Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Certified Information Systems Risk Manager
Description
Certified Information Systems Risk Manager Training Overview:
Welcome to the Certified Information Systems Risk Manager (C)ISRM) course, tailored for IT and IS professionals involved in all aspects of risk management. This course equips you with the knowledge and skills to assess systems, implement risk controls, and monitor and maintain risk procedures. With this training, you’ll be prepared to identify and manage risks specific to various industries, enabling you to design, implement, monitor, and maintain efficient and effective information security controls.
Certified Information Systems Risk Manager Course Objectives:
In the C)ISRM course, you will:
- Develop expertise in risk management.
- Gain knowledge of risk assessment, treatment, and mitigation.
- Understand risk governance, frameworks, standards, and practices.
- Explore risk identification, assessment, and evaluation.
- Master risk response strategies and prioritization.
- Learn about risk monitoring and key risk indicators.
- Understand risk reporting and corrective actions.
- Explore information security control design and implementation.
- Discover the role of risk management in the Systems Development Life Cycle (SDLC).
- Learn about project initiation, design, development, testing, and implementation.
- Gain insights into project management and control.
Certified Information Systems Risk Manager Course Highlights:
- Accredited by the NSA’s CNSS.
- Approved on Homeland Security NICCS Framework.
- Included on the FBI’s Tier 1-3 Certification Training Chart.
- Comprehensive coverage of risk management and controls.
- Preparation for managing information security risks in various industries.
- Examination of risk governance, frameworks, and standards.
- In-depth exploration of risk identification, assessment, and evaluation.
- Focus on risk response, prioritization, and tracking.
- Training on risk monitoring, key risk indicators, and reporting.
- Insights into information security control design and implementation.
- Understanding the role of risk management in the Systems Development Life Cycle (SDLC).
- Exploration of project initiation, design, development, testing, and implementation.
- Insights into project management and controlling.
Certified Information Systems Risk Manager Course Outline:
C)ISRM Part 1: The Big Picture
- About the C)ISRM Exam
- Exam Relevance
- Overview of Risk Management
- Risk Governance
- Risk Appetite and Risk Tolerance
C)ISRM Part II – Domain 1 Risk Identification Assessment and Evaluation
- The Process
- Describing the Business Impact of IT Risk
- IT Risk Categories
- Risk Scenarios
- Risk Registry & Risk Profile
- Methods for Analyzing IT Risk
- Methods for Assessing IT Risk
- Business Risk and Threats Addressed By IT Resources
- Methods For Describing IT Risk In Business Terms
C)ISRM Part II Domain 2 – Risk Response
- Risk Response Objectives
- The Risk Response Process
- Risk Response Options
- Risk Response Parameters
- Risk Tolerance and Risk Response Options
- Risk Response Prioritization Options
- Risk Mitigation Control Types
- Risk Response Prioritization Factors
- Risk Response Tracking, Integration, and Implementation
C)ISRM Part II – Domain 3 – Risk Monitoring
- Essentials
- Risk Indicators
- Risk Monitoring
- Gathering KRI Data
- Data Analysis
- Reporting and Corrective Actions
- Optimizing KRIs
- Measuring Changes in Threat Levels
- Responding to Changes in Threat Levels
- Risk Reporting
- Risk Reporting Techniques
- C)ISRM Part II Domain 4 – IS Control Design and Implementation
- C)ISRM Involvement
- Control Design Considerations
- Control Strength
- Control Costs and Benefits
- Role of the C)ISRM in SDLC
- Addressing Risk Within the SDLC
Project Initiation
- Phase 1 – Project Initiation
- Phase 2 – Project Design and Development
- Phase 3 – Project Testing
- Phase 4 – Project Implementation
- Project Management and Controlling
Certified Information Systems Risk Manager Exam:
- Exam Name: Certified Information Systems Risk Manager (C)ISRM) Exam
- Examination Format: Multiple-choice questions
- Exam Duration: 4 hours
- Passing Grade: A minimum passing grade of 70% is required for certification.
- Online Exam: The C)ISRM exam is administered online through Mile2’s Learning Management System, accessible on your Mile2.com account.
