Systematic

CRISC 國際認可證書課程

Enquire Now

Course Information

Schedules
  • Anytime
Registration period
Year-round Recruitment
Price
-
Study Mode
Duration
18 Hour(s)
Language
Cantonese
Location
-
55 views

Course Overview

ISACA® 成立於1969年,多年來不斷參與各項系統確認性與安全、企業資訊治理及資訊風險的活動,口碑載譽。

ISACA® 會員遍佈逾 160 個國家,總數超過 86,000 人。其頒授的全球認可國際資訊風險控制師 (CRISC, Certified in Risk and Information Systems Control) 資格,更是各位管理人員必考的證書。取得 CRISC 資格標誌著該專業人員具備定義明確及敏捷的風險管理計劃,並能有效識別、分析、評估、優先排序和應對風險。

本中心的 CRISC 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。

What You’ll Learn

DOMAIN 1: Governance

  • Organizational Governance
    • Organizational Strategy, Goals, and Objectives
    • Organizational Structure, Roles, and Responsibilities
    • Organizational Culture
    • Policies and Standards
    • Business Processes
    • Organizational Assets
  • Risk Governance
    • Enterprise Risk Management and Risk Management Framework
    • Three Lines of Defense
    • Risk Profile
    • Risk Appetite and Risk Tolerance
    • Legal, Regulatory, and Contractual Requirements
    • Professional Ethics of Risk Management

DOMAIN 2: IT Risk Assessment

  • IT Risk Identification
    • Risk Events (e.g., contributing conditions, loss result)
    • Threat Modelling and Threat Landscape
    • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
    • Risk Scenario Development
  • IT Risk Analysis and Evaluation
    • Risk Assessment Concepts, Standards, and Frameworks
    • Risk Register
    • Risk Analysis Methodologies
    • Business Impact Analysis
    • Inherent and Residual Risk

DOMAIN 3: Risk Response and Reporting

  • Risk Response
    • Risk Treatment / Risk Response Options
    • Risk and Control Ownership
    • Third-Party Risk Management
    • Issue, Finding, and Exception Management
    • Management of Emerging Risk
  • Control Design and Implementation
    • Control Types, Standards, and Frameworks
    • Control Design, Selection, and Analysis
    • Control Implementation
    • Control Testing and Effectiveness Evaluation
  • Risk Monitoring and Reporting
    • Risk Treatment Plans
    • Data Collection, Aggregation, Analysis, and Validation
    • Risk and Control Monitoring Techniques
    • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
    • Key Performance Indicators
    • Key Risk Indicators (KRIs)
    • Key Control Indicators (KCIs)

DOMAIN 4: Information Technology and Security

  • Information Technology Principles
    • Enterprise Architecture
    • IT Operations Management (e.g., change management, IT assets, problems, incidents)
    • Project Management
    • Disaster Recovery Management (DRM)
    • Data Lifecycle Management
    • System Development Life Cycle (SDLC)
    • Emerging Technologies
  • Information Security Principles
    • Information Security Concepts, Frameworks, and Standards
    • Information Security Awareness Training
    • Business Continuity Management
    • Data Privacy and Data Protection Principles

The course content above may change at any time without notice in order to better reflect the content of the examination.



Start FollowingSee all

We use cookies to enhance your experience on our website. Please read and confirm your agreement to our Privacy Policy and Terms and Conditions before continue to browse our website.

Read and Agreed