Course
Description

In this course, Risk Management and Information Systems Control: Introduction to Risk, you'll have the opportunity to gain a high-level understanding of the risk management process. This includes delving into knowledge of threats and attacks and exploring the mysteries and terminologies of risk management. This course helps prepare you for certification under ISACA's CRISC certification. First, you'll learn about the common approaches used to identify and manage risk. Next, you'll learn about the risk management terminology and standards. Finally, you'll wrap up the course learning about corporate governance. By the end of this course, you will have the foundational knowledge needed to perform an effective risk management program.

Table of contents
  1. Course Overview
    1m 59s
  2. Introduction to Risk Management
    27m 31s
  3. Risk Management Certification
    8m 21s
  4. Risk and Governance: An Overview of Risk Governance
    8m 46s
  5. Risk Context and Risk Factors
    10m 11s
  6. Areas of Risk
    14m 57s
2

Risk Management and Information Systems Control: Risk Identification

by Kevin Henry

Nov 4, 2016 / 1h 50m

Intermediate • 1h 50m

Start Course
Description

Risk management is a challenge for most organizations. This course, Risk Management and Information Systems Control: Risk Identification, addresses the key parts of the risk management process starting with risk identification. The course first examines the factors that influence risk, from management attitudes and awareness to laws and standards. Next, you will learn about how to identify asset values, threats, and vulnerabilities in your organization. Last, you will learn about management's responsibilities when it comes to risk identification. By the end of this course, you will understand how to perform risk identification in your organization.

Table of contents
  1. Course Overview
    2m 12s
  2. Key Topics and the Learning Objectives
    18m 53s
  3. The Methodology of Risk Identification
    15m 8s
  4. Gathering Risk Data and Culture
    22m 32s
  5. Ethics, Laws, and Standards
    16m 22s
  6. Asset Values, Threats, and Vulnerabilities
    21m 54s
  7. Management Responsibilities and Awareness
    13m 29s
3

Risk Management and Information Systems Control: IT Risk Assessment

by Kevin Henry

Dec 16, 2016 / 1h 31m

Intermediate • 1h 31m

Start Course
Description

This course addresses the third part of the risk management effort, the assessment and prioritization of risk. This will ensure that management is provided complete and accurate information required to make the appropriate risk response decision. You will learn the process of risk assessment including threat and vulnerability identification, analysis of impact and likelihood of risk, and the process of communicating risk to management. As a candidate for the CRISC examination, it is essential to have a solid understanding of risk assessment.

Table of contents
  1. Course Overview
    2m 10s
  2. Key Topics and the Learning Objectives
    6m 46s
  3. Risk Identification vs. Risk Assessment
    10m 28s
  4. Impact of Culture on Risk
    12m 43s
  5. Controls and Controls Gap
    20m 13s
  6. Determining Risk
    28m 3s
  7. Risk Areas to Consider
    10m 37s
4

Risk Management and Information Systems Control: Risk Response and Mitigation

by Kevin Henry

Dec 16, 2016 / 1h 33m

Intermediate • 1h 33m

Start Course
Description

The development of a risk response strategy is based on many factors including cost, culture, other projects, and available resources. You will first examine the factors that influence the risk response decision and how to ensure that the risk faced by the organization is within management defined limits. Next, you will cover the topics of inherent risk, data protection, and data encryption. Last, you will look at risk areas to consider in your organization. By the end of this course, you will be one step closer to being prepared for the ISACA CRISC certification examination.

Table of contents
  1. Course Overview
    2m 3s
  2. Key Topics and the Learning Objectives
    10m 14s
  3. Risk Response Goals and Alternatives
    6m 26s
  4. Selecting a Risk Response
    18m 23s
  5. Inherent Risk
    10m 58s
  6. Data Protection
    7m 8s
  7. Data Encryption
    10m 4s
  8. Risk Areas to Consider
    28m 16s
5

Risk Management and Information Systems Control: Risk and Control Monitoring and Reporting

by Kevin Henry

Dec 20, 2016 / 48m

Intermediate • 48m

Start Course
Description

Risk is an ever-changing world as new technologies, threats, and vulnerabilities threaten to affect business goals and mission. The risk practitioner must be ever-alert and diligent to observe and communicate with management on the effectiveness and efficiency of the risk management process. In this course, Risk Management and Information Systems Control: Risk and Control Monitoring and Reporting, you will learn about how to monitor risk, evaluate IT controls, communicate risk monitoring results, and update the risk register. By the end of this course, you'll have an understanding of risk monitoring and the way that risk monitoring supports the overall process and goals of risk management.

Table of contents
  1. Course Overview
    1m 56s
  2. Key Topics and the Learning Objectives
    6m 6s
  3. Metrics and Key Risk Indicators
    14m 39s
  4. Data Collection Sources
    11m 19s
  5. Vulnerability Assessments and Penetration Tests
    8m 38s
  6. Third Party Assurance and Reporting
    5m 54s

What you will learn

  • The process of risk management and the establishment of adequate security controls
  • How to identify IT risk in order to aid in the execution of enterprise IT risk management strategy
  • How to analyze and evaluate IT risk to determine the likelihood and impact on business objectives
  • How to determine and evaluate risk response options
  • How to monitor and report on IT risk and controls

Pre-requisites

CRISC™ candidates are required to have a minimum of three years of cumulative work experience performing tasks across at least two of the four CRISC™ domains. This path does not require any prior knowledge or experience.