Skip to content

The vendor neutral Certified Information Systems Risk Manager certification is designed for IT and IS professionals who are involved with risk identification, assessment& evaluation, risk response, risk monitoring, IS control design & implementation as well as IS control monitoring & maintenance.

Select a date below

Categories:

Dates are listed in Pacific Time Zone

= Guaranteed to run date

Description

Print Friendly, PDF & Email

Overview:

The vendor neutral Certified Information Systems Risk Manager certification is designed for IT and IS professionals who are involved with risk identification, assessment& evaluation, risk response, risk monitoring, IS control design & implementation as well as IS control monitoring & maintenance. The Certified Information Systems Risk Manager training will enable professionals to elevate their understanding in identifying and evaluating entity-specific risk but also aid them in assessing risks associated to enterprise business objectives by equipping the practitioner to design, implement, monitor and maintain risk-based, efficient and effective IS controls. The Certified Information Systems Risk Manager covers 5 critical subjects; Risk Identification Assessment and Evaluation, Risk Response, Risk Monitoring, IS Control Design and Implementation and IS Control Monitoring & Maintenance.

Prerequisite(s):

A minimum of 1 year of Information Systems

Audience:

  • Information System Security Officers
  • Risk Managers
  • Information Systems Owners
  • Info Security Control Assessors
  • System Managers
  • State & Local Government Risk Managers

Outline:

The Big Picture

  • About the C)ISRM Exam
  • Exam Relevance
  • About the C)ISRM Exam
  • Section Overview
  • Part 1 Learning Objectives
  • Section Topics
  • Overview of Risk Management
  • Risk
  • Risk and Opportunity Management
  • Responsibility vs. Accountability
  • Risk Management
  • Roles and Responsibilities
  • Relevance of Risk Management Frameworks, Standards and Practices
  • Frameworks
  • Standards
  • Practices
  • Relevance of Risk Governance
  • Overview of Risk Governance
  • Objectives of Risk Governance
  • Foundation of Risk Governance
  • Risk Appetite and Risk Tolerance
  • Risk Awareness and Communication
  • Key Concepts of
  • Risk Governance
  • Risk Culture
  • Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Practice Question 5
  • Acronym Review
  • Definition Review

Domain 1 Risk Identification Assessment and Evaluation

  • Section Overview
  • Exam Relevance
  • Domain 1 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • The Process
  • Describing the Business Impact of IT Risk
  • IT Risk in the Risk Hierarchy
  • IT Risk Categories
  • High Level Process Phases
  • Risk Scenarios
  • Definition of Risk Scenario
  • Purpose of Risk Scenarios
  • Event Types
  • Risk Scenario Development
  • Risk Registry & Risk Profile
  • Risk Scenario Development
  • Risk Scenario Components
  • Risk Scenario Development
  • Risk Scenario Development Enablers
  • Systemic, Contagious or Obscure Risk
  • Generic IT Risk Scenarios
  • Definition of Risk Factor
  • Examples of Risk Factors
  • Risk Factors— External Environment
  • Risk Factors— Risk Management Capability
  • Risk Factors— IT Capability
  • Risk Factors— IT Related Business Capabilities
  • Methods for Analyzing IT Risk
  • Likelihood and Impact
  • Risk Analysis Output
  • Risk Analysis Methods
  • Risk Analysis Methods—Quantitative
  • Risk Analysis Methods—Qualitative
  • Risk Analysis Methods—for HIGH impact risk types
  • Risk Analysis Methods
  • Risk Analysis Methods—Business Impact Analysis (BIA)
  • Methods for Assessing IT Risk
  • Identifying and Assessing IT Risk
  • Definitions
  • Adverse Impact of Risk Event
  • Business Impacts From IT Risk
  • Business Related IT Risk Types
  • IT Project-Related Risk
  • Risk Components—Inherent Risk
  • Risk Components—Residual Risk
  • Risk Components—Control Risk
  • Risk Components—Detection Risk
  • Business Risk and Threats
  • Addressed By IT Resources
  • Identifying and Assessing IT Risk
  • Methods For Describing
  • IT Risk In Business Terms
  • Case Study
  • Acronym Review
  • Definition Review
  • Domain 1 – Exercises

