Welcome and Introduction

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Hello, everyone.
00:00
Welcome to Cybrary's On Demand.
00:00
Here we are for the CRISC Certification.
00:00
My name is Kelly Handerhan,
00:00
and I will be your instructor for this course.
00:00
Just to let you know a little bit about me,
00:00
I've been in the IT field for going on about 25 years.
00:00
I started out back in the mid '90s in
00:00
North Carolina as a hardware technician
00:00
and worked my way up,
00:00
transferred over to the networking side.
00:00
But I started out working with Windows NT and Novell,
00:00
and moved over into network engineering.
00:00
But within the last 10,
00:00
15 years or so,
00:00
I've had almost a sole focus on
00:00
cybersecurity with a focus on risk management.
00:00
I've been doing this quite awhile,
00:00
and I also have a good handful
00:00
of certifications in the field.
00:00
I of course, have the CRISC certification,
00:00
but I'm CCSP and CISSP certified.
00:00
Project Management Professional,
00:00
and I have a handful of other certs in there,
00:00
just because I really believe in
00:00
the need for IT professionals to be certified.
00:00
Not because it makes us smart,
00:00
but because it makes us employable.
00:00
It helps us get that next job,
00:00
get that promotion, get the contract,
00:00
so I think this is a certification that I
00:00
think is very valid and very valuable.
00:00
Now, it comes to us from the organization of ISACA,
00:00
and ISACA stands for well,
00:00
let me say this, ISACA used to stand for
00:00
the Information Systems Audit and Control Association.
00:00
However, this was the acronyms meaning
00:00
back in 1967 and ISACA has been around since then,
00:00
and they've undergone a lot of changes,
00:00
and they have invested in programs other than just
00:00
those with a focus on auditing and controls.
00:00
ISACA also offers the CISM certification,
00:00
which is Certified Information Security Management.
00:00
There is still the CISA which does focus on audit.
00:00
They also do a CGEIT certification
00:00
that focuses in on enterprise IT governance.
00:00
They've expanded beyond just the role of audit.
00:00
Now, ISACA doesn't specifically stand for anything,
00:00
that just the organization is ISACA
00:00
and they've gotten rid of the acronyms meaning.
00:00
But they've been around for a long time,
00:00
they are very well-respected in
00:00
the industry as is the certifications that they put out.
00:00
Like I said, I'm
00:00
a big believer in the CRISC certification.
00:00
Because really, when it comes down to cybersecurity,
00:00
cybersecurity is risk management.
00:00
We'll talk about in class,
00:00
we're going to identify our assets first,
00:00
then we're going to look at threats and vulnerabilities,
00:00
then we're going to figure out the probability and
00:00
impact of a risk happening, based on that,
00:00
we're going to get a risk value,
00:00
and that risk value is going to
00:00
be compared up against the cost of
00:00
a countermeasure to determine whether or
00:00
not we invest in that countermeasure.
00:00
That's risk management and that cybersecurity.
00:00
By being certified in risk management,
00:00
that will show the employers, the HR departments,
00:00
those folks that are
00:00
analyzing contracts that demonstrates
00:00
an understanding of the role risk management
00:00
has to play in cybersecurity.
00:00
This is assert I used to not teach very
00:00
often in the past 2, 3 years,
00:00
I'm teaching it on a much more regular basis,
00:00
which tells you it's in
00:00
much more demand out in the field.
00:00
The next question, who should take CRISC?
00:00
Everyone should take CRISC.
00:00
You and you,
00:00
all of us would benefit from taking this course.
00:00
I don't always say that,
00:00
but this is a course that will help
00:00
anybody involved with information technology,
00:00
but specifically information security, cybersecurity,
00:00
information assurance, whatever your role is.
00:00
Of course, if you're a risk management professional,
00:00
you're a chief risk officer or aspire to be one,
00:00
if you're in governance,
00:00
and when we talk about governance,
00:00
we are talking about organizational leadership.
00:00
Then control and assurance usually
00:00
falls in that category of audit.
00:00
But anybody can benefit from
00:00
understanding the role that
00:00
risk management plays in decision-making.
00:00
Now, as far as prerequisites for
00:00
the class, for me personally,
00:00
I don't feel like there
00:00
any hard and fast requirements for sitting this class.
00:00
Now, is it helpful if you have
00:00
a networking experience or you
00:00
have a Network Plus or Security Plus?
00:00
Sure. That's always a good background to have,
00:00
but quite honestly, this is not a technical class.
00:00
We're not going to be talking about
00:00
IEEE standards or protocol headers.
00:00
If you don't have those backgrounds,
00:00
that's just fine,
00:00
as long as you have a willingness to learn,
00:00
a willingness to examine the material and look at it,
00:00
and apply it to your day to day.
