Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863
M2-CISRMG
Certified Information Systems Risk Manager
Alert Me
Description
This is a 5 day instructor-led Certified Information Systems Risk Manager course.
Outline
C)ISRM Part 1: The Big Picture
- About the C)ISRM Exam
- Exam Relevance
- About the C)ISRM Exam
- Section Overview
Part 1 Learning Objectives
- Section Topics
- Overview of Risk Management
- Risk
- Risk and Opportunity Management
- Responsibility vs. Accountability
- Risk Management
- Roles and Responsibilities
- Relevance of Risk Management Frameworks, Standards and Practices
- Frameworks
- Standards
- Practices
- Relevance of Risk Governance
- Overview of Risk Governance
- Objectives of Risk Governance
- Foundation of Risk Governance
- Risk Appetite and Risk Tolerance
- Risk Awareness and Communication
- Key Concepts of
- Risk Governance
- Risk Culture
- Case Study
Practice Question 1
Practice Question 2
Practice Question 3
C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation
- Section Overview
- Exam Relevance
- Domain 1 Learning Objectives
- Task Statements
- Knowledge Statements
- The Process
- Describing the Business Impact of IT Risk
- IT Risk in the Risk Hierarchy
- IT Risk Categories
- High Level Process Phases
- Risk Scenarios
- Definition of Risk Scenario
- Purpose of Risk Scenarios
- Event Types
- Risk Scenario Development
- Risk Registry & Risk Profile
- Risk Scenario Development
- Risk Scenario Components
- Risk Scenario Development
- Risk Scenario Development Enablers
- Systemic, Contagious or Obscure Risk
- Generic IT Risk Scenarios
- Definition of Risk Factor
- Examples of Risk Factors
- Risk Factors— External Environment
- Risk Factors— Risk Management Capability
- Risk Factors— IT Capability
- Risk Factors— IT Related Business Capabilities
- Methods for Analyzing IT Risk
- Likelihood and Impact
- Risk Analysis Output
- Risk Analysis Methods
- Risk Analysis Methods—Quantitative
- Risk Analysis Methods—Qualitative
- Risk Analysis Methods—for HIGH impact risk
- types
- Risk Analysis Methods
- Risk Analysis Methods—Business Impact
- Analysis (BIA)
- Methods for Assessing IT Risk
- Identifying and Assessing IT Risk
- Definitions
- Adverse Impact of Risk Event
- Business Impacts From IT Risk
- Business Related IT Risk Types
- IT Project-Related Risk
- Risk Components—Inherent Risk
- Risk Components—Residual Risk
- Risk Components—Control Risk
- Risk Components—Detection Risk
- Business Risk and Threats
- Addressed By IT Resources
- Identifying and Assessing IT Risk Methods For Describing IT Risk In Business Terms
- Case Study
- Acronym Review Definition Review Domain 1 – Exercises
C)ISRM Part II Domain 2 - Risk Response
- Section Overview
- Exam Relevance
- Domain 2 Learning Objectives
- Task Statements
- Knowledge Statements
- Risk Response Objectives
- The Risk Response Process
- Risk Response Options
- Risk Response Parameters
- Risk Tolerance and Risk Response Options
- Risk Response Prioritization Options
- Risk Mitigation Control Types
- Risk Response Prioritization Factors
- Risk Response Tracking, Integration and
- Implementation
- Process Phases
- Phase 1—Articulate Risk
- Phase 2—Manage Risk
- Phase 3—React To Risk Events
- Sample Case Study
- Domain 2 – Exercise 1
C)ISRM Part II - Domain 3 - Risk Monitoring
- Course Agenda
- Exam Relevance
- Learning Objectives
- Task Statements
- Knowledge Statements
- Essentials
- Risk Indicators
- Risk Indicator Selection Criteria
- Key Risk Indicators
- Risk Monitoring
- Risk Indicator Types and Parameters
- Risk Indicator Considerations
- Criteria for KRI Selection
- Benefits of Selecting Right KRIs
