Certified Information Systems Risk Manager

Request a Quote for this class

About this Course

This is a 5 day instructor-led Certified Information Systems Risk Manager course.

Prerequisites

  • A minimum of 12 months experience in networking technologies
  • Sound knowledge of TCP/IP
  • Knowledge of Microsoft packages
  • Network+, Microsoft, Security+
  • Basic Knowledge of Linux is essential

Course Outline

C)ISRM Part 1: The Big Picture

  • About the C)ISRM Exam
  • Exam Relevance
  • About the C)ISRM Exam
  • Section Overview

Part 1 Learning Objectives

  • Section Topics
  • Overview of Risk Management
  • Risk
  • Risk and Opportunity Management
  • Responsibility vs. Accountability
  • Risk Management
  • Roles and Responsibilities
  • Relevance of Risk Management Frameworks, Standards and Practices
  • Frameworks
  • Standards
  • Practices
  • Relevance of Risk Governance
  • Overview of Risk Governance
  • Objectives of Risk Governance
  • Foundation of Risk Governance
  • Risk Appetite and Risk Tolerance
  • Risk Awareness and Communication
  • Key Concepts of
  • Risk Governance
  • Risk Culture
  • Case Study

Practice Question 1

Practice Question 2

Practice Question 3

C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation

  • Section Overview
  • Exam Relevance
  • Domain 1 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • The Process
  • Describing the Business Impact of IT Risk
  • IT Risk in the Risk Hierarchy
  • IT Risk Categories
  • High Level Process Phases
  • Risk Scenarios
  • Definition of Risk Scenario
  • Purpose of Risk Scenarios
  • Event Types
  • Risk Scenario Development
  • Risk Registry & Risk Profile
  • Risk Scenario Development
  • Risk Scenario Components
  • Risk Scenario Development
  • Risk Scenario Development Enablers
  • Systemic, Contagious or Obscure Risk
  • Generic IT Risk Scenarios
  • Definition of Risk Factor
  • Examples of Risk Factors
  • Risk Factors— External Environment
  • Risk Factors— Risk Management Capability
  • Risk Factors— IT Capability
  • Risk Factors— IT Related Business Capabilities
  • Methods for Analyzing IT Risk
  • Likelihood and Impact
  • Risk Analysis Output
  • Risk Analysis Methods
  • Risk Analysis Methods—Quantitative
  • Risk Analysis Methods—Qualitative
  • Risk Analysis Methods—for HIGH impact risk
  • types
  • Risk Analysis Methods
  • Risk Analysis Methods—Business Impact
  • Analysis (BIA)
  • Methods for Assessing IT Risk
  • Identifying and Assessing IT Risk
  • Definitions
  • Adverse Impact of Risk Event
  • Business Impacts From IT Risk
  • Business Related IT Risk Types
  • IT Project-Related Risk
  • Risk Components—Inherent Risk
  • Risk Components—Residual Risk
  • Risk Components—Control Risk
  • Risk Components—Detection Risk
  • Business Risk and Threats
  • Addressed By IT Resources
  • Identifying and Assessing IT Risk Methods For Describing IT Risk In Business Terms
  • Case Study
  • Acronym Review Definition Review Domain 1 – Exercises

C)ISRM Part II Domain 2 - Risk Response

  • Section Overview
  • Exam Relevance
  • Domain 2 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Risk Response Objectives
  • The Risk Response Process
  • Risk Response Options
  • Risk Response Parameters
  • Risk Tolerance and Risk Response Options
  • Risk Response Prioritization Options
  • Risk Mitigation Control Types
  • Risk Response Prioritization Factors
  • Risk Response Tracking, Integration and
  • Implementation
  • Process Phases
  • Phase 1—Articulate Risk
  • Phase 2—Manage Risk
  • Phase 3—React To Risk Events
  • Sample Case Study
  • Domain 2 – Exercise 1

