Certified Information Systems Risk Manager (CISRM) – Perfil

Esquema Detallado del Curso

  • ISRM Part 1: The BigPicture
    • About the C)ISRM Exam
    • Exam Relevance
    • About the C)ISRM Exam
    • Section Overview
    • Part 1 Learning Objectives
    • Section Topics
    • Overview of Risk Management
    • Risk
    • Risk and Opportunity Management
    • Responsibility vs. Accountability
    • Risk Management
    • Roles and Responsibilities
    • Relevance of Risk Management Frameworks,Standards and Practices
    • Frameworks
    • Standards Practices
    • Relevance of Risk Governance
    • Overview of Risk Governance
    • Objectives of Risk Governance
    • Foundation of Risk Governance
    • Risk Appetite and Risk Tolerance
    • Risk Awareness and Communication
    • Key Concepts of Risk Governance
    • Risk Culture
    • Case Study
    • Practice Question 1
    • Practice Question 2
    • Practice Question 3
    • Practice Question 4
    • Practice Question 5
    • Acronym Review
    • Definition Review
  • ISRM Part II -Domain 1 Risk Identification Assessment and Evaluation
    • Section Overview
    • Exam Relevance
    • Domain 1 Learning Objectives
    • Task Statements
    • Knowledge Statements
    • The Process
    • Describing the Business Impact of IT Risk
    • IT Risk in the Risk Hierarchy
    • IT Risk Categories
    • High Level Process Phases
    • Risk Scenarios
    • Definition of Risk Scenario
    • Purpose of Risk Scenarios
    • Event Types
    • Risk Scenario Development
    • Risk Registry & Risk Profile
    • Risk Scenario Development
    • Risk Scenario Components
    • Risk Scenario Development
    • Risk Scenario Development Enablers
    • Systemic, Contagious or Obscure Risk
    • Generic IT Risk Scenarios
    • Definition of Risk Factor
    • Examples of Risk Factors
    • Risk Factors—External Environment
    • Risk Factors-Risk Management Capability
    • Risk Factors—IT Capability
    • Risk Factors—IT Related Business Capabilities
    • Methods for Analyzing IT Risk
    • Likelihood and Impact
    • Risk Analysis Output
    • Risk Analysis Methods
    • Risk Analysis Methods—Quantitative
    • Risk Analysis Methods—Qualitative
    • Risk Analysis Methods—for HIGH impact risk types
    • Risk Analysis Methods
    • Risk Analysis Methods—Business Impact
    • Analysis (BIA)Methods for Assessing IT Risk
    • Identifying and Assessing IT Risk
    • Definitions
    • Adverse Impact of Risk Event
    • Business Impacts From IT Risk
    • Business Related IT Risk Types
    • IT Project-Related Risk
    • Risk Components—Inherent Risk
    • Risk Components—Control Risk
    • Risk Components—Detection Risk
    • Business Risk and Threats
    • Addressed By IT Resourcess
    • Identifying and Assessing IT Risk
    • Methods For Describing
    • IT Risk In Business Terms
    • Case Study
    • Acronym Review
    • Definition Review
    • Domain 1–Exercises
  • ISRM Part II Domain 2 -Risk Response
    • Section Overview
    • Exam Relevance
    • Domain 2 Learning Objectives
    • Task Statements
    • Knowledge Statements
    • Risk Response Objectives
    • The Risk Response Process
    • Risk Response Options
    • Risk Response Parameters
    • Risk Tolerance and Risk Response Options
    • Risk Response Prioritization Options
    • Risk Mitigation Control Types
    • Risk Response Prioritization Factors
    • Risk Response Tracking, Integration and Implementation
    • Process Phases
    • Phase 1—Articulate Risk
    • Phase 2—Manage Risk
    • Phase 3—React To Risk Events
    • Sample Case Study
    • Domain 2–Exercise 1
  • SRM Part II -Domain 3 -Risk Monitoring
    • Course Agenda
    • Exam Relevance
    • Learning Objectives
    • Task Statements
    • Knowledge Statements
    • EssentialsRisk Indicators
    • Risk Indicator Selection Criteria
    • Key Risk Indicators
    • Risk Monitoring
    • Risk Indicator Types and Parameters
