Course Information
Schedules
- Anytime
Registration period
Year-round Recruitment
Price
-
Course Level
Study Mode
Duration
18 Hour(s)
Language
Cantonese
Location
-
55 views
Course Overview
ISACA® 成立於1969年,多年來不斷參與各項系統確認性與安全、企業資訊治理及資訊風險的活動,口碑載譽。
ISACA® 會員遍佈逾 160 個國家,總數超過 86,000 人。其頒授的全球認可國際資訊風險控制師 (CRISC, Certified in Risk and Information Systems Control) 資格,更是各位管理人員必考的證書。取得 CRISC 資格標誌著該專業人員具備定義明確及敏捷的風險管理計劃,並能有效識別、分析、評估、優先排序和應對風險。
本中心的 CRISC 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。
What You’ll Learn
DOMAIN 1: Governance
-
Organizational Governance
- Organizational Strategy, Goals, and Objectives
- Organizational Structure, Roles, and Responsibilities
- Organizational Culture
- Policies and Standards
- Business Processes
- Organizational Assets
-
Risk Governance
- Enterprise Risk Management and Risk Management Framework
- Three Lines of Defense
- Risk Profile
- Risk Appetite and Risk Tolerance
- Legal, Regulatory, and Contractual Requirements
- Professional Ethics of Risk Management
DOMAIN 2: IT Risk Assessment
-
IT Risk Identification
- Risk Events (e.g., contributing conditions, loss result)
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
- Risk Scenario Development
-
IT Risk Analysis and Evaluation
- Risk Assessment Concepts, Standards, and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent and Residual Risk
DOMAIN 3: Risk Response and Reporting
-
Risk Response
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Third-Party Risk Management
- Issue, Finding, and Exception Management
- Management of Emerging Risk
-
Control Design and Implementation
- Control Types, Standards, and Frameworks
- Control Design, Selection, and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
-
Risk Monitoring and Reporting
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis, and Validation
- Risk and Control Monitoring Techniques
- Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
- Key Performance Indicators
- Key Risk Indicators (KRIs)
- Key Control Indicators (KCIs)
DOMAIN 4: Information Technology and Security
-
Information Technology Principles
- Enterprise Architecture
- IT Operations Management (e.g., change management, IT assets, problems, incidents)
- Project Management
- Disaster Recovery Management (DRM)
- Data Lifecycle Management
- System Development Life Cycle (SDLC)
- Emerging Technologies
-
Information Security Principles
- Information Security Concepts, Frameworks, and Standards
- Information Security Awareness Training
- Business Continuity Management
- Data Privacy and Data Protection Principles
The course content above may change at any time without notice in order to better reflect the content of the examination.
