Apply Now

About the Course

DurationOverview

Duration

3 Days

Overview

The CRISC course is designed for those who have experience with risk identification, assessment, and evaluation; risk response; risk monitoring; information systems control design and implementation; and information systems control monitoring and maintenance.

Course Structure

Governance IT Risk Assessment Risk Response Risk Reporting Information Technology and Security

Governance

  1. Organizational Governance
    1. Organizational Strategy, Goals, and Objectives
    2. Organizational Structure, Roles and Responsibilities
    3. Organizational Culture
    4. Policies and Standards
    5. Business Processes
    6. Organizational Assets
  2.  Risk Governance
    1. Enterprise Risk Management and Risk Management Framework
    2. Three Lines of Defense
    3. Risk Profile
    4. Risk Appetite and Risk Tolerance
    5. Legal, Regulatory and Contractual Requirements
    6. Professional Ethics of Risk Management

IT Risk Assessment

  1. IT Risk Identification
    1. Risk Events (e.g., contributing conditions, loss result)
    2. Threat Modelling and Threat Landscape
    3. Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
    4. Risk Scenario Development
  2. IT Risk Analysis, Evaluation and Assessment
    1. Risk Assessment Concepts, Standards and Frameworks
    2. Risk Register
    3. Risk Analysis Methodologies
    4. Business Impact Analysis
    5. Inherent and Residual Risk

Risk Response

  1. Risk Response
    1. Risk Treatment / Risk Response Options
    2. Risk and Control Ownership
    3. Third-Party Risk Management
    4. Issue, Finding and Exception Management
    5.  Management of Emerging Risk
  2. Control Design and Implementation
    1. Control Types, Standards and Frameworks
    2. Control Design, Selection and Analysis
    3. Control Implementation
    4. Control Testing and Effectiveness Evaluation

Risk Reporting

  1. Risk Monitoring and Reporting
    1. Risk Treatment Plans
    2. Data Collection, Aggregation, Analysis and Validation
    3. Risk and Control Monitoring Techniques
    4. Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)

Information Technology and Security

  1. Information Technology Principles
    1. Enterprise Architecture
    2. IT Operations Management (e.g., change management, IT assets, problems, incidents)
    3. Project Management
    4. Disaster Recovery Management (DRM)
    5. Data Lifecycle Management
    6. System Development Life Cycle (SDLC)
    7. Emerging Technologies
  2. Information Security Principles
    1. Information Security Concepts, Frameworks and Standards
    2. Information Security Awareness Training
    3. Business Continuity Management
    4. Data Privacy and Data Protection Principles
Quick Links
Executive LearningE-LearningOffice of Student Life (OSL)Research & Dev. OfficeGlobal Studies CenterCenter for Teaching, Learning & ResearchCenter For Applied Mathematics & BioinformaticsCenter for Sustainable Development Gulf Financial CenterFoundation Program UnitContact Us
Resources
Academic CalendarGUST LibraryApply OnlineEmploymentFaculty & StaffGUST Online PaymentIT HelpdeskSchedule
ADDRESS

Gulf University for Science & Technology Block 5, Building 1 Mubarak Al-Abdullah Area/West Mishref Kuwait

PHONE NUMBER
+(965) 1886 644+(965) 2530 7000
WHATSAPP
+(965) 1886 644
Copyright © 2024 GUST. All Rights Reserved