- Overview: This certification is designed for professionals managing enterprise risk and designing information systems controls.
- Target Audiences: IT professionals, risk management professionals, control professionals, and project managers.
- Prerequisites: At least three years of experience in two of the four CRISC domains.
- Course Content:
- IT Risk Identification:
- Organizational context analysis.
- Threat and vulnerability identification.
- Business impact analysis.
- Development of risk scenarios.
- IT Risk Assessment:
- Risk assessment methodologies (qualitative and quantitative).
- Risk analysis and prioritization.
- Documentation and reporting.
- Risk Response and Mitigation:
- Risk treatment options (avoidance, mitigation, transfer, acceptance).
- Control design and implementation.
- Risk response planning.
- Effectiveness monitoring.
- Risk and Control Monitoring and Reporting:
- Continuous monitoring techniques.
- Key risk indicators (KRIs).
- Reporting mechanisms.
- Adjusting controls based on monitoring results.
- IT Risk Identification:
- Exam Details:
- 150 multiple-choice questions
- 4-hour duration
- Passing score: 450 out of 800 points
Price: Approximately $750 USD for the exam; training costs typically range from $1,500 to $2,500 USD.