- Disadvantages of Wrong KRIs
- Changing KRIs
- Gathering KRI Data
- Steps to Data Gathering
- Gathering Requirements
- Data Access
- Data Preparation
- Data Validating Considerations
- Data Analysis
- Reporting and Corrective Actions
- Optimizing KRIs
- Use of Maturity Level Assessment
- Assessing Risk Maturity Levels
- Risk Management Capability Maturity Levels
- Changing Threat Levels
- Monitoring Changes in Threat Levels
- Measuring Changes in Threat Levels
- Responding to Changes in Threat Levels
- Threat Level Review
- Changes in Asset Value
- Maintain Asset Inventory
- Risk Reporting
- Reporting Content
- Effective Reports
- Report Recommendations
- Possible Risk Report Recipients
- Periodic Reporting
- Reporting Topics
- Risk Reporting Techniques
- Sample Case Study
- Practice Question 1
- Practice Question 2
- Practice Question 3
- Practice Question 4
- Acronym Review
- Definition Review
- Domain 3 – Exercises
C)ISRM Part II Domain 4 - IS Control Design and Implementation
- Section Overview
- Exam Relevance
- Domain 4 Learning Objectives
- Task Statements
- Knowledge Statements
- C)ISRM Involvement
- Control Definition
- Control Categories
- Control Types and Effects
- Control Methods
- Control Design Considerations
- Control Strength
- Control Strength
- Control Costs and Benefits
- Potential Loss Measures
- Total Cost of Ownership For Controls
- Role of the C)ISRM in SDLC
- The SDLC Process
- The Systems
- Development Life Cycle (SDLC) ‘Meets and Continues to Meet` SDLC
- SDLC Phases
- Addressing Risk Within the SDLC Business Risk versus Project Risk Understanding Project Risk Addressing Business Risk Understanding Business and Risk Requirements Understand Business Risk High Level SDLC Phases Project Initiation
- Phase 1 – Project Initiation Phase 1 Tasks
- Task 1—Feasibility Study Feasibility Study Components Determining Feasibility
Outcomes of the Feasibility Study
- Task 1—Define Requirement
- Requirement Progression
- Business Information Requirements (COBIT)
- Requirements Success Factors
- Task 3—Acquire Software “Options”
- Software Selection Criteria
- Software Acquisition
- Software Acquisition Process
- Leading Principles for Design and
- Implementation
- C)ISRM Responsibilities
- Key System Design Activities:
- Steps to Perform Phase 2
- Phase 2 - Project Design and Development
- System Testing
- Test Plans
- Project Testing
- Types of Tests
- UAT Requirements
- Certification and Accreditation
- Project Status Reports
- Phase 3 - Project Testing
- Testing Techniques
- Verification and Validation
- Phase 4 - Project Implementation
- Project Implementation
- Implementation Phases
- Phase 4 - Project Implementation
- End User Training Plans & Techniques
- Training Strategy
- Data Migration/Conversion Considerations
- Risks During Data Migration
- Data Conversion Steps
- Implementation Rollback
- Data Conversion Project Key Considerations
- Changeover Techniques
- Post-Implementation Review
- Performing Post-Implementation Review
- Measurements of Critical Success Factors
- Closing a Project
- Project Management and Controlling
- Project Management Tools and Techniques
- Project Management Elements
- Project Management Practices
- PERT chart and critical path
- PERT Attribute
- Sample Case Study
- Practice Question 1
- Practice Question 2
- Practice Question 3
- Practice Question 4
- Practice Question 5
PreRequisites
- A minimum of 12 months experience in networking technologies
- Sound knowledge of TCP/IP
- Knowledge of Microsoft packages
- Network+, Microsoft, Security+
- Basic Knowledge of Linux is essential
$2500.00 List Price | 3 Days Course |
