• Risk Events (e.g., contributing conditions, loss result)
• Threat Modelling and Threat Landscape
• Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
• Risk Scenario Development
• Risk Assessment Concepts, Standards, and Frameworks
• Risk Register
• Risk Analysis Methodologies
• Business Impact Analysis
• Inherent and Residual Risk

• Risk Treatment / Risk Response Options
• Risk and Control Ownership
• Third-Party Risk Management
• Issue, Finding, and Exception Management
• Management of Emerging Risk
• Control Types, Standards, and Frameworks
• Control Design, Selection, and Analysis
• Control Implementation
• Control Testing and Effectiveness Evaluation
• Risk Treatment Plans
• Data Collection, Aggregation, Analysis, and Validation
• Risk and Control Monitoring Techniques
• Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
• Key Performance Indicators
• Key Risk Indicators (KRIs)
• Key Control Indicators (KCIs)

• Enterprise Architecture
• IT Operations Management (e.g., change management, IT assets, problems, incidents)
• Project Management
• Disaster Recovery Management (DRM)
• Data Lifecycle Management
• System Development Life Cycle (SDLC)
• Emerging Technologies
• Information Security Concepts, Frameworks, and Standards
• Information Security Awareness Training
• Business Continuity Management
• Data Privacy and Data Protection Principles

A: The CRISC training is ideal for professionals involved in IT risk management, control, and governance. This includes IT risk managers, IT auditors, compliance professionals, security professionals, and IT professionals involved in enterprise risk management.

A: The CRISC certification demonstrates your proficiency in identifying, assessing, and responding to IT risks. It enhances your credibility and marketability in the field of IT risk management and opens up career advancement opportunities. It also helps organizations enhance their risk management capabilities.

A: The CRISC training covers the key domains of IT risk management, including risk identification, IT risk assessment, risk response and mitigation, risk and control monitoring and reporting, and governance, risk, and compliance (GRC). It provides comprehensive knowledge and skills required for effective risk management.

A: The CRISC training is typically delivered through instructor-led classroom sessions or virtual classrooms. It includes lectures, discussions, case studies, and interactive exercises to ensure a thorough understanding of IT risk management concepts and practices.

A: Yes, the CRISC certification requires passing the CRISC exam, which assesses your knowledge and understanding of IT risk management concepts and practices. The exam is separate from the training and has its own eligibility criteria and registration process.

A: The CRISC training provides comprehensive preparation for the certification exam. It covers all the domains and concepts tested in the exam. Additionally, you can utilize study guides, practice exams, and other resources provided by ISACA to further enhance your exam readiness.

A: The CRISC certification enhances your professional credibility and demonstrates your commitment to the field of IT risk management. It can lead to career advancement opportunities, increased job prospects, and higher earning potential in roles related to risk management, compliance, and governance.

A: This CRISC training can be customized to address specific organizational needs. We can discuss customization options based on your requirements.