Stay ahead by continuously learning and advancing your career.. Learn More

Certified in Risk and Information Systems Control (CRISC) Practice Exam

description

Bookmark Enrolled Intermediate

Certified in Risk and Information Systems Control (CRISC) Practice Exam


Obtaining a Certified in Risk and Information Systems Control® (CRISC®) certification will elevate you to the status of a Risk Management specialist. Through a proactive approach rooted in Agile methodology, you'll acquire the skills to bolster your company's business resilience, deliver value to stakeholders, and streamline Risk Management practices throughout the organization.


Who should take the exam?

This certification is designed for individuals with expertise in managing IT risk and overseeing the design, implementation, monitoring, and upkeep of Information Systems (IS) controls.


Eligibility prerequisites include:

  • A minimum of three (3) years of experience in IT risk management and IS control.


Exam Details

  • Exam Name: Certified in Risk and Information Systems Control
  • Exam Code: CRISC
  • Exam Language: Chinese Simplified, English, Spanish, Korean
  • Time Duration: 4 hours (240 minutes),
  • Questions: 150 multiple choice


Course Outline

The Certified in Risk and Information Systems Control (CRISC) Exam covers the following topics - 

Domain 1 – Understand Governance (26%)

ORGANIZATIONAL GOVERNANCE

  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets


RISK GOVERNANCE

  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory and Contractual Requirements
  • Professional Ethics of Risk Management

Domain 2 – Learn about IT Risk Assessment (20%)

IT RISK IDENTIFICATION

  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development


IT RISK ANALYSIS AND EVALUATION

  • Risk Assessment Concepts, Standards and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk

Domain 3 – Understand Risk Response and Reporting (32%)

RISK RESPONSE

  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding and Exception Management
  • Management of Emerging Risk


CONTROL DESIGN AND IMPLEMENTATION

  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation


RISK MONITORING AND REPORTING

  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)
  • Key Control Indicators (KCIs)

Domain 4 – Learn Information Technology and Security (22%)

INFORMATION TECHNOLOGY PRINCIPLES

  • Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies


INFORMATION SECURITY PRINCIPLES

  • Information Security Concepts, Frameworks and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles

Reviews

Tags: Certified in Risk and Information Systems Control (CRISC) Exam, Certified in Risk and Information Systems Control (CRISC) Exam Questions,

Certified in Risk and Information Systems Control (CRISC) Practice Exam

Certified in Risk and Information Systems Control (CRISC) Practice Exam

  • Test Code:1144-P
  • Availability:In Stock

  • $7.99

  • Ex Tax:$7.99


%s reviews / Write a review

Certified in Risk and Information Systems Control (CRISC) Practice Exam


Obtaining a Certified in Risk and Information Systems Control® (CRISC®) certification will elevate you to the status of a Risk Management specialist. Through a proactive approach rooted in Agile methodology, you'll acquire the skills to bolster your company's business resilience, deliver value to stakeholders, and streamline Risk Management practices throughout the organization.


Who should take the exam?

This certification is designed for individuals with expertise in managing IT risk and overseeing the design, implementation, monitoring, and upkeep of Information Systems (IS) controls.


Eligibility prerequisites include:

  • A minimum of three (3) years of experience in IT risk management and IS control.


Exam Details

  • Exam Name: Certified in Risk and Information Systems Control
  • Exam Code: CRISC
  • Exam Language: Chinese Simplified, English, Spanish, Korean
  • Time Duration: 4 hours (240 minutes),
  • Questions: 150 multiple choice


Course Outline

The Certified in Risk and Information Systems Control (CRISC) Exam covers the following topics - 

Domain 1 – Understand Governance (26%)

ORGANIZATIONAL GOVERNANCE

  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets


RISK GOVERNANCE

  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory and Contractual Requirements
  • Professional Ethics of Risk Management

Domain 2 – Learn about IT Risk Assessment (20%)

IT RISK IDENTIFICATION

  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development


IT RISK ANALYSIS AND EVALUATION

  • Risk Assessment Concepts, Standards and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk

Domain 3 – Understand Risk Response and Reporting (32%)

RISK RESPONSE

  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding and Exception Management
  • Management of Emerging Risk


CONTROL DESIGN AND IMPLEMENTATION

  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation


RISK MONITORING AND REPORTING

  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)
  • Key Control Indicators (KCIs)

Domain 4 – Learn Information Technology and Security (22%)

INFORMATION TECHNOLOGY PRINCIPLES

  • Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies


INFORMATION SECURITY PRINCIPLES

  • Information Security Concepts, Frameworks and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles