CRISC Courses
CRISC Courses
July 13, 2024 No Comments on CRISC CoursesCRISC Courses South Africa
CRISC Training
The Certified in Risk and Information Systems Control certificate shows that the certificate holder has expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls. The certification focuses on risk identification, risk assessment, risk response, and risk reporting.
CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This certification is offered by ISACA, a nonprofit, independent association
Overall learn Advanced security anytime and anywhere. We have 3 training options and we have award-winning IT courses. In turn identify and implement client side and integration technologies. Thus learn how to create and manage your own security features.
Part-Time
Fast forward your career in the IT industry with a part-time Certified Risk and Information Systems Control (CRISC) courses at School of IT. All in all the Part-time CRISC courses that allow working professionals to transition into a new skill set while working. In turn at School of IT we are agile and can customize a data analyst course to the individual. Start anytime and choose your hours!
Full Time
Are you ready to start a career in IT? In turn learn about security and cyber security as a full time student at School of IT. Thus beginning your career as a Cyber Security Analyst. Start anytime and manage your own contact hours with your mentor!
High School
In addition prepare for the future by learn about advanced security for networks while you’re still in high school. Have the option to get internationally accredited and recognized before you even finish school!
Corporate
All in all upskill yourself or your company by learning about about cybersecurity while you’re working. Thus no matter where you are, you can upskill yourself and get internationally accredited and recognized in under 3 months!
Domain 1: Governance
Module 1: Organisational Governance
- Organisational Strategy, Goals, and Objectives
- Organisational Structure, Roles, and Responsibilities
- Organisational Culture
- Policies and Standards
- Business Process Review
- Organisational Assets
Module 2: Risk Governance
- Enterprise Risk Management and Risk Management Frameworks
- Three Lines of Defence
- Risk Profile
- Risk Appetite, Tolerance and Capacity
- Legal, Regulatory and Contractual Requirements
- Professional Ethics of Risk Management
Domain 2: IT Risk Assessment
Module 3: IT Risk Identification
- Risk Events
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis
- Risk Scenario Development
Module 4: IT Risk Analysis, Evaluation and Assessment
- Risk Assessment Concepts, Standards and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent, Residual and Current Risk
Domain 3: Risk Response and Reporting
Module 5: Risk Response
- Risk and Control Ownership
- Risk Treatment/Risk Response Options
- Third Party Risk Management
- Issue, Finding and Expectation Management
- Management of Emerging Risk
Module 6: Control, Design and Implementation
- Control Types, Standards and Frameworks
- Control Design, Selection and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
Module 7: Risk Monitoring and Reporting
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis and Validation
- Risk and Control Monitoring Techniques
- Key Performance Indicators
- Key Risk Indicators
- Key Control Indicators
Domain 4: Information Technology and Security
Module 8: Information Technology Principles
- Enterprise Architecture
- IT Operations Management
- Project Management
- Enterprise Resiliency
- Data Life Cycle Management
- System Development Life Cycle
- Emerging Trends in Technology
Module 9: Information Security Principles
- Information Security Concepts, Frameworks and Standards
- Information Security Awareness Training
- Data Privacy and Principles of Data Protection
Certified in Risk and Information Systems Control Outline
Domain 1: Information Security Governance
Module 1: Introduction to Information Security Governance
- About Information Security Governance
- Reason for Security Governance
- Security Governance Activities and Results
- Risk Appetite
- Organisation Culture
Module 2: Legal, Regulatory and Contractual Requirements
- Introduction
- Requirements for Content and Retention of Business Records
Module 3: Organisational Structures, Roles and Responsibilities
- Roles and Responsibilities
- Monitoring Responsibilities
Module 4: Information Security Strategy Development
- Introduction
- Business Goals and Objectives
- Information Security Strategy Objectives
- Ensuring Objective and Business Integration
- Avoiding Common Pitfalls and Bias
- Desired State
- Elements of a Strategy
Module 5: Information Governance Frameworks and Standards
- Security Balanced Scorecard
- Architectural Approaches
- Enterprise Risk Management Framework
- Information Security Management Frameworks and Models
Module 6: Strategic Planning
- Workforce Composition and Skills
- Assurance Provisions
- Risk Assessment and Management
- Action Plan to Implement Strategy
- Information Security Program Objectives
Domain 2: Information Security Risk Management
Module 7: Emerging Risk and Threat Landscape
- Risk Identification
- Threats
- Defining a Risk Management Framework
- Emerging Threats
- Risk, Likelihood and Impact
- Risk Register
Module 8: Vulnerability and Control Deficiency Analysis
- Introduction
- Security Control Baselines
- Events Affecting Security Baselines
Module 9: Risk Assessment and Analysis
- Introduction
- Determining the Risk Management Context
- Operational Risk Management
- Risk Management Integration with IT Life Cycle Management Processes
- Risk Scenarios
- Risk Assessment Process
- Risk Assessment and Analysis Methodologies
- Other Risk Assessment Approaches
- Risk Analysis
- Risk Evaluation
- Risk Ranking
Module 10: Risk Treatment or Risk Response Options
- Risk Treatment/Risk Response Options
- Determining Risk Capacity and Acceptable Risk
- (Risk Appetite)
- Risk Response Options
- Risk Acceptance Framework
- Inherent and Residual Risk
- Impact
- Controls
- Legal and Regulatory Requirements
- Costs and Benefits
Module 11: Risk and Control Ownership
- Risk Ownership and Accountability
- Risk Owner
- Control Owner
Module 12: Risk Monitoring and Reporting
- Risk Monitoring
- Key Risk Indicators
- Reporting Changes in Risk
- Risk Communication, Awareness and Consulting