- Exam Content: The exam covers the material taught in the C)ISRM course, including risk identification, assessment, response, monitoring, and controls.
- Certification: Successful completion of the exam leads to the prestigious Certified Information Systems Risk Manager (C)ISRM) certification.
- Preparation: The course provides comprehensive coverage of the exam topics, and you will have access to study materials, videos, an e-book, an exam simulator, exam prep, and the exam itself as part of the Self-Study Package.
- Accreditation: Mile2 is accredited by the NSA’s CNSS, approved on the Homeland Security NICCS Framework, and listed on the FBI’s Tier 1-3 Certification Training Chart.
Prepare to excel in risk management roles by enrolling in the Certified Information Systems Risk Manager (C)ISRM) course. Gain the knowledge, skills, and certification needed to become a proficient Information Systems Risk Manager and make a significant impact in the field of risk management.
Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.
Outline
C)ISRM Part 1: The Big Picture
- About the C)ISRM Exam
- Exam Relevance
- About the C)ISRM Exam
- Section Overview
Part 1 Learning Objectives
- Section Topics
- Overview of Risk Management
- Risk
- Risk and Opportunity Management
- Responsibility vs. Accountability
- Risk Management
- Roles and Responsibilities
- Relevance of Risk Management Frameworks, Standards and Practices
- Frameworks
- Standards
- Practices
- Relevance of Risk Governance
- Overview of Risk Governance
- Objectives of Risk Governance
- Foundation of Risk Governance
- Risk Appetite and Risk Tolerance
- Risk Awareness and Communication
- Key Concepts of
- Risk Governance
- Risk Culture
- Case Study
C)ISRM Part II – Domain 1 Risk Identification Assessment and Evaluation
- Section Overview
- Exam Relevance
- Domain 1 Learning Objectives
- Task Statements
- Knowledge Statements
- The Process
- Describing the Business Impact of IT Risk
- IT Risk in the Risk Hierarchy
- IT Risk Categories
- High Level Process Phases
- Risk Scenarios
- Definition of Risk Scenario
- Purpose of Risk Scenarios
- Event Types
- Risk Scenario Development
- Risk Registry & Risk Profile
- Risk Scenario Development
- Risk Scenario Components
- Risk Scenario Development
- Risk Scenario Development Enablers
- Systemic, Contagious or Obscure Risk
- Generic IT Risk Scenarios
- Definition of Risk Factor
- Examples of Risk Factors
- Risk Factors— External Environment
- Risk Factors— Risk Management Capability
- Risk Factors— IT Capability
- Risk Factors— IT Related Business Capabilities
- Methods for Analyzing IT Risk
- Likelihood and Impact
- Risk Analysis Output
- Risk Analysis Methods
- Risk Analysis Methods—Quantitative
- Risk Analysis Methods—Qualitative
- Risk Analysis Methods—for HIGH impact risk
- types
- Risk Analysis Methods
- Risk Analysis Methods—Business Impact
- Analysis (BIA)
- Methods for Assessing IT Risk
- Identifying and Assessing IT Risk
- Definitions
- Adverse Impact of Risk Event
- Business Impacts From IT Risk
- Business Related IT Risk Types
- IT Project-Related Risk
- Risk Components—Inherent Risk
- Risk Components—Residual Risk
- Risk Components—Control Risk
- Risk Components—Detection Risk
- Business Risk and Threats
- Addressed By IT Resources
- Identifying and Assessing IT Risk Methods For Describing IT Risk In Business Terms
- Case Study
- Acronym Review Definition Review Domain 1 – Exercises
C)ISRM Part II Domain 2 – Risk Response
- Section Overview
- Exam Relevance
- Domain 2 Learning Objectives
- Task Statements
- Knowledge Statements
- Risk Response Objectives
- The Risk Response Process
- Risk Response Options
- Risk Response Parameters
- Risk Tolerance and Risk Response Options
- Risk Response Prioritization Options
- Risk Mitigation Control Types
- Risk Response Prioritization Factors
- Risk Response Tracking, Integration and
- Implementation
