Course Overview

The ISO 31000 Risk Manager training course helps participants acquire the knowledge necessary and ability to integrate the risk management guidelines of ISO 31000 in an organization. It provides information with regard to the risk management principles and their application, as well as the core elements of the risk management framework and steps for a risk management process. In addition, it provides the basic approaches, methods, and practices for assessing risk in a wide range of situations.

Upon completion of the training course, you can sit for the exam and apply to obtain the “PECB Certified ISO 31000 Risk Manager” credential. The credential demonstrates your knowledge and ability to apply the risk management process in an organization based on the guidelines of ISO 31000 and best practices.

Course Objectives

  • Understand the risk management concepts, approaches, methods, and techniques 
  • Learn how to establish a risk management framework in the context of an organization 
  • Learn how to apply the ISO 31000 risk management process in an organization
  • Understand the basic approaches, methods, and practices used to integrate risk management in an organization

Course Content

  • Day 1: Introduction to ISO 31000 and risk management and establishing the risk management framework
  • Day 2: Initiation of the risk management process and risk assessment based on ISO 31000
  • Day 3: Risk treatment, recording and reporting, monitoring and review, and communication and consultation according to ISO 31000

Course Overview

The ISO 31000 Lead Risk Manager training course helps participants develop their competences to support an organization create and protect value by managing risks, making decisions, and improving performance using the ISO 31000 guidelines. It provides information regarding the core elements and the effective implementation of a risk management framework, the application of the risk management process, and the actions necessary for the successful integration of these elements to meet organizational objectives. Furthermore, it provides guidance on the selection and application of techniques for assessing risks in a wide range of situations.

Upon completion of the training course, participants can sit for the exam and apply to obtain the “PECB Certified ISO 31000 Lead Risk Manager” credential. The credential demonstrates that the participant possesses the theoretical and practical knowledge and professional capabilities to support and lead risk management processes based on ISO 31000 guidelines and best practices in this field.

Course Objectives

  • Understand the risk management concepts, approaches, methods, and techniques
  • Learn how to interpret the ISO 31000 principles and framework in the context of an organization
  • Learn how to apply the ISO 31000 risk management process in an organization
  • Learn how to establish a risk recording and reporting process and an effective risk communication plan
  • Develop the ability to effectively manage, monitor, and review risk in an organization based on best practices

Course Content

  • Day 1: Introduction to ISO 31000 and risk management
  • Day 2: Establishing the risk management framework and initiating the risk management process
  • Day 3: Risk analysis, risk evaluation, and risk treatment according to ISO 31000
  • Day 4: Recording and reporting, monitoring and review, and communication and consultation according to ISO 31000
  • Day 5: Certification exam

Course Overview

The ISO 31000 Foundation training course presents the basic principles and approaches of managing risks and opportunities based on the guidelines of ISO 31000. This training course focuses on the main components of ISO 31000: basic terms and definitions, principles of risk management, risk management framework, and risk management process. In addition, each step of the risk management process is analyzed and elaborated individually.

Upon completion of the training course, you can sit for the exam and apply to obtain the “PECB Certified ISO 31000 Foundation” credential. The credential demonstrates that you understand the fundamental concepts and methodologies for risk management, based on the guidelines of ISO 31000.

Target Audience

  • Individuals involved in risk management 
  • Individuals seeking to gain knowledge of risk management principles, framework, and process
  • Individuals seeking to manage the risks and opportunities in their areas of responsibility
  • Individuals interested in pursuing a career in risk management

Course Objectives

  • Get acquainted with the concepts and principles of ISO 31000
  • Understand the guidelines of ISO 31000 for risk management
  • Understand the basic approaches, methods, and practices that can be used for the integration of risk management in an organization

Course Overview

ISO/IEC 27002 Foundation training enables you to learn the basic elements to implement Information Security Controls as specified in ISO/IEC 27002. During this training course, you will be able to understand how ISO/IEC 27001 and ISO/IEC 27002 are related to ISO/IEC 27003 (Guidelines for the implementation of ISMS), ISO/IEC 27004 (Measurement of Information Security) and ISO/IEC 27005 (Risk Management in Information Security).

