CRISC Certified in Risk and Information Systems Control

Governance and Risk management
The Context of IT Risk Management
Key Concepts of Risk
Risk in Relation to Other Business Functions
IT Risk Management Good Practices

Risk Capacity, Risk Appetite and Risk Tolerance
Risk Culture and Communication
Elements of Risk
Information Security Risk Concepts and Principles
The IT Risk Strategy of the Business
IT Concepts and Areas of Concern for the Risk Practitioner
Methods of Risk Identification
IT Risk Scenarios
Ownership and Accountability
The IT Risk Register
Risk Awareness

Risk Assessment Techniques
Analyzing Risk Scenarios
Current State of Controls
Changes in the Risk Environment
Project and Program Management
Risk and Control Analysis
Risk Analysis Methodologies
Risk Ranking
Documenting Risk Assessments

Aligning Risk Response with Business Objectives
Risk Response Options
Analysis Techniques
Vulnerabilities Associated with New Controls
Developing a Risk Action Plan
Business Process Review Tools and Techniques
Control Design and Implementation
Control Monitoring and Effectiveness
Types of Risk
Control Activities, Objectives, Practices and Metrics
Systems Control Design and Implementation
Impact of Emerging Technologies on Design and Implementation of Controls
Control Ownership
Risk management Procedures and Documentation

Key Risk Indicators
Key Performance Indicators
Data Collection and Extraction Tools and Techniques
Monitoring Controls
Control Assessment Types
Results of Control Assessments
Changes to the IT Risk Profile