CISRM: Certified Information Systems Risk Manager

Overview

This course will teach students about information systems risk. Topics covered include risk identification, assessment, evaluation, response, and monitoring, as well as information systems control design and implementation.

Series Taught By: John Glover

Available CEUs for Course Series Completion: 6
Students can earn up to 6 CEUs for fully completing this course series. This information will be displayed on the certificate of completion. Learn More

Course Modules

1. Part I - The Big Picture: How Risk Management Relates to Risk Governance

1. CISRM – Certified Information Systems Risk Manager
2. Part I – The Big Picture: How Risk Management Relate…
3. The Big Picture: How Risk Management Relates to Risk Gove…
4. About the CISRM Exam
5. Exam Relevance
6. About the CISRM Exam
7. CISRM Review Course
8. Section Overview
9. Part 1 Learning Objectives
10. Risk Management
11. Section Topics
12. Overview of Risk Management
13. Risk
14. Risk and Opportunity Management
15. Responsibility vs. Accountability
16. Responsibility vs. Accountability
17. Risk Management Roles and Responsibilities
18. Risk Management Frameworks, Standards and Pract…
19. Relevance of Risk Management Frameworks, Standa…
20. Frameworks
21. Standards
22. Practices
23. Essentials of Risk Governance
24. Relevance of Risk Governance
25. Overview of Risk Governance
26. Objectives of Risk Governance
27. Foundation of Risk Governance
28. Objectives of Risk Governance—cont.
29. Objectives of Risk Governance—cont.
30. Objectives of Risk Governance—cont.
31. Risk Appetite and Tolerance
32. Risk Appetite and Risk Tolerance
33. Risk Appetite and Risk Tolerance—cont.
34. Risk Appetite and Risk Tolerance—cont.
35. Risk Awareness and Communication
36. Risk Awareness and Communication
37. Risk Awareness and Communication—cont.
38. Risk Awareness and Communication—cont.
39. Key Concepts of Risk Governance
40. Key Concepts of Risk Governance
41. Risk Culture
42. Risk Culture—cont.
43. Risk Culture
44. Case Study & Practice Questions
45. Case Study
46. Practice Question 1
47. Practice Question 2
48. Practice Question 3
49. Practice Question 4
50. Practice Question 5
51. Definitions and Acronyms
52. Acronym Review
53. Definition Review
54. Definition Review
55. Supplemental Exercises
56. Big Picture Exercises
57. Suggested Resources for Further Study
58. Suggested Resources for Further Study
59. End of CISRM Part I – The Big Picture
60. Part I Quiz

2. Part II Domain 1 - Risk Identification, Assessment and Evaluation

1. Part II Domain 1 – Risk Identification, Assessment and Evaluation
2. Risk Identification, Assessment and Evaluation
3. Section Overview
4. Exam Relevance
5. Domain 1 Learning Objectives
6. Domain 1 Learning Objectives—cont.
7. Tasks and Knowledge Statements
8. Task Statements
9. Knowledge Statements
10. Knowledge Statements—cont.
11. Knowledge Statements
12. Risk Identification, Assessment and Evaluation
13. The Process
14. The Process—cont.
15. Describing the Business Impact of IT Risk
16. Describing the Business Impact of IT Risk
17. Describing the Business Impact of IT Risk
18. IT Risk in the Risk Hierarchy
19. IT Risk Categories
20. High Level Process Phases
21. Generic Risk Scenarios
22. Risk Scenarios
23. Definition of Risk Scenario
24. Event Types
25. Purpose of Risk Scenarios
26. Risk Scenario Development
27. Risk Scenario Development
28. Risk Scenario Development—cont.
29. Risk Scenario Development—cont.
30. Risk Register
31. Risk Profile
32. Risk Scenario Development
33. Risk Scenario Components
34. Risk Scenario Development
35. Risk Scenario Development—cont
36. Risk Scenario Development Enablers
37. Systemic, Contagious or Obscure Risk
38. Generic IT Risk Scenarios
39. Generic IT Risk Scenarios—cont.
40. Risk Factors
41. Definition of Risk Factor
42. Examples of Risk Factors
43. Risk Factors —cont.
44. Risk Factors— External Environment
45. Risk Factors— External Environment—cont.
46. Risk Factors— Internal Environment
47. Risk Factors— Internal Environment
48. Risk Factors— Internal Environment
49. Risk Factors— Internal Environment
50. Risk Factors— Internal Environment—cont.
51. Risk Factors— Internal Environment—cont.
52. Risk Factors— Internal Environment—cont.
53. Risk Factors— Risk Management Capability
54. Risk Factors— IT Capability
55. Risk Factors— IT Related Business Capabilities
56. Risk Assessment Methods
57. Methods for Analyzing IT Risk
58. Likelihood and Impact
59. Risk Analysis Output
60. Risk Analysis Output
61. Risk Analysis Methods
62. Risk Analysis Methods— Quantitative
63. Risk Analysis Methods— Qualitative
64. Risk Analysis Methods— for HIGH impact risk types
65. Risk Analysis Methods
66. Risk Analysis Methods— Business Impact Analysis (BIA)
67. Methods for Assessing IT Risk
68. IT Risk Identification and Assessment
69. Identifying and Assessing IT Risk
70. Definitions
71. Adverse Impact of Risk Event
72. Business Impacts From IT Risk
73. Business Related IT Risk Types
74. IT Project-Related Risk
75. Risk Components— Inherent Risk
76. Risk Components— Residual Risk
77. Risk Components— Control Risk
78. Risk Components— Detection Risk
79. Business Risk and Threats Addressed By IT Resources
80. Business Risk and Threats Addressed By IT Resources
81. Identifying and Assessing IT Risk
82. Identifying and Assessing IT Risk
83. Methods For Describing IT Risk In Business Terms
84. Methods For Describing IT Risk In Business Terms
85. Methods For Describing IT Risk In Business Terms
86. Methods For Describing IT Risk In Business Terms
87. Methods For Describing IT Risk In Business Terms
88. Methods For Describing IT Risk In Business Terms
89. Methods For Describing IT Risk In Business Terms
90. Methods For Describing IT Risk In Business Terms
91. Case Study & Practice Questions
92. Case Study or Exercise
93. Practice Question 1
94. Practice Question 2
95. Practice Question 3
96. Practice Question 4
97. Practice Question 5
98. Definitions and Acronyms
99. Acronym Review
100. Acronym Review—cont.
101. Definition Review
102. Definition Review
103. Definition Review
104. Definition Review
105. Supplemental Exercises
106. Domain 1 – Exercises
107. Suggested Resources for Further Study
108. Suggested Resources for Further Study
109. End of CISRM Part II – Domain 1
110. Part II Domain 1 Quiz

