Enabling the IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.

Domain 1: Risk identification:

– Risk identification objectives and overview.

– Concepts of IT Risk.

– Risk management standards.

– Risk identification frameworks.

– Assets, threats and vulnerabilities.

– Elements of risk.

– Penetration testing.

– COBIT 5.

– Communicating risk

– Risk awareness

– Principles of risk

– Conclusion. Domain

2: Risk Assessment:

– Risk assessment objectives and overview.

– Risk assessment techniques

– Risk assessment analysis

– Methodologies

– Control assessment

– Risk evaluation and impact assessment

– Risk and control analysis

– Third party management

– System development lifecycle

– Developing technologies.

– Conclusion. Domain

3: Risk Response and Mitigation:

– Risk response and mitigation objectives and overview.

– Risk response options

– Response analysis

– Risk response plans

– Control objectives and practices

– Control ownership

– Systems control design implementation

– Control and countermeasures

– Business continuity

– Disaster recovery

– Risk accountability

– Inherent and residual risk.

– Conclusion. Domain

4: Risk and control Monitoring and reporting:

– Risk and control monitoring and reporting objectives and overview.

– Key Risk indicators (KRIs)

– Data collection

– Monitoring controls

– Control Assessments

– Penetration testing

– Vulnerability assessments

– Third party assurance

– Maturity model assessment

– Techniques for improvement

– IT risk profile

– Conclusion