• Share
  • Email
  • Embed
  • Like
  • Private Content
CRISC course offered by Mark E.S.Bernard
 

CRISC course offered by Mark E.S.Bernard

on

  • 675 views

CRISC training is a competency-based 4-day, (32 contact hours), course that provides participants with the knowledge necessary to identify, assess and implement a Risk Management Program designed to ...

CRISC training is a competency-based 4-day, (32 contact hours), course that provides participants with the knowledge necessary to identify, assess and implement a Risk Management Program designed to mitigate risks associated with information, business systems and technology.
Experienced instructors will guide participants through the implementation of a Risk Management Program encompassing the design and ongoing daily maintenance of the program. The course will include the assessment of threats and vulnerabilities leading to risk exposure and potential impact to the confidentiality, integrity and availability of information. During the course we will walk through risk scenarios and identify the appropriate response. We will also walk though the process of designing and integrating controls within policies, procedures and standards. In addition we will establish a monitoring process identifying the appropriate governance committee.
In addition, will be reviewed best practices for Risk Management within multiple sources seeking the best possible control design strategy for each individual organization. These standard frameworks include COBiT 5, ISO 31000, COSO ERM and ISO/IEC 27001:2013.

Statistics

Views

Total Views
675
Views on SlideShare
668
Embed Views
7

Actions

Likes
1
Downloads
28
Comments
0

1 Embed 7

https://twitter.com 7

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CRISC course offered by Mark E.S.Bernard CRISC course offered by Mark E.S.Bernard Document Transcript

    • CONTACT: MARK .E.S. BERNARD ON LINKEDIN OR SKYPE Page 1 of 5 CODE: CRISC OFFERED: SPRING 2013 TITLE: CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL SUBJECT DESCRIPTION: CRISC training is a competency-based 4-day, (32 contact hours), course that provides participants with the knowledge necessary to identify, assess and implement a Risk Management Program designed to mitigate risks associated with information, business systems and technology. Experienced instructors will guide participants through the implementation of a Risk Management Program encompassing the design and ongoing daily maintenance of the program. The course will include the assessment of threats and vulnerabilities leading to risk exposure and potential impact to the confidentiality, integrity and availability of information. During the course we will walk through risk scenarios and identify the appropriate response. We will also walk though the process of designing and integrating controls within policies, procedures and standards. In addition we will establish a monitoring process identifying the appropriate governance committee. In addition, will be reviewed best practices for Risk Management within multiple sources seeking the best possible control design strategy for each individual organization. These standard frameworks include COBiT 5, ISO 31000, COSO ERM and ISO/IEC 27001:2013. CREDIT STATUS: n/a PREREQUISITES: Review CRISC job practice areas SPECIFIC OUTCOMES: Upon successful completion:  Participants will be able to Identify, Assess and Evaluate IT Risk.  Participants will be able to Respond to IT related Risks.  Participants will be able to Monitor IT related Risks.  Participants will be able to Design appropriate Information Systems Controls.  Participants will be able to Implement IT related Systems Controls.  Participants will be able to Monitor IS Controls and Control Frameworks.  Participants will be able to Maintain IS Controls and Control Frameworks.
    • CONTACT: MARK .E.S. BERNARD ON LINKEDIN OR SKYPE Page 2 of 5 TOPIC OUTLINE: Risk Identification, Assessment and Evaluation 31%  Collect information and review documentation to ensure that risk scenarios are identified and evaluated.  Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.  Identify potential threats and vulnerabilities for business processes, associated information and supporting capabilities to assist in the evaluation of enterprise risk.  Create and maintain a risk register to ensure that all identified risk factors are accounted for.  Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.  Analyze risk scenarios to determine their impact on business objectives.  Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk- aware culture.  Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.  Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment. Risk Response 17%  Identify and evaluate risk response options and provide management with information to enable risk response decisions.  Review risk responses with the relevant stakeholders for validation of efficiency effectiveness and economy.  Apply risk criteria to assist in the development of the risk profile for management approval.  Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.  Assist in the development of business cases supporting the investment plan to ensure risk responses are aligned with the identified business objectives.
    • CONTACT: MARK .E.S. BERNARD ON LINKEDIN OR SKYPE Page 3 of 5 Risk Monitoring 17%  Collect and validate information that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.  Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.  Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.  Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements. Information Systems Control Design and Implementation 17%  Interview process owners and review process design documentation to gain an understanding of the business process objectives.  Analyze and document business process objectives and design to identify required information systems controls.  Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.  Facilitate the identification of resources (e.g., people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.  Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.  Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.  Test information systems controls to verify effectiveness and efficiency prior to implementation.  Implement information systems controls to mitigate risk.  Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.  Assess and recommend tools to automate information systems control processes.  Provide documentation and training to ensure information systems controls are effectively performed.  Ensure all controls are assigned control owners to establish accountability.  Establish control criteria to enable control life cycle management. IS Control Monitoring and Maintenance 17%  Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.
    • CONTACT: MARK .E.S. BERNARD ON LINKEDIN OR SKYPE Page 4 of 5  Collect information and review documentation to identify information systems control deficiencies.  Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.  Assess and recommend tools and techniques to automate information systems control verification processes.  Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.  Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.  Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls.  Provide information systems control status reporting to relevant stakeholders to enable informed decision making. MODES OF INSTRUCTION: Lectures, Case Studies, Role Playing, Final Exam PRESCRIBED TEXT(S):  COBiT 4, COBiT 5 REFERENCE MATERIAL:  Required: None.  Recommended: COBiT 4, COBiT 5, COSO ERM, ISO 31000, ISO 27001 PROMOTION POLICY: To obtain a certificate in this subject, a participant must  Complete ALL assignments  Obtain 55% or better in the final exam  Have a weighted average of tests and assignments that is at or above 55%  Obtain a 55% overall average in the course MODES OF EVALUATION: Two tests 40% Two assignments 20% Final examination 40%
    • CONTACT: MARK .E.S. BERNARD ON LINKEDIN OR SKYPE Page 5 of 5 CHEATING AND/OR PLAGIARISM: Each student should be aware that cheating or plagiarism will result in failure of successfully completing this course. APPROVED BY: Mark E.S. Bernard SIGNATURE: NOTE: Any inquires concerning the training session can be directed to the instructor following attendance at our course. CONTACT:  Skype; Mark_E_S_Bernard  Twitter; @MESB_TechSecure  LinkedIn; http://ca.linkedin.com/in/markesbernard