Course Information
What You Will Learn
Course Curriculum
– Common risk terminology and types of risk
– Risk-related business functions
– How the three lines of defense are important to the risk management process
– General and I&T controls and their role in the risk management process
– Articulate the purpose, objectives and importance of risk governance and risk management.
– Summarize how risk management fits within an enterprise governance strategy.
– Explain how an enterprise decides the amount of risk it is willing to accept (risk appetite, tolerance and capacity).
– Describe the structure, roles and responsibilities of risk stakeholders.
– Summarize the risk management process and workflow.
– Categorize enterprise assets and how they are valued.
– Describe the factors that can put enterprise assets at risk.
– Explain the different types of threats and vulnerabilities that exist.
– Identify IT areas of concern that can lead to I&T-related risk.
– Describe the risk identification process.
– Summarize how to apply risk identification methods.
– Define the types and benefits of risk scenarios.
– Describe how to develop a risk scenario.
– Explain the risk assessment process.
– Describe frequency and magnitude and how they apply to a risk scenario.
– Explain the risk analysis process and available approaches.
– Apply risk analysis methods and techniques.
– Explain how to rank and prioritize risk.
– Describe risk aggregation and it applies to risk maps.
– Summarize how to document risk (risk register).
– Explain how to assess the current state of controls.
– Define risk and control ownership.
– Explain the risk response process and the importance of alignment with business objectives.
– Illustrate risk response strategies and examples of each.
– Outline control design and implementation and control activities that can reduce risk to acceptable levels.
– Articulate the role that incident management, business continuity and disaster recovery play in mitigating risk.
– Define the characteristics of inherent and residual risk.
– Explain how to select and prioritize risk response alternatives.
– Describe how to document and communicate risk responses.
– Define the elements of a risk response plan.
– Gather available sources of data to monitor and report on risk.
– Articulate how to monitor risk through the use of key risk indicators (KRIs) and key performance indicators (KPIs).
– Describe how to monitor existing controls.
– Explain risk reporting guidelines and types.
– Outline the importance of an ongoing risk monitoring process and a proactive and continuous approach to risk management.
Get the Full Syllabus as a PDF
Curriculum, exam format & everything included — sent straight to your inbox.
All You Need to Know
IT Auditors, Security Professionals, CISOs, Audit/Assurance professionals, IT Risk professionals, and IT Risk Managers. The course is also aimed at managers, professionals, and students who wish to obtain industry-recognized certifications and improve their skills and knowledge in information security and risk management.
There are no prerequisites to access the course.
The course fee includes only the electronic documentation supporting the lessons (course slides), but not the study materials described below, which can be purchased separately.
The cost of the materials includes:
– Practice exercises and exam simulations
– IT Risk Fundamentals Official Study Guide