00:00
I think anybody can benefit and
00:00
I think anyone should sit this class.
00:00
Also, if you've got some project management
00:00
or program management experience,
00:00
sure, that's helpful as well.
00:00
But those top three bullet points
00:00
are not hard and fast requirements.
00:00
If you don't meet any of those piece of criteria,
00:00
go ahead and give the class a listen.
00:00
Go ahead and sit through it and
00:00
see if there are
00:00
difficult parts where you struggle with the technology.
00:00
You can always do a little bit of
00:00
additional research, but like I said,
00:00
it's just not a heavy technical class,
00:00
so I don't really push those prerequisites.
00:00
Now, in order to hold the CRISC certification though,
00:00
you must have three years
00:00
cumulative experience in two
00:00
out of the four domains which we're going to cover,
00:00
okay, and we'll go into which
00:00
domains we're going to cover in just a minute.
00:00
One of those domains has to be either domain 2 or 2,
00:00
and you have to have
00:00
that experience within the last 10 years.
00:00
When I was saying there are no
00:00
real hard and fast pre-requisites,
00:00
that's to sit the class,
00:00
that's to understand the material,
00:00
that's to learn about risk management.
00:00
But if you are planning on taking the certification exam,
00:00
you do need that three years experience
00:00
in one of the two domains.
00:00
Now, with that being said,
00:00
it doesn't mean that
00:00
risk management has to be on your business card.
00:00
Because we do a lot of work with risk management.
00:00
If you're in the cybersecurity realm,
00:00
you've worked with risk management,
00:00
and IT risk assessments,
00:00
if this is not a formalized set of steps that you take,
00:00
you still are conducting risk assessments.
00:00
So I'm going to encourage you not to sell
00:00
yourself short and to really consider if you're thinking,
00:00
well, I wasn't a risk officer, that doesn't matter.
00:00
What is your role in risk management,
00:00
and I think you'll find that you
00:00
probably have a fairly strong role.
00:00
One of the last domain's just
00:00
essentially being information technology.
00:00
Like I said, if you're in IT,
00:00
there's your experience for
00:00
at least one of those domains.
00:00
Look closely at your experience and determine,
00:00
even if you think you don't have the experience,
00:00
examine what you've done and see if you would qualify.
00:00
Now, these domains that we talk about,
00:00
well, we're going to cover the material through modules.
00:00
Module 1 and 2 are not part of
00:00
the official CRISC curriculum per se.
00:00
Right now we're doing the course introduction,
00:00
so look at us we're already finished
00:00
with one out of six models almost.
00:00
We are awesome, look at us.
00:00
But with the course introduction just
00:00
going over this basic material, that's Module 1.
00:00
Now with Module 2,
00:00
we're going to lay the groundwork.
00:00
We're going to talk about
00:00
high-level risk management and how it
00:00
impacts our decisions with
00:00
information technology and information security.
00:00
We have to understand some basics,
00:00
some terms we're going to use,
00:00
get some definitions out of the way.
00:00
But 3, 4, 5, and 6,
00:00
you see Module 3 maps to domain 1 of
00:00
the CRISC certification, which is governance.
00:00
Governance is going to indicate
00:00
leadership of the organization and their role.
00:00
Domain 2 is IT risk assessment,
00:00
and that's where we have
00:00
a process to which we go through and
00:00
we assess the risks associated
00:00
with the various assets within our organization.
00:00
Now our assets, anything we value.
00:00
It could be people,
00:00
it could be our organizational reputation,
00:00
brand recognition, could be business processes.
00:00
But with the risk assessment,
00:00
we evaluate based on
00:00
our assets and look at the risks that exist.
00:00
Now, with our risk assessment,
00:00
the whole purpose of that is to drive domain 3,
00:00
which is our risk response.
00:00
What are we going to do about these risks as they
00:00
appear and ideally before they appear?
00:00
Then domain 4, last but not least,
00:00
this is the one domain that's a tiny little bit
00:00
technical in that we'll
00:00
talk at a high-level what firewalls are,
00:00
what an intrusion detection system is, what's a honeypot.
00:00
Some of those technology tools that we use to
00:00
monitor and detect and
00:00
mitigate risks in other ways as well.
00:00
So we have six modules to go through,
00:00
but really the need of
00:00
the certification exam is going to come from Module 3,
00:00
4, 5, and 6.
00:00
Don't skip through Module 2 though,
00:00
because that's going to make sure you're
00:00
ready for the rest of the modules.
00:00
Just done a little introduction here,
00:00
given you my background,
00:00
we've talked about who ISACA is,
00:00
and just a little bit at a high-level about the test,
00:00
so we'll be ready to move on.
Up Next