C)ISRM - Certified Information Systems Risk Manager

 

COURSE OVERVIEW

 

The vendor neutral Certified Information Systems Risk Manager certification is designed for IT and IS professionals who are involved with risk identification, assessment & evaluation, risk response, risk monitoring, IS control design & implementation as well as IS control monitoring & maintenance.

 

The Certified Information Systems Risk Manager training will enable professionals to elevate their understanding in identifying and evaluating entity-specific risk but also aid them in assessing risks associated to enterprise business objectives by equipping the practitioner to design, implement, monitor and maintain risk-based, efficient and effective IS controls.

 

The Certified Information Systems Risk Manager covers 5 critical subjects; Risk Identification Assessment and Evaluation, Risk Response, Risk Monitoring, IS Control Design and Implementation and IS Control Monitoring & Maintenance.

 

WHAT'S INCLUDED IN THE COURSE KIT?

  • Individual Course Access
  • Course Video
  • Physical, Printed Course book
  • Exam Prep Guide
  • Exam Simulator
  • Exam

C)ISRM - Physical Course Kit & Exam

£950.00Price
  • C)ISRM Part 1: The Big Picture

    • About the C)ISRM Exam
    • Exam Relevance
    • About the C)ISRM Exam
    • Section Overview
    • Part 1 Learning Objectives
    • Section Topics
    • Overview of Risk Management
    • Risk
    • Risk and Opportunity Management
    • Responsibility vs. Accountability
    • Risk Management
    • Roles and Responsibilities
    • Relevance of Risk Management Frameworks, Standards and Practices
    • Frameworks
    • Standards
    • Practices
    • Relevance of Risk Governance
    • Overview of Risk Governance
    • Objectives of Risk Governance
    • Foundation of Risk Governance
    • Risk Appetite and Risk Tolerance
    • Risk Awareness and Communication
    • Key Concepts of
    • Risk Governance
    • Risk Culture
    • Case Study
    • Practice Question 1
    • Practice Question 2
    • Practice Question 3
    • Practice Question 4
    • Practice Question 5
    • Acronym Review
    • Definition Review

    C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation

    • Section Overview
    • Exam Relevance
    • Domain 1 Learning Objectives
    • Task Statements
    • Knowledge Statements
    • The Process
    • Describing the Business Impact of IT Risk
    • IT Risk in the Risk Hierarchy
    • IT Risk Categories
    • High Level Process Phases
    • Risk Scenarios
    • Definition of Risk Scenario
    • Purpose of Risk Scenarios
    • Event Types
    • Risk Scenario Development
    • Risk Registry & Risk Profile
    • Risk Scenario Development
    • Risk Scenario Components
    • Risk Scenario Development
    • Risk Scenario Development Enablers
    • Systemic, Contagious or Obscure Risk
    • Generic IT Risk Scenarios
    • Definition of Risk Factor
    • Examples of Risk Factors
    • Risk Factors— External Environment
    • Risk Factors— Risk Management Capability
    • Risk Factors— IT Capability
    • Risk Factors— IT Related Business Capabilities
    • Methods for Analyzing IT Risk
    • Likelihood and Impact
    • Risk Analysis Output
    • Risk Analysis Methods
    • Risk Analysis Methods—Quantitative
    • Risk Analysis Methods—Qualitative
    • Risk Analysis Methods—for HIGH impact risk types
    • Risk Analysis Methods
    • Risk Analysis Methods—Business Impact Analysis (BIA)
    • Methods for Assessing IT Risk
    • Identifying  and Assessing IT Risk
    • Definitions
    • Adverse Impact of Risk Event
    • Business Impacts From IT Risk
    • Business Related IT Risk Types
    • IT Project-Related Risk
    • Risk Components—Inherent Risk
    • Risk Components—Residual Risk
    • Risk Components—Control Risk
    • Risk Components—Detection Risk
    • Business Risk and Threats
    • Addressed By IT Resources
    • Identifying  and Assessing IT Risk
    • Methods For Describing
    • IT Risk In Business Terms
    • Case Study
    • Acronym Review
    • Definition Review
    • Domain 1 – Exercises

    C)ISRM Part II Domain 2 - Risk Response

    • Section Overview
    • Exam Relevance
    • Domain 2 Learning Objectives
    • Task Statements
    • Knowledge Statements
    • Risk Response Objectives
    • The Risk Response Process
    • Risk Response Options
    • Risk Response Parameters
    • Risk Tolerance and Risk Response Options
    • Risk Response Prioritization Options
    • Risk Mitigation Control Types
    • Risk Response Prioritization Factors
    • Risk Response Tracking, Integration and Implementation
    • Process Phases
    • Phase 1—Articulate Risk
    • Phase 2—Manage Risk
    • Phase 3—React To Risk Events
    • Sample Case Study 
    • Domain 2 – Exercise 1

