1.3 Who Should Take the CRISC?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

6 hours 30 minutes
Video Transcription
Let's stop for a minute about who should take the sea risk exam. So what we're looking for is people that are needing to increase their knowledge of risk management from perhaps a more formalized method. You know, many of us understand risk management to a degree, but we really haven't had formal training.
This is an area that is growing as more and more or getting an understanding of the essential nature of looking at risks before making decisions. And really risk management starts with Identify your assets, look at your threats and your vulnerabilities,
and look at the potential for Los Once we understand the potential for loss than our next job is gonna be to find a mitigating strategy that, in a cost effective manner,
can lessen the amount of risk to the degree that's acceptable by senior management. That's risk management, and that's exactly what security management is. So anybody that wants to know more about risk can take this class also those of you that are in the field of control and assurance, my
right, we want to understand the risks associated with the organization with the processes. This will help us understand the audit process. What we're trying to do and how to improve the process is within our organization better
next. Enterprise governance. For those of you at the upper level of senior management, you're the decision makers. Everything flows down from the top. So for those of you that our chief executive officers, information officers, security officers, once again
shifting our focus to risk management in the enterprise, not just looking at business risks versus I risk,
but really coming to the point where we understand that I t risks our business risks and risks. And as we govern the enterprise, so must we govern I t.
As a matter of fact, another course that I Sacha puts out is, ah, the siege, its certification certified in the governance of enterprise I t.
That's the perfect companion to the sea risk certification for those of you that either are or are looking to move into senior management. Ultimately, at this areas, you know what this area I'm expected to focus on delivering value.
I'm looking to make sure that the goals of the organization are being met
and that they're being met correctly in an effective manner and that we're getting the benefits from those mechanisms air from those methods. So anybody that wants to learn more about risk management and honestly, if you want to learn about information security, you need to learn about risk management,
my auditors, my senior officers. So that probably covers most of you that are investigating this certification exam. This will help you with other certifications, like C I s s pieces, um, project management professional.
So it's a good course toe add to your repertoire, so to speak,
and a great certification tohave.
So let's go ahead and look at the course agenda. This is what we're gonna be covering throughout the course, so we're going to start off with the main zero. We don't want to hit the ground running 60 miles an hour. So we're going to take a little bit of time prior to getting into the sea, risks specific information and just talk a little bit about risk management
and then particularly information security, risk management.
So we're gonna talk about some principles, will get some definitions out of the way, talk about the differences between risk, governance and risk management, and then we'll talk about some of those risks that are specific to information security. So that's gonna be domain zero. That'll make sure we're all on a level playing field.
The sea Risk certification course includes four domains, and each domain is a portion of ice. ACOG's risk I t. Life cycle. So ultimately we start with risk identification. Then we go to risk assessment, risk mitigation
and then control and monitoring, control, monitoring and reporting.
So these air phases of the risk life cycle per I sacha. So it's good that we spend a full domain on each of those. And then, of course, we'll wrap up things with an exam review where we'll go over some questions together,
try to piece through them and figure out how to think like I sack.
So this will also help you determine it. This is the course for you, and I hope that it iss
Up Next