3. Part II Domain 2 - Risk Response

1. Part II Domain 2 – Risk Response
2. Risk Response
3. Section Overview
4. Exam Relevance
5. Domain 2 Learning Objectives
6. Domain 2 Learning Objectives—cont
7. Tasks and Knowledge Statements
8. Task Statements
9. Knowledge Statements
10. Risk Response Process
11. Risk Response Objectives
12. The Risk Response Process
13. The Risk Response Process—cont.
14. The Risk Response Process—cont.
15. Risk Response Options
16. Risk Response Parameters
17. Risk Tolerance and Risk Response Options
18. Risk Response Prioritization Options
19. Risk Mitigation Control Types
20. Risk Response Prioritization Factors
21. Risk Response Tracking, Integration and Implementation
22. Risk Response Process Details
23. Process Phases
24. Phase 1 – Articulate Risk
25. Phase 1 – Articulate Risk
26. Phase 1 – Articulate Risk
27. Phase 1 – Articulate Risk
28. Phase 1 – Articulate Risk
29. Phase 1 – Articulate Risk
30. Phase 2 – Manage Risk
31. Phase 2 – Manage Risk
32. Phase 2 – Manage Risk
33. Phase 2 – Manage Risk
34. Phase 2 – Manage Risk
35. Phase 2 – Manage Risk
36. Phase 2 – Manage Risk
37. Phase 3 – React To Risk Events
38. Phase 3 – React To Risk Events
39. Phase 3 – React To Risk Events
40. Phase 3 – React To Risk Events
41. Phase 3 – React To Risk Events
42. Phase 3 – React To Risk Events
43. Risk Response and Risk Management Frameworks
44. Risk Management Frameworks
45. Risk Management Frameworks
46. Risk Management Frameworks
47. Risk Management Frameworks
48. Risk Management Frameworks
49. Risk Management Frameworks
50. Case Study and Practice Questions
51. Sample Case Study or Exercise
52. Practice Question 1
53. Practice Question 2
54. Practice Question 3
55. Practice Question 4
56. Practice Question 5
57. Definitions and Acronyms
58. Acronym Review
59. Definition Review
60. Supplemental Exercises
61. Domain 2 – Exercises
62. Suggested Resources for Further Study
63. Suggested Resources for Further Study
64. End of CISRM Part II – Domain 2
65. Part II Domain 2 Quiz

