C)ISRM: Information Systems Risk Manager

Mile2's Certified Information Systems Risk Manager, C)ISRM, course is made for IT and IS professionals who are involved with all aspects of risk management. First, you will learn to assess a system, then implement risk controls. Finally, you will be able to monitor and maintain risk procedures.

With this training, you will be able to identify risks associated with specific industries. After course completion, you will be able to design, implement, monitor and maintain risk-based, efficient and effective IS controls.

Prerequisites

  • Mile2’s C)SP
  • 12 months of IT experience

Target audience

  • IS Security Officers
  • Privacy Officers
  • Health IS Managers
  • Risk Mangers
  • Info Security Managers
  • Government Employees

 


Modules:

  • Module 1 – The Big Picture
  • Module 2 – Domain 1 – Risk Identification
  • Module 3 – Domain 2 – Risk Response
  • Module 4 – Domain 3 – Risk Monitor
  • Module 5 – Domain 4 – IS Control Design and Implementation

Detailed Outline:

C)ISRM Part I: The Big Picture  

  • About the C)ISRM Exam
  • Exam Relevance
  • About the C)ISRM Exam
  • Section Overview
  • Part 1 Learning Objectives
  • Section Topics
  • Overview of Risk Management
  • Risk and Opportunity Management
  • Responsibility vs. Accountability
  • Risk Management
    Roles and Responsibilities 
  • Relevance of Risk Management Frameworks, Standards and Practices
  • Frameworks
  • Standards
  • Practices
  • Relevance of Risk Governance
  • Overview of Risk Governance
  • Objectives of Risk Governance
  • Foundation of Risk Governance
  • Risk Appetite and Risk Tolerance
  • Risk Awareness and Communication
  • Key Concepts of
    Risk Governance 
  • Risk Culture

C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation 

  • Domain 1 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • The Process
  • Describing the Business Impact of IT Risk
  • IT Risk in the Risk Hierarchy
  • IT Risk Categories
  • High Level Process Phases
  • Definition of Risk Scenario
  • Risk Scenario Development
  • Risk Registry & Risk Profile
  • Risk Scenario Components
  • Risk Scenario Development Enablers
  • Systemic, Contagious or Obscure Risk
  • Generic IT Risk Scenarios
  • Definitions and Examples of Risk Factors
  • Risk Factors— External Environment
  • Risk Factors— Risk Management Capability
  • Risk Factors— IT Capability
  • Risk Factors— IT Related Business Capabilities 
  • Methods for Analyzing IT Risk
  • Likelihood and Impact
  • Risk Analysis Output
  • Risk Analysis Methods
  • Risk Analysis Methods—Quantitative
  • Risk Analysis Methods—Qualitative
  • Risk Analysis Methods—for HIGH impact risk types
  • Risk Analysis Methods
  • Risk Analysis Methods—Business Impact Analysis (BIA)
  • Methods for Assessing IT Risk
  • Identifying  and Assessing IT Risk
  • Adverse Impact of Risk Event
  • Business Impacts From IT Risk
  • Business Related IT Risk Types
  • IT Project-Related Risk 

C)ISRM Part II - Domain 1 Risk Identification Assessment and Evaluation Cont.

  • Risk Components—Inherent Risk
  • Risk Components—Residual Risk
  • Risk Components—Control Risk
  • Risk Components—Detection Risk
  • Business Risk and Threats 
    Addressed By IT Resources 
  • Identifying  and Assessing IT Risk
  • Methods For Describing 
    IT Risk In Business Terms 

C)ISRM Part II Domain 2 - Risk Response 

  • Domain 2 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Risk Response Objectives
  • The Risk Response Process
  • Risk Response Options
  • Risk Response Parameters
  • Risk Tolerance and Risk Response Options
  • Risk Response Prioritization Options
  • Risk Mitigation Control Types
  • Risk Response Prioritization Factors
  • Risk Response Tracking, Integration and Implementation
  • Process Phases
  • Phase 1—Articulate Risk 
  • Phase 2—Manage Risk
  • Phase 3—React To Risk Events


C)ISRM Part II - Domain 3 - Risk Monitoring
 

  • Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Essentials
  • Risk Indicators
  • Risk Indicator Selection Criteria
  • Key Risk Indicators

C)ISRM Part II - Domain 3 - Risk Monitoring Cont.