Part II Domain 2 – Risk Response

  • Section Overview
  • Exam Relevance
  • Domain 2 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Risk Response Objectives
  • The Risk Response Process
  • Risk Response Options
  • Risk Response Parameters
  • Risk Tolerance and Risk Response Options
  • Risk Response Prioritization Options
  • Risk Mitigation Control Types
  • Risk Response Prioritization Factors
  • Risk Response Tracking, Integration and Implementation
  • Process Phases
  • Phase 1—Articulate Risk
  • Phase 2—Manage Risk
  • Phase 3—React To Risk Events
  • Sample Case Study
  • Domain 2 – Exercise 1

Part II – Domain 3 – Risk Monitoring

  • Course Agenda
  • Exam Relevance
  • Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Essentials
  • Risk Indicators
  • Risk Indicator Selection Criteria
  • Key Risk Indicators
  • Risk Monitoring
  • Risk Indicator Types and Parameters
  • Risk Indicator Considerations
  • Criteria for KRI Selection
  • Benefits of Selecting Right KRIs
  • Disadvantages of Wrong KRIs
  • Changing KRIs
  • Gathering KRI Data
  • Steps to Data Gathering
  • Gathering Requirements
  • Data Access
  • Data Preparation
  • Data Validating Considerations
  • Data Analysis
  • Reporting and Corrective Actions
  • Optimizing KRIs
  • Use of Maturity Level Assessment
  • Assessing Risk Maturity Levels
  • Risk Management Capability Maturity Levels
  • Changing Threat Levels
  • Monitoring Changes in Threat Levels
  • Measuring Changes in Threat Levels
  • Responding to Changes in Threat Levels
  • Threat Level Review
  • Changes in Asset Value
  • Maintain Asset Inventory
  • Risk Reporting
  • Reporting Content
  • Effective Reports
  • Report Recommendations
  • Possible Risk Report Recipients
  • Periodic Reporting
  • Reporting Topics
  • Risk Reporting Techniques
  • Sample Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Acronym Review
  • Definition Review
  • Domain 3 – Exercises

Part II Domain 4 – IS Control Design and Implementation/h3>

  • Section Overview
  • Exam Relevance
  • Domain 4 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • C)ISRM Involvement
  • Control Definition
  • Control Categories
  • Control Types and Effects
  • Control Methods
  • Control Design Considerations
  • Control Strength
  • Control Strength
  • Control Costs and Benefits
  • Potential Loss Measures
  • Total Cost of Ownership For Controls
  • Role of the C)ISRM in SDLC
  • The SDLC Process
  • Outcomes of the Feasibility Study
  • Task 1—Define Requirement
  • Requirement Progression
  • Business Information Requirements (COBIT)
  • Requirements Success Factors
  • Task 3—Acquire Software “Options”
  • Software Selection Criteria
  • Software Acquisition
  • Software Acquisition Process
  • Leading Principles for Design and Implementation
  • C)ISRM Responsibilities
  • Key System Design Activities:
  • Steps to Perform Phase 2
  • Phase 2 – Project Design and Development
  • System Testing
  • Test Plans
  • Project Testing
  • Types of Tests
  • UAT Requirements
  • Certification and Accreditation
  • Project Status Reports
  • Phase 3 – Project Testing
  • Testing Techniques
  • Verification and Validation
  • Phase 4 – Project Implementation
  • Project Implementation
  • The Systems
  • Development Life Cycle (SDLC)
  • ‘Meets and Continues to Meet’
  • SDLC
  • SDLC Phases
  • Addressing Risk Within the SDLC
  • Business Risk versus Project Risk
  • Understanding Project Risk
  • Addressing Business Risk
  • Understanding Business and Risk Requirements
  • Understand Business Risk
  • High Level SDLC Phases
  • Project Initiation
  • Phase 1 – Project Initiation
  • Phase 1 Tasks
  • Task 1—Feasibility Study
  • Feasibility Study Components
  • Determining Feasibility
  • Implementation Phases
  • Phase 4 – Project Implementation
  • End User Training Plans & Techniques
  • Training Strategy
  • Data Migration/Conversion Considerations
  • Risks During Data Migration
  • Data Conversion Steps
  • Implementation Rollback
  • Data Conversion Project Key Considerations
  • Changeover Techniques
  • Post-Implementation Review
  • Performing Post-Implementation Review
  • Measurements of Critical Success Factors
  • Closing a Project
  • Project Management and Controlling
  • Project Management Tools and Techniques
  • Project Management Elements
  • Project Management Practices
  • PERT chart and critical path
  • PERT Attribute
  • Sample Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Practice Question 5

Additional information

Length

3 days

Guaranteed to run

No