    C)ISRM Part II - Domain 3 - Risk Monitoring

    • Course Agenda
    • Exam Relevance
    • Learning Objectives
    • Task Statements
    • Knowledge Statements
    • Essentials
    • Risk Indicators
    • Risk Indicator Selection Criteria
    • Key Risk Indicators
    • Risk Monitoring
    • Risk Indicator Types and Parameters
    • Risk Indicator Considerations
    • Criteria for KRI Selection
    • Benefits of Selecting Right KRIs
    • Disadvantages of Wrong KRIs
    • Changing KRIs
    • Gathering KRI Data
    • Steps to Data Gathering
    • Gathering Requirements
    • Data Access
    • Data Preparation
    • Data Validating Considerations
    • Data Analysis
    • Reporting and Corrective Actions
    • Optimizing KRIs
    • Use of Maturity Level Assessment
    • Assessing Risk Maturity Levels
    • Risk Management Capability Maturity Levels
    • Changing Threat Levels
    • Monitoring Changes in Threat Levels
    • Measuring Changes in Threat Levels
    • Responding to Changes in Threat Levels
    • Threat Level Review
    • Changes in Asset Value
    • Maintain Asset Inventory
    • Risk Reporting
    • Reporting Content
    • Effective Reports
    • Report Recommendations
    • Possible Risk Report Recipients
    • Periodic Reporting
    • Reporting Topics
    • Risk Reporting Techniques
    • Sample Case Study 
    • Practice Question 1
    • Practice Question 2
    • Practice Question 3
    • Practice Question 4
    • Acronym Review
    • Definition Review
    • Domain 3 – Exercises

    C)ISRM Part II Domain 4 - IS Control Design and Implementation

    • Section Overview
    • Exam Relevance
    • Domain 4 Learning Objectives
    • Task Statements
    • Knowledge Statements
    • C)ISRM Involvement
    • Control Definition
    • Control Categories
    • Control Types and Effects
    • Control Methods
    • Control Design Considerations
    • Control Strength
    • Control Strength
    • Control Costs and Benefits
    • Potential Loss Measures
    • Total Cost of Ownership For Controls
    • Role of the C)ISRM in SDLC
    • The SDLC Process
    • Outcomes of the Feasibility Study
    • Task 1—Define Requirement
    • Requirement Progression
    • Business Information Requirements (COBIT)
    • Requirements Success Factors
    • Task 3—Acquire Software “Options”
    • Software Selection Criteria
    • Software Acquisition
    • Software Acquisition Process
    • Leading Principles for Design and Implementation
    • C)ISRM Responsibilities
    • Key System Design Activities:
    • Steps to Perform Phase 2
    • Phase 2 - Project Design and Development
    • System Testing
    • Test Plans
    • Project Testing
    • Types of Tests
    • UAT Requirements
    • Certification and Accreditation
    • Project Status Reports
    • Phase 3 - Project Testing
    • Testing Techniques
    • Verification and Validation
    • Phase 4 - Project Implementation
    • Project Implementation
    • The Systems
    • Development Life Cycle (SDLC)
    • ‘Meets and Continues to Meet’
    • SDLC
    • SDLC Phases
    • Addressing Risk Within the SDLC
    • Business Risk versus Project Risk
    • Understanding Project Risk
    • Addressing Business Risk
    • Understanding Business
    • and Risk Requirements
    • Understand Business Risk
    • High Level SDLC Phases
    • Project Initiation
    • Phase 1 – Project Initiation
    • Phase 1 Tasks
    • Task 1—Feasibility Study
    • Feasibility Study Components
    • Determining Feasibility
    • Implementation Phases
    • Phase 4 - Project Implementation
    • End User Training Plans & Techniques
    • Training Strategy
    • Data Migration/Conversion Considerations
    • Risks During Data Migration
    • Data Conversion Steps
    • Implementation Rollback
    • Data Conversion Project Key Considerations
    • Changeover Techniques
    • Post-Implementation Review
    • Performing Post-Implementation Review
    • Measurements of Critical Success Factors
    • Closing a Project
    • Project Management and Controlling
    • Project Management Tools and Techniques
    • Project Management Elements
    • Project Management Practices
    • PERT chart and critical path
    • PERT Attribute
    • Sample Case Study
    • Practice Question 1
    • Practice Question 2
    • Practice Question 3
    • Practice Question 4
    • Practice Question 5

©2019 by Oddfellows Services Ltd t/a OFS.

Registered in England Number 11987380

Registered Office : International House, 24 Holborn Viaduct, London, EC1A 2BN, London, United Kingdom.

Email : operations@ofsec.co.uk

Telephone : +44 (0) 203 787 4785