Certified Information Systems Risk Manager

This is a 5 day instructor-led Certified Information Systems Risk Manager course.

C)ISRM Part 1: The Big Picture

• About the C)ISRM Exam
• Exam Relevance
• About the C)ISRM Exam
• Section Overview

Part 1 Learning Objectives

• Section Topics
• Overview of Risk Management
• Risk
• Risk and Opportunity Management
• Responsibility vs. Accountability
• Risk Management
• Roles and Responsibilities
• Relevance of Risk Management Frameworks, Standards and Practices
• Frameworks
• Standards
• Practices
• Relevance of Risk Governance
• Overview of Risk Governance
• Objectives of Risk Governance
• Foundation of Risk Governance
• Risk Appetite and Risk Tolerance
• Risk Awareness and Communication
• Key Concepts of
• Risk Governance
• Risk Culture
• Case Study

Practice Question 1

Practice Question 2

Practice Question 3

• Section Overview
• Exam Relevance
• Domain 1 Learning Objectives
• Task Statements
• Knowledge Statements
• The Process
• Describing the Business Impact of IT Risk
• IT Risk in the Risk Hierarchy
• IT Risk Categories
• High Level Process Phases
• Risk Scenarios
• Definition of Risk Scenario
• Purpose of Risk Scenarios
• Event Types
• Risk Scenario Development
• Risk Registry & Risk Profile
• Risk Scenario Development
• Risk Scenario Components
• Risk Scenario Development
• Risk Scenario Development Enablers
• Systemic, Contagious or Obscure Risk
• Generic IT Risk Scenarios
• Definition of Risk Factor
• Examples of Risk Factors
• Risk Factors— External Environment
• Risk Factors— Risk Management Capability
• Risk Factors— IT Capability
• Risk Factors— IT Related Business Capabilities
• Methods for Analyzing IT Risk
• Likelihood and Impact
• Risk Analysis Output
• Risk Analysis Methods

C)ISRM Part II Domain 2 - Risk Response

• Section Overview
• Exam Relevance
• Domain 2 Learning Objectives
• Task Statements
• Knowledge Statements
• Risk Response Objectives
• The Risk Response Process
• Risk Response Options
• Risk Response Parameters
• Risk Tolerance and Risk Response Options
• Risk Response Prioritization Options
• Risk Mitigation Control Types
• Risk Response Prioritization Factors
• Risk Response Tracking, Integration and
• Implementation
• Process Phases
• Phase 1—Articulate Risk
• Phase 2—Manage Risk
• Phase 3—React To Risk Events
• Sample Case Study
• Domain 2 – Exercise 1

• Course Agenda

C)ISRM Part II Domain 4 - IS Control Design and Implementation

• Section Overview
• Exam Relevance
• Domain 4 Learning Objectives
• Task Statements
• Knowledge Statements
• C)ISRM Involvement
• Control Definition
• Control Categories
• Control Types and Effects
• Control Methods
• Control Design Considerations
• Control Strength
• Control Strength
• Control Costs and Benefits
• Potential Loss Measures
• Total Cost of Ownership For Controls
• Role of the C)ISRM in SDLC
• The SDLC Process
• The Systems
• Development Life Cycle (SDLC) ‘Meets and Continues to Meet` SDLC
• SDLC Phases
• Addressing Risk Within the SDLC Business Risk versus Project Risk Understanding Project Risk Addressing Business Risk Understanding Business and Risk Requirements Understand Business Risk High Level SDLC Phases Project Initiation
• Phase 1 – Project Initiation Phase 1 Tasks
• Task 1—Feasibility Study Feasibility Study Components Determining Feasibility

Outcomes of the Feasibility Study

• Task 1—Define Requirement
• Requirement Progression
• Business Information Requirements (COBIT)
• Requirements Success Factors
• Task 3—Acquire Software “Options”
• Software Selection Criteria
• Software Acquisition
• Software Acquisition Process
• Leading Principles for Design and
• Implementation
• C)ISRM Responsibilities
• Key System Design Activities:
• Steps to Perform Phase 2
• Phase 2 - Project Design and Development
• System Testing
• Test Plans
• Project Testing
• Types of Tests
• UAT Requirements
• Certification and Accreditation
• Project Status Reports
• Phase 3 - Project Testing
• Testing Techniques
• Verification and Validation
• Phase 4 - Project Implementation
• Project Implementation
• Implementation Phases
• Phase 4 - Project Implementation
• End User Training Plans & Techniques
• Training Strategy
• Data Migration/Conversion Considerations
• Risks During Data Migration
• Data Conversion Steps
• Implementation Rollback
• Data Conversion Project Key Considerations
• Changeover Techniques
• Post-Implementation Review
• Performing Post-Implementation Review
• Measurements of Critical Success Factors
• Closing a Project
• Project Management and Controlling
• Project Management Tools and Techniques
• Project Management Elements
• Project Management Practices
• PERT chart and critical path
• PERT Attribute
• Sample Case Study
• Practice Question 1
• Practice Question 2
• Practice Question 3
• Practice Question 4
• Practice Question 5

• A minimum of 12 months experience in networking technologies
• Sound knowledge of TCP/IP
• Knowledge of Microsoft packages
• Network+, Microsoft, Security+
• Basic Knowledge of Linux is essential