Class Is Recorded with Unlimited Access for 90-Days
We Coach Until You Pass
100 % Exam Pass Guarantee
12-Additional Hours of Exam Review at No Charge
CCAK Overview
Welcome to ISACA’s Certified in Risk and Information Systems Control® (CRISC®) training and certification course. Are you considering CRISC certification? This course prepares students to pass the certification exam and be recognized among the world’s most qualified Risk Management professionals. The CRISC program at 327 Solutions is an ISACA Authorized Event. 327 Solutions is an ISACA Authorized Training Organization (ATO). Our training utilizes the latest courseware and exam prep material in the market, delivered by ISACA Authorized Trainers, and uses 327 Solutions Persistent Training Environment. When you take a training program with 327, we will record your event, and after class, you’ll have access to your training for 3-months after we turn your event into eLearning, along with live exam review and mentoring.
The course covers all four CRISC domains. BONUS!
Benefits:
- Pass your exam, guaranteed (if you don’t pass, you’ll be coached until you do)
- Intensive Authorized Virtual-Live & Live Training (online live sessions on Zoom)
- YOUR live class is recorded and turned into eLearning with 3-months access via the student portal
- Access mock exams, exam prep, and assessments to ensure you are ready to test
Curriculum
Domain 1 - Governance
The governance domain interrogates your knowledge of information about an organization’s business and IT environments, organizational strategy, goals, and objectives. It examines the potential or realized impacts of IT risk on the organization’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework.
A—ORGANIZATIONAL GOVERNANCE
- Organizational Strategy, Goals, and Objectives
- Organizational Structure, Roles and Responsibilities
- Organizational Culture
- Policies and Standards
- Business Processes
- Organizational Assets
B—RISK GOVERNANCE
- Enterprise Risk Management and Risk Management Framework
- Three Lines of Defense
- Risk Profile
- Risk Appetite and Risk Tolerance
- Legal, Regulatory, and Contractual Requirements
- Professional Ethics of Risk Management
Domain 2 - IT Risk Assessment
This domain will certify your knowledge of threats and vulnerabilities to the organization’s people, processes, and technology, as well as the likelihood and impact of threats, vulnerabilities, and risk scenarios.
A—IT RISK IDENTIFICATION
- Risk Events (e.g., contributing conditions, loss result)
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
- Risk Scenario Development
B—IT RISK ANALYSIS AND EVALUATION
- Risk Assessment Concepts, Standards, and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent and Residual Risk
Domain 3 - Risk Response and Reporting
This domain deals with developing and managing risk treatment plans among key stakeholders, evaluating existing controls and improving effectiveness for IT risk mitigation, and assessing relevant risk and control information to applicable stakeholders.
A—RISK RESPONSE
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Third-Party Risk Management
- Issue, Finding, and Exception Management
- Management of Emerging Risk
B—CONTROL DESIGN AND IMPLEMENTATION
- Control Types, Standards, and Frameworks
- Control Design, Selection, and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
Domain 4 - Information Technology and Security
In this domain, we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, the development of a risk-aware culture, and the implementation of security awareness training.
A—INFORMATION TECHNOLOGY PRINCIPLES
- Enterprise Architecture
- IT Operations Management (e.g., change management, IT assets, problems, incidents)
- Project Management
- Disaster Recovery Management (DRM)
- Data Lifecycle Management
- System Development Life Cycle (SDLC)
- Emerging Technologies
B—INFORMATION SECURITY PRINCIPLES
- Information Security Concepts, Frameworks, and Standards
- Information Security Awareness Training
- Business Continuity Management
- Data Privacy and Data Protection Principles