- Documentation
Domain 3: Information Security Programme Development and Management
Module 13: Information Security Program Resources
- Introduction
- Information Security Program Objectives
- Information Security Program Concepts
- Common Information Security Program Challenges
- Common Information Security Program Constraints
Module 14: Information Asset Identification and Classification
- Information Asset Identification and Valuation
- Information Asset Valuation Strategies
- Information Asset Classification
- Methods to Determine Criticality of Assets and Impact of Adverse Events
Module 15: Industry Standards and Frameworks for Information Security
- Enterprise Information Security Architectures
- Information Security Management Frameworks
- Information Security Frameworks Components
Module 16: Information Security Policies, Procedures, and Guidelines
- Policies
- Standards
- Procedures
- Guidelines
Module 17: Information Security Program Metrics
- Introduction
- Effective Security Metrics
- Security Program Metrics and Monitoring
- Metrics Tailored to Enterprise Needs
Module 18: Information Security Control Design and Selection
- Introduction
- Managing Risk Through Controls
- Controls and Countermeasures
- Control Categories
- Control Design Considerations
- Control Methods
Module 19: Security Programme Management
- Risk Management
- Risk Management Programme
- Risk Treatment
- Audit and Reviews
- Third-Party Risk Management
Module 20: Security Programme Operations
- Event Monitoring
- Vulnerability Management
- Security Engineering and Development
- Network Protection
- Endpoint Protection and Management
- Identity and Access Management
- Security Incident Management
- Security Awareness Training
- Managed Security Service Providers
- Data Security
- Cryptography
- Symmetric Key Algorithms
Module 21: IT Service Management
- Service Desk
- Incident Management
- Problem Management
- Change Management
- Configuration Management
- Release Management
- Service Levels Management
- Financial Management
- Capacity Management
- Service Continuity Management
- Availability Management
- Asset Management
Module 22: Controls
- Internal Control Objectives
- Information Systems Control Objectives
- General Computing Controls
- Control Frameworks
- Controls Development
- Control Assessment
Module 23: Metrics and Monitoring
- Types of Metrics
- Audiences
- Continuous Improvement
Domain 4: Information Security Incident Management
Module 24: Security Incident Response Overview
- Phases of Incident Response
Module 25: Incident Response Plan Development
- Objectives
- Maturity
- Resources
- Roles and Responsibilities
- Gap Analysis
- Plan Development
Module 26: Responding to Security Incidents
- Detection
- Initiation
- Evaluation
- Recovery
- Remediation
- Closure
- Post-Incident Review
Module 27: Business Continuity and Disaster Recovery Planning
- Business Continuity Planning
- Disaster
- Disaster Recovery Planning
- Testing BC and DR Planning
Overall by the end of the CASP+ Course, Students will have knowledge in:
CompTIA Advanced Security Practitioner (CASP+) Course Outline
Module 1 – Supporting IT Governance and Risk Management
- Identify the Importance of IT Governance and Risk Management
- Assess and Mitigate Risk
- Integrate Documentation into Risk Management
Module 2 – Leveraging Collaboration to Support Security
- Facilitate Collaboration Across Business Units
- Secure Communications and Collaboration Solutions
Module 3 – Using Research and Analysis to Secure the Enterprise
- Determine Industry Trends and Their Effects on the Enterprise
- Analyse Scenarios to Secure the Enterprise
Module 4 – Integrating Advanced Authentication and Authorisation Techniques
- Implement Authentication and Authorisation Technologies
- Implement Advanced Identity and Access Management
Module 5 – Implementing Cryptographic Techniques
- Select Cryptographic Techniques
- Implement Cryptography
Module 6 – Implementing Security Controls for Hosts
- Select Host Hardware and Software
- Harden Hosts
- Virtualise Servers and Desktops
- Protect Boot Loaders
Module 7 – Implementing Security Controls for Mobile Devices
- Implement Mobile Device Management
- Address Security and Privacy Concerns for Mobile Devices
Module 8 – Implementing Network Security
- Planning Deployment of Network Security Components and Devices
- Planning Deployment of Network-Enabled Devices
- Implementing Advanced Network Design and Network Security Controls
Module 9 – Implementing Security in the Systems and Software Development Lifecycle
- Implement Security throughout the Technology Lifecycle
- Identify General Application Vulnerabilities
- Identify Web Application Vulnerabilities
- Implement Application Security Controls
Module 10 – Integrating Assets in a Secure Enterprise Architecture
- Integrate Standards and Best Practices in Enterprise Security
- Select Technical Deployment Models
- Integrate Cloud-Augmented Security Services
- Secure the Design of the Enterprise Infrastructure
- Integrate Data Security in the Enterprise Architecture
- Integrate Enterprise Applications in a Secure Architecture
Module 11 – Conducting Security Assessments
- Select Security Assessment Methods
- Perform Security Assessments with Appropriate Tools
Module 12 – Responding to and Recovering from Incidents
- Prepare for Incident Response and Forensic Investigations
- Conduct Incident Response and Forensic Analysis
Course Objectives.
By the end of the Cyber Security course, students will have usable knowledge of the following:
- Overall learn fundamental principles of cybersecurity management.
- Actively learn how to scan networks.
- All in all Learn to design a secure network topologies.
- Understand procedures for threat analysis.
- In turn troubleshoot various security systems.
- Learn basic principles of cybersecurity management.
- Understand cybersecurity culture.
- All in all evaluate risks and threats.
- Learn corporate governance, policies and the world wide web regulations.
The career prospects for CRISC graduates are excellent and high in demand. Computers is everywhere: on all platforms and devices and in all countries around the world!
- Security Analyst.
- Security Engineer.
- Security Architect.
- Security Administrator.
- Security Software Developer.
- Cryptographer.
- Cryptanalyst.
- Security Consultant.