- Process Phases
- Phase 1—Articulate Risk
- Phase 2—Manage Risk
- Phase 3—React To Risk Events
- Sample Case Study
- Domain 2 – Exercise 1
C)ISRM Part II – Domain 3 – Risk Monitoring
- Learning Objectives
- Task Statements
- Knowledge Statements
- Essentials
- Risk Indicators
- Risk Indicator Selection Criteria
- Key Risk Indicators
- Risk Monitoring
- Risk Indicator Types and Parameters
- Risk Indicator Considerations
- Criteria for KRI Selection
- Benefits of Selecting Right KRIs
- Disadvantages of Wrong KRIs
- Changing KRIs
- Gathering KRI Data
- Steps to Data Gathering
- Gathering Requirements
- Data Access
- Data Preparation
- Data Validating Considerations
- Data Analysis
- Reporting and Corrective Actions
- Optimizing KRIs
- Use of Maturity Level Assessment
- Assessing Risk Maturity Levels
- Risk Management Capability Maturity Levels
- Changing Threat Levels
- Monitoring Changes in Threat Levels
- Measuring Changes in Threat Levels
- Responding to Changes in Threat Levels
- Threat Level Review
- Changes in Asset Value
- Maintain Asset Inventory
- Risk Reporting
- Reporting Content
- Effective Reports
- Report Recommendations
- Possible Risk Report Recipients
- Periodic Reporting
- Reporting Topics
- Risk Reporting Techniques
- Sample Case Study
- Practice Question 1
- Practice Question 2
- Practice Question 3
- Practice Question 4
- Acronym Review
- Definition Review
- Domain 3 – Exercises
C)ISRM Part II Domain 4 – IS Control Design and Implementation
- Domain 4 Learning Objectives
- Task Statements
- Knowledge Statements
- C)ISRM Involvement
- Control Definition
- Control Categories
- Control Types and Effects
- Control Methods
- Control Design Considerations
- Control Strength
- Control Strength
- Control Costs and Benefits
- Potential Loss Measures
- Total Cost of Ownership For Controls
- Role of the C)ISRM in SDLC
- The SDLC Process
- The Systems
- Development Life Cycle (SDLC) ‘Meets and Continues to Meet` SDLC
- SDLC Phases
- Addressing Risk Within the SDLC Business Risk versus Project Risk Understanding Project Risk Addressing Business Risk Understanding Business and Risk Requirements Understand Business Risk High Level SDLC Phases Project Initiation
- Phase 1 – Project Initiation Phase 1 Tasks
- Task 1—Feasibility Study Feasibility Study Components Determining Feasibility
Outcomes of the Feasibility Study
- Task 1—Define Requirement
- Requirement Progression
- Business Information Requirements (COBIT)
- Requirements Success Factors
- Task 3—Acquire Software “Options”
- Software Selection Criteria
- Software Acquisition
- Software Acquisition Process
- Leading Principles for Design and
- Implementation
- C)ISRM Responsibilities
- Key System Design Activities:
- Steps to Perform Phase 2
- Phase 2 – Project Design and Development
- System Testing
- Test Plans
- Project Testing
- Types of Tests
- UAT Requirements
- Certification and Accreditation
- Project Status Reports
- Phase 3 – Project Testing
- Testing Techniques
- Verification and Validation
- Phase 4 – Project Implementation
- Project Implementation
- Implementation Phases
- Phase 4 – Project Implementation
- End User Training Plans & Techniques
- Training Strategy
- Data Migration/Conversion Considerations
- Risks During Data Migration
- Data Conversion Steps
- Implementation Rollback
- Data Conversion Project Key Considerations
- Changeover Techniques
- Post-Implementation Review
- Performing Post-Implementation Review
- Measurements of Critical Success Factors
- Closing a Project
- Project Management and Controlling
- Project Management Tools and Techniques
- Project Management Elements
- Project Management Practices
- PERT chart and critical path
- PERT Attribute
PreRequisites
- Mile2’s C)SP
- 12 months of IT experience
Audience
- IS Security Officers
- Privacy Officers
- Health IS Managers
- Risk Mangers
- Info Security Managers
- Government Employees
$3000.00
|
3 Days Course |