    • Risk Indicator Considerations
    • Criteria for KRI Selection
    • Benefits of Selecting Right KRIs
    • Disadvantages of Wrong KRIs
    • Changing KRIs
    • Gathering KRI Data
    • Steps to Data Gathering
    • Gathering Requirements
    • Data Access
    • Data Preparation
    • Data Validating Considerations
    • Data Analysis
    • Reporting and Corrective Actions
    • Optimizing KRIs
    • Use of Maturity Level Assessment
    • Assessing Risk Maturity Levels
    • Risk Management Capability Maturity Levels
    • Changing Threat Levels
    • Monitoring Changes in Threat Levels
    • Measuring Changes in Threat Levels
    • Responding to Changes in Threat Levels
    • Threat Level Review
    • Changes in Asset Value
    • Maintain Asset Inventory
    • Risk Reporting
    • Reporting Content
    • Effective Reports
    • Report Recommendations
    • Possible Risk Report Recipients
    • Periodic Reporting
    • Reporting Topics
    • Risk Reporting Techniques
    • Sample Case Study
    • Practice Question 1
    • Practice Question 2
    • Practice Question 3
    • Practice Question 4
    • Acronym Review
    • Definition Review
    • Domain 3–Exercises
    • ISRM Part II Domain 4 -IS Control Design andImplementation
    • Section Overview
    • Exam Relevance
    • Domain 4 Learning Objectives
    • Task Statements
    • Knowledge Statements
    • C)ISRM Involvement
    • Control Definition
    • Control Categories
    • Control Types and Effects
    • Control Methods
    • Control Design Considerations
    • Control Strength
    • Control Costs and Benefits
    • Potential Loss Measures
    • Total Cost of Ownership For Controls
    • Role of the C)ISRM in SDLC
    • The SDLC Process
    • Outcomes of the Feasibility Study
    • Task 1—Define Requirement
    • Requirement Progression
    • Business Information Requirements (COBIT)Requirements Success Factors
    • Task 3—Acquire Software “Options”
    • Software Selection Criteria
    • Software Acquisition
    • Software Acquisition Process
    • Leading Principles for Design and Implementation
    • C)ISRM Responsibilities
    • Key System Design Activities:
    • Steps to Perform Phase 2
    • Phase 2 -Project Design and Development
    • SystemTesting
    • Test Plans
    • Project Testing
    • Types of Tests
    • UAT Requirements
    • Certification and Accreditation
    • Project Status Reports
    • Phase 3 -Project Testing
    • Testing Techniques
    • Verification and Validation
    • Phase 4 -Project Implementation
    • Project Implementation
    • The Systems
    • Development Life Cycle (SDLC)‘Meets and Continues to Meet’
    • SDLC
    • SDLC Phases
    • Addressing Risk Within the SDLC
    • Business Risk versus Project Risk
    • Understanding Project Risk
    • Addressing Business Risk
    • Understanding Business
    • and Risk Requirements
    • Understand Business Risk
    • High Level SDLC Phases
    • Project Initiation
    • Phase 1–Project Initiation
    • Phase 1 Tasks
    • Task 1—Feasibility Study
    • Feasibility Study Components
    • Determining Feasibility
    • Implementation Phases
    • Phase 4 -Project Implementation
    • End User Training Plans & Techniques
    • Training Strategy
    • Data Migration/Conversion Considerations
    • Risks During Data Migration
    • Data Conversion Steps
    • Implementation Rollback
    • Data Conversion Project Key Considerations
    • Changeover Techniques
    • Post-Implementation Review
    • Performing Post-Implementation Review
    • Measurements of Critical Success Factors
    • Closing a Project
    • Project Management and Controlling
    • Project Management Tools and Techniques
    • Project Management Elements
    • Project Management Practices
    • PERT chart and critical path
    • PERT Attribute
    • Sample Case Study
    • Practice Question 1
    • Practice Question 2
    • Practice Question 3
    • Practice Question 4
    • Practice Question 5