C)ISRM: Information Systems Risk Manager

Mile2's Certified Information Systems Risk Manager, C)ISRM, course is made for IT and IS professionals who are involved with all aspects of risk management. First, you will learn to assess a system, then implement risk controls. Finally, you will be able to monitor and maintain risk procedures.

With this training, you will be able to identify risks associated with specific industries. After course completion, you will be able to design, implement, monitor and maintain risk-based, efficient and effective IS controls.

Prerequisites

Mile2’s C)SP
12 months of IT experience

Target audience

IS Security Officers
Privacy Officers
Health IS Managers
Risk Mangers
Info Security Managers
Government Employees

Modules:

Module 1 – The Big Picture
Module 2 – Domain 1 – Risk Identification
Module 3 – Domain 2 – Risk Response
Module 4 – Domain 3 – Risk Monitor
Module 5 – Domain 4 – IS Control Design and Implementation

Detailed Outline:

C)ISRM Part I: The Big Picture

About the C)ISRM Exam
Exam Relevance
About the C)ISRM Exam
Section Overview
Part 1 Learning Objectives
Section Topics
Overview of Risk Management
Risk and Opportunity Management
Responsibility vs. Accountability
Risk Management
Roles and Responsibilities
Relevance of Risk Management Frameworks, Standards and Practices
Frameworks
Standards
Practices
Relevance of Risk Governance
Overview of Risk Governance
Objectives of Risk Governance
Foundation of Risk Governance
Risk Appetite and Risk Tolerance
Risk Awareness and Communication
Key Concepts of
Risk Governance
Risk Culture

C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation

Domain 1 Learning Objectives
Task Statements
Knowledge Statements
The Process
Describing the Business Impact of IT Risk
IT Risk in the Risk Hierarchy
IT Risk Categories
High Level Process Phases
Definition of Risk Scenario
Risk Scenario Development
Risk Registry & Risk Profile
Risk Scenario Components
Risk Scenario Development Enablers
Systemic, Contagious or Obscure Risk
Generic IT Risk Scenarios
Definitions and Examples of Risk Factors
Risk Factors— External Environment
Risk Factors— Risk Management Capability
Risk Factors— IT Capability
Risk Factors— IT Related Business Capabilities
Methods for Analyzing IT Risk
Likelihood and Impact
Risk Analysis Output
Risk Analysis Methods
Risk Analysis Methods—Quantitative
Risk Analysis Methods—Qualitative
Risk Analysis Methods—for HIGH impact risk types
Risk Analysis Methods
Risk Analysis Methods—Business Impact Analysis (BIA)
Methods for Assessing IT Risk
Identifying and Assessing IT Risk
Adverse Impact of Risk Event
Business Impacts From IT Risk
Business Related IT Risk Types
IT Project-Related Risk

C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation Cont.

Risk Components—Inherent Risk
Risk Components—Residual Risk
Risk Components—Control Risk
Risk Components—Detection Risk
Business Risk and Threats
Addressed By IT Resources
Identifying and Assessing IT Risk
Methods For Describing
IT Risk In Business Terms

C)ISRM Part II Domain 2 - Risk Response

Domain 2 Learning Objectives
Task Statements
Knowledge Statements
Risk Response Objectives
The Risk Response Process
Risk Response Options
Risk Response Parameters
Risk Tolerance and Risk Response Options
Risk Response Prioritization Options
Risk Mitigation Control Types
Risk Response Prioritization Factors
Risk Response Tracking, Integration and Implementation
Process Phases
Phase 1—Articulate Risk
Phase 2—Manage Risk
Phase 3—React To Risk Events

C)ISRM Part II - Domain 3 - Risk Monitoring

Learning Objectives
Task Statements
Knowledge Statements
Essentials
Risk Indicators
Risk Indicator Selection Criteria
Key Risk Indicators

C)ISRM Part II - Domain 3 - Risk Monitoring Cont.