C)ISRM Part II - Domain 3 - Risk Monitoring

  • Course Agenda
  • Exam Relevance
  • Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Essentials
  • Risk Indicators
  • Risk Indicator Selection Criteria
  • Key Risk Indicators
  • Risk Monitoring
  • Risk Indicator Types and Parameters
  • Risk Indicator Considerations
  • Criteria for KRI Selection
  • Benefits of Selecting Right KRIs
  • Disadvantages of Wrong KRIs
  • Changing KRIs
  • Gathering KRI Data
  • Steps to Data Gathering
  • Gathering Requirements
  • Data Access
  • Data Preparation
  • Data Validating Considerations
  • Data Analysis
  • Reporting and Corrective Actions
  • Optimizing KRIs
  • Use of Maturity Level Assessment
  • Assessing Risk Maturity Levels
  • Risk Management Capability Maturity Levels
  • Changing Threat Levels
  • Monitoring Changes in Threat Levels
  • Measuring Changes in Threat Levels
  • Responding to Changes in Threat Levels
  • Threat Level Review
  • Changes in Asset Value
  • Maintain Asset Inventory
  • Risk Reporting
  • Reporting Content
  • Effective Reports
  • Report Recommendations
  • Possible Risk Report Recipients
  • Periodic Reporting
  • Reporting Topics
  • Risk Reporting Techniques
  • Sample Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Acronym Review
  • Definition Review
  • Domain 3 – Exercises

C)ISRM Part II Domain 4 - IS Control Design and Implementation

  • Section Overview
  • Exam Relevance
  • Domain 4 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • C)ISRM Involvement
  • Control Definition
  • Control Categories
  • Control Types and Effects
  • Control Methods
  • Control Design Considerations
  • Control Strength
  • Control Strength
  • Control Costs and Benefits
  • Potential Loss Measures
  • Total Cost of Ownership For Controls
  • Role of the C)ISRM in SDLC
  • The SDLC Process
  • The Systems
  • Development Life Cycle (SDLC) ‘Meets and Continues to Meet’ SDLC
  • SDLC Phases
  • Addressing Risk Within the SDLC Business Risk versus Project Risk Understanding Project Risk Addressing Business Risk Understanding Business and Risk Requirements Understand Business Risk High Level SDLC Phases Project Initiation
  • Phase 1 – Project Initiation Phase 1 Tasks
  • Task 1—Feasibility Study Feasibility Study Components Determining Feasibility

Outcomes of the Feasibility Study

  • Task 1—Define Requirement
  • Requirement Progression
  • Business Information Requirements (COBIT)
  • Requirements Success Factors
  • Task 3—Acquire Software “Options”
  • Software Selection Criteria
  • Software Acquisition
  • Software Acquisition Process
  • Leading Principles for Design and
  • Implementation
  • C)ISRM Responsibilities
  • Key System Design Activities:
  • Steps to Perform Phase 2
  • Phase 2 - Project Design and Development
  • System Testing
  • Test Plans
  • Project Testing
  • Types of Tests
  • UAT Requirements
  • Certification and Accreditation
  • Project Status Reports
  • Phase 3 - Project Testing
  • Testing Techniques
  • Verification and Validation
  • Phase 4 - Project Implementation
  • Project Implementation
  • Implementation Phases
  • Phase 4 - Project Implementation
  • End User Training Plans & Techniques
  • Training Strategy
  • Data Migration/Conversion Considerations
  • Risks During Data Migration
  • Data Conversion Steps
  • Implementation Rollback
  • Data Conversion Project Key Considerations
  • Changeover Techniques
  • Post-Implementation Review
  • Performing Post-Implementation Review
  • Measurements of Critical Success Factors
  • Closing a Project
  • Project Management and Controlling
  • Project Management Tools and Techniques
  • Project Management Elements
  • Project Management Practices
  • PERT chart and critical path
  • PERT Attribute
  • Sample Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Practice Question 5