4. Part II Domain 3 - Risk Monitoring

1. Part II Domain 3 – Risk Monitoring
2. Risk Monitoring
3. Course Agenda
4. Exam Relevance
5. Learning Objectives
6. Learning Objectives Cont.
7. Tasks and Knowledge Statements
8. Task Statements
9. Knowledge Statements
10. Essentials of Risk Monitoring
11. Essentials
12. Key Risk Indicators
13. Risk Indicators
14. Risk Indicator Selection Criteria
15. Key Risk Indicators
16. Risk Monitoring
17. Risk Indicator Types and Parameters
18. Risk Indicator Considerations
19. Risk Indicator Considerations Con’t
20. Criteria for KRI Selection
21. Benefits of Selecting Right KRIs
22. Benefits of Selecting Right KRIs
23. Disadvantages of Wrong KRIs
24. Changing KRIs
25. KPIs
26. KPIs
27. KPIs
28. Data Extraction, Aggregation, & Analysis
29. Gathering KRI Data
30. Steps to Data Gathering
31. Gathering Requirements
32. Data Access
33. Data Preparation
34. Data Validating Considerations
35. Data Analysis
36. Reporting and Corrective Actions
37. Optimizing KRIs
38. Optimizing KRIs—cont.
39. Capability Maturity Models
40. Use of Maturity Level Assessment
41. Assessing Risk Maturity Levels
42. Risk Management Capability Maturity Levels
43. Changes to Threats, Vulnerabilities and Assets
44. Changing Threat Levels
45. Monitoring Changes in Threat Levels
46. Measuring Changes in Threat Levels
47. Responding to Changes in Threat Levels
48. Threat Level Review
49. Changes in Asset Value
50. Maintain Asset Inventory
51. Risk Reporting
52. Risk Reporting
53. Reporting Content
54. Effective Reports
55. Report Recommendations
56. Possible Risk Report Recipients
57. Periodic Reporting
58. Reporting Topics
59. Risk Reporting Techniques
60. Case Study & Practice Questions
61. Sample Case Study or Exercise
62. Practice Question 1
63. Practice Question 2
64. Practice Question 3
65. Practice Question 4
66. Definitions and Acronyms
67. Acronym Review
68. Definition Review
69. Domain 3 – Exercises
70. Suggested Resources for Further Study
71. Suggested Resources for Further Study
72. End of CISRM Part II – Domain 3
73. Part II Domain 3 Quiz

5. Part II Domain 4 - Information Systems Control Design and Implementation

1. Part II Domain 4 – Information Systems Control Design and Implementation
2. Information Systems Control Design and Implementation
3. Section Overview
4. Exam Relevance
5. Domain 4 Learning Objectives
6. Tasks and Knowledge Statements
7. Task Statements
8. Task Statements
9. Knowledge Statements
10. Knowledge Statements
11. Control Design Considerations
12. CISRM Involvement
13. CISRM involvement—cont.
14. Control Definition
15. Control Categories
16. Control Types and Effects
17. Control Methods
18. Control Design Considerations
19. Control Strength
20. Control Strength
21. Control Costs and Benefits
22. Potential Loss Measures
23. Total Cost of Ownership For Controls
24. System Development Life Cycle (SDLC)
25. Role of the CISRM in SDLC
26. Role of the CISRM in SDLC
27. Role of the CISRM in SDLC
28. The SDLC Process
29. The Systems Development Life Cycle (SDLC)
30. ‘Meets and Continues to Meet’
31. SDLC
32. SDLC Phases
33. Addressing Risk Within the SDLC
34. Business Risk versus Project Risk
35. Understanding Project Risk
36. Addressing Business Risk
37. Understanding Business and Risk Requirements
38. Understand Business Risk
39. System Development Life Cycle (SDLC) Phases
40. High Level SDLC Phases
41. 1. Project Initiation (and Requirements Definition)
42. Project Initiation
43. Phase 1 – Project Initiation
44. Phase 1 Tasks
45. Task 1—Feasibility Study
46. Feasibility Study Components
47. Determining Feasibility
48. Outcomes of the Feasibility Study
49. Task 2—Define Requirement
50. Requirement Progression
51. Business Information Requirements (COBIT)
52. Requirements Success Factors
53. Task 3—Acquire Software “Options”
54. Software Selection Criteria
55. Software Acquisition
56. Software Acquisition Process
57. 2. Project Design and Development
58. Leading Principles for Design and Implementation
59. CISRM Responsibilities
60. Key System Design Activities:
61. Key System Design Activities—cont.
62. Steps to Perform Phase 2
63. Phase 2 – Project Design and Development
64. 3. Project Testing
65. System Testing
66. Test Plans
67. Project Testing
68. Types of Tests
69. UAT Requirements
70. Certification and Accreditation
71. Project Status Reports
72. Phase 3 – Project Testing
73. Testing Techniques
74. Alpha Testing
75. Beta Testing
76. Function Validation
77. Parallel Testing
78. Pilot Testing
79. Regression Testing
80. Sociability Testing
81. White Box Testing
82. Verification and Validation
83. 4. Project Implementation
84. Phase 4 – Project Implementation
85. Project Implementation
86. Implementation Phases
87. Phase 4 – Project Implementation
88. End User Training Plans &Techniques
89. Training Strategy
90. Data Migration/Conversion Considerations
91. Risks During Data Migration
92. Data Conversion Steps
93. Implementation Rollback
94. Data Conversion Project Key Considerations
95. Changeover Techniques
96. Post-Implementation Review
97. Performing Post- Implementation Review
98. Measurements of Critical Success Factors
99. Closing a Project
100. Project Management and Controlling
101. Project Management and Controlling
102. Project Management Practices
103. Project Management Tools and Techniques
104. Project Management Elements
105. Project Management Practices
106. PERT chart and critical path
107. PERT Attribute
108. Case Study & Practice Questions
109. Sample Case Study or Exercise
110. Practice Question 1
111. Practice Question 2
112. Practice Question 3
113. Practice Question 4
114. Practice Question 5
115. Definitions and Acronyms
116. Acronym Review
117. Definition Review
118. Domain 4 – Exercises
119. Suggested Resources for Further Study
120. Suggested Resources for Further Study
121. End of CISRM Part II – Domain 4
122. Part II Domain 4 Quiz