Risk Monitoring
Risk Indicator Types and Parameters
Risk Indicator Considerations
Criteria for KRI Selection
Benefits of Selecting Right KRIs
Disadvantages of Wrong KRIs
Changing KRIs
Gathering KRI Data
Steps to Data Gathering
Gathering Requirements
Data Access
Data Preparation
Data Validating Considerations
Data Analysis
Reporting and Corrective Actions
Optimizing KRIs
Use of Maturity Level Assessment
Assessing Risk Maturity Levels
Risk Management Capability Maturity Levels
Changing Threat Levels
Monitoring Changes in Threat Levels
Measuring Changes in Threat Levels
Responding to Changes in Threat Levels
Threat Level Review
Changes in Asset Value
Maintain Asset Inventory
Risk Reporting
Reporting Content
Effective Reports
Report Recommendations
Possible Risk Report Recipients

Upon completion:

Upon completion, Certified Information Systems Risk Manager students will be prepared to pass the C)ISRM exam.

Exam information:

The Certified Information Systems Risk Manager exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions.

A minimum grade of 70% is required for certification.

Exam fee is included in the course price!

Re-certification requirements:

All Mile2 certifications will be awarded a 3-year expiration date.

There are two requirements to maintain Mile2 certification:

Pass the most current version of the exam for your respective existing certification
Earn and submit 20 CEUs per year in your Mile2 account.

FAQ

Hvem passer dette kurset for?
Kurset er utviklet for IT- og IS-profesjonelle som arbeider med risikostyring og informasjonssikkerhet. Det passer spesielt for:
- IS Security Officers
- Privacy Officers
- Health IS Managers
- Risk Managers
- Information Security Managers
- Government Employees
Hvilke forkunnskaper bør jeg ha?
Det anbefales at du har:
- Mile2’s CJSP eller tilsvarende kompetanse
- Minst 12 måneders IT-erfaring
  Dette er et kurs på viderekomment nivå, og passer best for deg som allerede har grunnleggende erfaring med risikostyring eller sikkerhet.
Hva lærer jeg i kurset?
Etter kurset kan du blant annet:
- Identifisere, analysere og evaluere IT- og IS-risikoer
- Gjennomføre risk response-prosesser og implementere tiltak
- Overvåke og rapportere risiko med Key Risk Indicators (KRIs)
- Designe og implementere effektive IS-kontroller
- Vurdere risikostyringsrammeverk, standarder og governance-strukturer
- Anvende både kvantitative og kvalitative metoder for risikovurdering
Hvordan foregår kurset?
Kurset går over 4 dager og tilbys både virtuelt og fysisk i klasserom. Det kombinerer forelesninger, case-studier og omfattende diskusjoner.
Er dette kurset praktisk?
Ja – du jobber med konkrete casebaserte oppgaver og får en grundig innføring i hvordan man identifiserer, evaluerer, overvåker og håndterer risiko i praksis.
Hvor mye koster kurset?
Kursavgiften er 30 000 NOK, og eksamen er inkludert i prisen.
Hva slags materiell får jeg?
Du får Mile2 sitt offisielle kursmateriell, digitale ressurser, samt tilgang til læringsplattformen Mile2.com for øvelser og eksamen.
Gir kurset sertifisering?
Ja – kurset inkluderer sertifiseringseksamen Certified Information Systems Risk Manager (CISRM).
- Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål
- Du må ha minst 70 % riktig for å bestå
- Eksamen tas online via Mile2 sin læringsplattform
Hvor lenge varer sertifiseringen?
Sertifiseringen er gyldig i 3 år. For å opprettholde sertifiseringen må du:
1. Bestå den nyeste versjonen av eksamen
2. Opparbeide og registrere 20 CEUs per år i Mile2-kontoen din
Kan jeg delta digitalt?
Ja – kurset kan tas både som fysisk kurs i klasserom og som live virtuelt kurs.
Kan jeg få kurset spesialtilpasset?
Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.
Kan jeg bestille kurset for min organisasjon?
Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.

Kursavgift:	30,000 NOK
Kurset inkluderer:	Course material and exam voucher. Lunch and refreshments for in class events only
Timer	09:00-16:00
Varighet:	4 dager
Språk	English course material, English speaking instructor