Certified Information Systems Risk Manager (CISRM) – Outline

Detailed Course Outline

  • C)ISRM Part I: The Big Picture ·       About the C)ISRM Exam·       Exam Relevance·       About the C)ISRM Exam·       Section Overview·       Part 1 Learning Objectives·       Section Topics·       Overview of Risk Management·       Risk and Opportunity Management·       Responsibility vs. Accountability·       Risk Management , Roles and Responsibilities·       Relevance of Risk Management Frameworks, Standards and Practices ·       Frameworks ·       Standards ·       Practices         Relevance of Risk Governance ·       Overview of Risk Governance ·       Objectives of Risk Governance ·       Foundation of Risk Governance ·       Risk Appetite and Risk Tolerance         Risk Awareness and Communication ·       Key Concepts of Risk Governance ·       Risk Culture 
  • C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation  ·       Domain 1 Learning Objectives  ·       Task Statements  ·       Knowledge Statements  ·       The Process  ·       Describing the Business Impact of IT Risk  ·       IT Risk in the Risk Hierarchy  ·       IT Risk Categories  ·       High Level Process Phases  ·       Definition of Risk Scenario  ·       Risk Scenario Development  ·       Risk Registry & Risk Profile  ·       Risk Scenario Components  ·       Risk Scenario Development Enablers  ·       Systemic, Contagious or Obscure Risk  ·       Generic IT Risk Scenarios  ·       Definitions and Examples of Risk Factors  ·       Risk Factors— External Environment  ·       Risk Factors— Risk Management Capability  ·       Risk Factors— IT Capability  ·       Risk Factors— IT Related Business Capabilities   ·       Methods for Analyzing IT Risk  ·       Likelihood and Impact ·       Risk Analysis Output ·       Risk Analysis Methods ·       Risk Analysis Methods—Quantitative ·       Risk Analysis Methods—Qualitative ·       Risk Analysis Methods—for HIGH impact risk types ·       Risk Analysis Methods ·       Risk Analysis Methods—Business Impact Analysis (BIA) ·       Methods for Assessing IT Risk ·       Identifying  and Assessing IT Risk ·       Adverse Impact of Risk Event ·       Business Impacts From IT Risk ·       Business Related IT Risk Types ·       IT Project-Related Risk 
  • C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation Cont. ·       Risk Components—Inherent Risk  ·       Risk Components—Residual Risk  ·       Risk Components—Control Risk  ·       Risk Components—Detection Risk  ·       Business Risk and Threats Addressed By IT Resources ·       Identifying  and Assessing IT Risk  ·       Methods For Describing IT Risk In Business Terms 
  • C)ISRM Part II Domain 2 - Risk Response ·       Domain 2 Learning Objectives ·       Task Statements ·       Knowledge Statements ·       Risk Response Objectives ·       The Risk Response Process         Risk Response Options ·       Risk Response Parameters ·       Risk Tolerance and Risk Response Options ·       Risk Response Prioritization Options ·       Risk Mitigation Control Type ·       Risk Response Prioritization Factors ·       Risk Response Tracking, Integration and Implementation ·       Process Phases ·       Phase 1—Articulate Risk  ·       Phase 2—Manage Risk ·       Phase 3—React To Risk Events 
  • C)ISRM Part II - Domain 3 - Risk Monitoring ·       Learning Objectives ·       Task Statements ·       Knowledge Statements ·       Essentials ·       Risk Indicators ·       Risk Indicator Selection Criteria ·       Key Risk Indicators
  • C)ISRM Part II - Domain 3 - Risk Monitoring Cont. ·       Risk Monitoring ·       Risk Indicator Types and Parameters ·       Risk Indicator Considerations ·       Criteria for KRI Selection ·       Benefits of Selecting Right KRIs ·       Disadvantages of Wrong KRIs ·       Changing KRIs ·       Gathering KRI Data ·       Steps to Data Gathering ·       Gathering Requirements ·       Data Access ·       Data Preparation ·       Data Validating Considerations ·       Data Analysis ·       Reporting and Corrective Actions ·       Optimizing KRIs ·       Use of Maturity Level Assessment ·       Assessing Risk Maturity Levels ·       Risk Management Capability Maturity Levels ·       Changing Threat Levels ·       Monitoring Changes in Threat Levels ·       Measuring Changes in Threat Levels ·       Responding to Changes in Threat Levels ·       Threat Level Review ·       Changes in Asset Value ·       Maintain Asset Inventory ·       Risk Reporting ·       Reporting Content ·       Effective Reports ·       Report Recommendations ·       Possible Risk Report Recipients 
  • C)ISRM Part II Domain 4 - IS Control Design and Implementation ·       Domain 4 Learning Objectives ·       Task Statements ·       Knowledge Statements ·       C)ISRM Involvement ·       Control Definition ·       Control Categories ·       Control Types and Effects ·       Control Methods ·       Control Design Considerations ·       Control Strength ·       Control Strength ·       Control Costs and Benefits ·       Potential Loss Measures ·       Total Cost of Ownership For Controls ·       Role of the C)ISRM in SDLC ·       The SDLC Process ·The Systems Development Life Cycle (SDLC) ·       ‘Meets and Continues to Meet’ ·       SDLC ·       SDLC Phases ·       Addressing Risk Within the SDLC ·       Business Risk versus Project Risk ·       Understanding Project Risk ·       Addressing Business Risk ·       Understanding Business and Risk Requirements ·       Understand Business Risk ·       High Level SDLC Phases ·       Project Initiation ·       Phase 1 – Project Initiation ·       Phase 1 Tasks ·       Task 1—Feasibility Study ·       Feasibility Study Components ·       Determining Feasibility ·       Outcomes of the Feasibility Study ·       Task 2—Define Requirement ·       Requirement Progression ·       Business Information Requirements (COBIT) ·       Requirements Success Factors 
  • C)ISRM Part II Domain 4 - IS Control Design and Implementation ·       Task 3—Acquire Software “Options” ·       Software Selection Criteria ·       Software Acquisition ·       Software Acquisition Process ·       Leading Principles for Design and Implementation ·       C)ISRM Responsibilities ·       Key System Design Activities: ·       Steps to Perform Phase 2 ·       Phase 2 - Project Design and Development ·       System Testing ·       Test Plans ·       Project Testing ·       Types of Tests ·       UAT Requirements ·       Certification and Accreditation ·       Project Status Reports ·       Phase 3 - Project Testing ·       Testing Techniques ·       Verification and Validation ·       Phase 4 - Project Implementation ·       Project Implementation ·       Implementation Phases ·       Phase 4 - Project Implementation ·       End User Training Plans & Techniques ·       Training Strategy ·       Data Migration/Conversion Considerations ·       Risks During Data Migration ·       Data Conversion Steps ·       Implementation Rollback ·       Data Conversion Project Key Considerations ·       Changeover Techniques ·       Post-Implementation Review ·       Performing Post-Implementation Review ·       Measurements of Critical Success Factors ·       Closing a Project ·       Project Management and Controlling ·       Project Management Tools and Techniques ·       Project Management Elements ·       Project Management Practices ·       PERT chart and critical path PERT Attribute"