Course Syllabus
                                                 CRISC
    Instructor Name: Kelly Handerhan                       Instructor Website:https://cybertrainit.com/
    Instructor Contact: KellyH@CyberTrain.IT               Course Creation Date: 5/1/2019
                                     Course Description and Goals
    Course Description: Certified in Risk and Information Systems Control (CRISC) by ISACA is
    for IT and business professionals who develop and maintain information system controls, and
    whose job revolves around security operations and compliance. The CRISC is quickly being
    implemented into operational and management level positions at organizations of almost any
    size. While similar to CISA or CISM, this course focuses on four main areas: Risk Identification,
    Assessment, Response and Mitigation, and Control Monitoring and Reporting. Our CRISC
    course will prepare you for identifying, evaluating and managing risk through construction,
    implementation and maintenance of IS controls.
    Who is this course For? IT and business professionals
    Course Goals: By the end of this course, students should be able to:
           ❏ Effectively prepare and enact strategic and focused plans to mitigate risk
           ❏ Make competent risk-based decisions
           ❏ Set common language and perspective risks that can become the baseline for risk
             management within their organizations
                                             Course Outline
                                                                                                                            
        Brought to you by:                            Develop your team with the fastest growing catalog in the 
                                                      cybersecurity industry. Enterprise-grade workforce development 
                                                      management, advanced training features and detailed skill gap and 
                                                  
                                                      competency analytics. 
                                                                                                                    1 
     
 
 
    Module 1 | Welcome and Introduction
          Lesson 1.1: Welcome and Introduction (02:40)
          Lesson 1.2: Who is ISACA? (02:46)
          Lesson 1.3: Who Should Take CRISC? (04:49)
          Lesson 1.4: The Exam (04:24)
    Module 2 | Preliminary
          Lesson 2.1: Introduction to Information Security Risks (04:25)
          Lesson 2.2: Risk Governance vs. Risk Management (07:25)
          Lesson 2.3: Risk Definitions (10:07)
          Lesson 2.4: IT Risk Management (07:14)
          Lesson 2.5: IT Security Basic (08:40)
          Lesson 2.6: Risk Management for IT Projects (06:14)
          Lesson 2.7: ISACA’s Framework and Lifecycle (03:25)
          Lesson 2.8: Review Questions (03:05)
    Module 3 | Risk Identification
          Lesson 3.1: Risk Identification Intro (02:50)
          Lesson 3.2: ISO 270005 Framework (08:45)
          Lesson 3.3: NIST 800-39 Risk Framing (09:29)
          Lesson 3.4: NIST 800-39 Risk Assessment (01:13)
          Lesson 3.5: NIST 800-39 Risk Response (07:01)
          Lesson 3.6: NIST 800-39 Risk Monitoring (06:23)
          Lesson 3.7: NIST 800-30 Intro (04:01)
          Lesson 3.8: NIST 800-30 Risk Assessment Methodology (05:51)
          Lesson 3.9: NIST 800-37 Revision 1 and Revision 2 (08:14)
          Lesson 3.10: Alignment with the Business (15:34)
          Lesson 3.11: Risk Culture (09:40)
          Lesson 3.12: Roles and Responsibilities (07:02)
          Lesson 3.13: The Risk Register (09:49)
          Lesson 3.14: Risk Scenarios (08:10)
          Lesson 3.15: Hardware and Software Risks (06:58)
          Lesson 3.16: Network Risks (08:30)
          Lesson 3.17: Emerging Risks (03:53)                                                                                                                          
        Brought to you by:                          Develop your team with the fastest growing catalog in the 
                                                    cybersecurity industry. Enterprise-grade workforce development 
                                                    management, advanced training features and detailed skill gap and                                                 
                                                    competency analytics. 
                                                                                                                  2        
                Lesson 3.18: 3rd Party Risks (02:21)
    Module 4 | Risk Assessment
          Lesson 4.1: Risk Assessment Intro (02:34)
          Lesson 4.2: Tools and Techniques Part 1 (08:06)
          Lesson 4.3: Tools and Techniques Part 2 (06:44)
          Lesson 4.4: Business Impact Analysis (08:00)
          Lesson 4.5: Controls Assessment (02:04)
          Lesson 4.6: Stride Threat Modeling (03:11)
          Lesson 4.7: Gap Analysis (06:43)
          Lesson 4.8: Risk Analysis Methodologies (14:14)
          Lesson 4.9: Risk Assessment Report (04:03)
    Module 5 | Risk Mitigation
          Lesson 5.1: Risk Mitigation Reduction (04:32)
          Lesson 5.2: Risk Mitigation Transference and Acceptance (05:20)
          Lesson 5.3: Information Security Concepts (05:45)
          Lesson 5.4: Security Program Requirements (04:34)
          Lesson 5.5: Essential Elements of an Information Security Program (02:16)
          Lesson 5.6: Introduction to Information Security Frameworks - ISO 27002 (07:55)
          Lesson 5.7: Information Security Frameworks (05:20)
          Lesson 5.8: Information Security Architecture (03:05)
          Lesson 5.9: Security Operations Events Monitoring (07:31)
          Lesson 5.10: Secure Engineering and Threat Modeling (07:39)
          Lesson 5.11: Protecting the Network - Segmentation (06:52)
          Lesson 5.12: Protecting the Network - Wireless Security (06:03)
          Lesson 5.13: Protecting the Network - Services (06:05)
          Lesson 5.14: Protecting the Network Through Detection and Network Access Control
          (02:49)
          Lesson 5.15: Data and Endpoint Security (04:59)
          Lesson 5.16: Selecting a Mitigation Strategy (06:49)
          Lesson 5.17: Types of Mitigating Controls (07:52)
          Lesson 5.18: Identity and Access Management (05:14)
          Lesson 5.19: Third Party Governance (07:17)
          Lesson 5.20: Policies, Procedures, Standards, and Guidelines (05:06)                                                                                                                                 
        Brought to you by:                                 Develop your team with the fastest growing catalog in the 
                                                           cybersecurity industry. Enterprise-grade workforce development 
                                                           management, advanced training features and detailed skill gap and                                                         
                                                           competency analytics. 
                                                                                                                         3        
                Lesson 5.21: Certification and Accreditation (08:51)
    Module 6 | Risk Monitoring and Control
          Lesson 6.1: Risk, Control Monitoring, and Reporting (05:41)
          Lesson 6.2: Key Risk Indicators (KRIs) (10:53)
          Lesson 6.3: Tools for Risk Monitoring (05:21)
                                                                                                                                
        Brought to you by:                                Develop your team with the fastest growing catalog in the 
                                                          cybersecurity industry. Enterprise-grade workforce development 
                                                          management, advanced training features and detailed skill gap and 
                                                      
                                                          competency analytics. 
                                                                                                                        4