  • Risk Monitoring
  • Risk Indicator Types and Parameters
  • Risk Indicator Considerations
  • Criteria for KRI Selection
  • Benefits of Selecting Right KRIs
  • Disadvantages of Wrong KRIs
  • Changing KRIs
  • Gathering KRI Data
  • Steps to Data Gathering
  • Gathering Requirements
  • Data Access
  • Data Preparation
  • Data Validating Considerations
  • Data Analysis
  • Reporting and Corrective Actions
  • Optimizing KRIs
  • Use of Maturity Level Assessment
  • Assessing Risk Maturity Levels
  • Risk Management Capability Maturity Levels
  • Changing Threat Levels
  • Monitoring Changes in Threat Levels
  • Measuring Changes in Threat Levels
  • Responding to Changes in Threat Levels
  • Threat Level Review
  • Changes in Asset Value
  • Maintain Asset Inventory
  • Risk Reporting
  • Reporting Content
  • Effective Reports
  • Report Recommendations
  • Possible Risk Report Recipients


Upon completion:

Upon completion, Certified Information Systems Risk Manager students will be prepared to pass the C)ISRM exam.

Exam information:

The Certified Information Systems Risk Manager exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account.  The exam will take approximately 2 hours and consist of 100 multiple choice questions. 

A minimum grade of 70% is required for certification.

Exam fee is included in the course price!

Re-certification requirements:

All Mile2 certifications will be awarded a 3-year expiration date.

There are two requirements to maintain Mile2 certification:

  • Pass the most current version of the exam for your respective existing certification
  • Earn and submit 20 CEUs per year in your Mile2 account.


FAQ

  1. Hvem passer dette kurset for?
    Kurset er utviklet for IT- og IS-profesjonelle som arbeider med risikostyring og informasjonssikkerhet. Det passer spesielt for:

    • IS Security Officers

    • Privacy Officers

    • Health IS Managers

    • Risk Managers

    • Information Security Managers

    • Government Employees

  2. Hvilke forkunnskaper bør jeg ha?
    Det anbefales at du har:

    • Mile2’s CJSP eller tilsvarende kompetanse

    • Minst 12 måneders IT-erfaring
      Dette er et kurs på viderekomment nivå, og passer best for deg som allerede har grunnleggende erfaring med risikostyring eller sikkerhet.

  3. Hva lærer jeg i kurset?
    Etter kurset kan du blant annet:

    • Identifisere, analysere og evaluere IT- og IS-risikoer

    • Gjennomføre risk response-prosesser og implementere tiltak

    • Overvåke og rapportere risiko med Key Risk Indicators (KRIs)

    • Designe og implementere effektive IS-kontroller

    • Vurdere risikostyringsrammeverk, standarder og governance-strukturer

    • Anvende både kvantitative og kvalitative metoder for risikovurdering

  4. Hvordan foregår kurset?
    Kurset går over 4 dager og tilbys både virtuelt og fysisk i klasserom. Det kombinerer forelesninger, case-studier og omfattende diskusjoner.

  5. Er dette kurset praktisk?
    Ja – du jobber med konkrete casebaserte oppgaver og får en grundig innføring i hvordan man identifiserer, evaluerer, overvåker og håndterer risiko i praksis.

  6. Hvor mye koster kurset?
    Kursavgiften er 30 000 NOK, og eksamen er inkludert i prisen.

  7. Hva slags materiell får jeg?
    Du får Mile2 sitt offisielle kursmateriell, digitale ressurser, samt tilgang til læringsplattformen Mile2.com for øvelser og eksamen.

  8. Gir kurset sertifisering?
    Ja – kurset inkluderer sertifiseringseksamen Certified Information Systems Risk Manager (CISRM).

    • Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål

    • Du må ha minst 70 % riktig for å bestå

    • Eksamen tas online via Mile2 sin læringsplattform

  9. Hvor lenge varer sertifiseringen?
    Sertifiseringen er gyldig i 3 år. For å opprettholde sertifiseringen må du:

    1. Bestå den nyeste versjonen av eksamen

    2. Opparbeide og registrere 20 CEUs per år i Mile2-kontoen din

  10. Kan jeg delta digitalt?
    Ja – kurset kan tas både som fysisk kurs i klasserom og som live virtuelt kurs.

  11. Kan jeg få kurset spesialtilpasset?
    Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.

  12. Kan jeg bestille kurset for min organisasjon?
    Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.

Andre relevante kurs

5 dager
Classroom Virtual
5 dager
Classroom Virtual
4 dager
Classroom Virtual