After completing this course, you can sit for the exam and apply for the “PECB Certificate Holder in ISO/IEC 27002 Foundation” certificate. A PECB Foundation Certificate shows that you have understood the fundamental methodologies and management approach.

Target Audience

  • Individuals interested in Information Security Management and Information Security Controls
  • Individuals seeking to gain knowledge about the main processes of an Information Security Management System and Information Security Controls
  • Individuals interested to pursue a career in Information Security Management

Course Objectives

  • Understand the implementation of Information Security Controls in accordance with ISO/IEC 27002
  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Understand the approaches, methods and techniques used for the implementation of Information Security Controls

Course Overview

Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed.

This module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational, physical and technical aspects of information security.

Course Objectives

  • Perspectives in Information Security: Business, Customer, Service Provider/Supplier (10%).
  • Risk Management: Analysis, Controls, Remaining Risks (30%).
  • Information Security Controls: Organizational, Technical, Physical (60%).

Course Content

Information security perspectives: the perspectives of the business, the customer, and the service provider
Risk Management: Analysis of the risks, choosing controls, dealing with remaining risks
Information security controls: Organizational, technical and physical controls

Course Overview

Information security is becoming more and more important. The globalisation of the economy leads to an increasing exchange of information between organisations (employees, customers and suppliers), an increasing use of networks, such as the internal company network, the interconnection with networks of other companies and the Internet. Moreover, the activities of many companies now depend on ICT, with information becoming a valuable business asset.

Information security is essential to ensure the proper functioning and continuity of the organisation: information must be reliable.This Information Security Foundation based on ISO IEC 27001 course provide you all knowledge for the EXIN Information Security Foundation and is a relevant certification for all professionals who work with confidential information. It tests the understanding of concepts and value of information security as well as the threats and risks.

Course Objectives

 Information and Security
– Threats and risks
– Approach and Organisation
– Actions
– Law and Regulations
– Examination training

Course Content

  • Information and security
  • Threats and risks
  • Approach and organization
  • Measures
  • Legislation and regulation

Course Overview

The Third-party Risk Management application provides a centralized process for managing your organization’s third-party portfolio, performing due diligence when onboarding third-parties, and completing the risk assessment. Also, integrating with other GRC applications, provides top-down traceability for compliance with controls and risks.

Join our class to discuss how to get started developing Third-party Risk Management (TPRM) implementation strategy. This 2-day class covers domain knowledge, common technical aspects of an implementation as well as processes to effectively manage it.

Attendees will learn tactical skills and strategies that will better prepare them to implement Third-party Risk soundly and efficiently. Through lectures, group discussion, demonstrations, and hands-on labs, students build on existing knowledge and skills by applying implementation best practices. Course topics include:

– Third-party Risk Management Overview

– Core Configuration

– Assessment Configuration

– Approval and Workflow Changes

– Third-party Portal Experience

– Application Relationships

– Dashboards and Reports

Course Objectives

  • Navigate the TPRM application components and prepare for implementation
  • Configure Core data elements: Third Parties, Contacts, and Inherent Risk Questionnaires (IRQs)
  • Configure assessments in the Assessment Designer to create/modify multiple types of assessments included in the Third-party Risk Management process
  • Identify baseline workflows and potential custom workflows needed by a customer
  • Configure the Third-party Assessment Portal
  • Define relationship between assessment questions and GRC applicationsa

Course Overview

COBIT ® is a framework for the enterprise governance and management of information and technology (I&T) that supports enterprise goal achievement. This 2-day course highlights the concepts, models and key definitions of the COBIT framework and helps prepare learners to take the COBIT 2019 Foundation Exam. This COBIT 2019 Foundation training and exam covers eight key areas: 

  1. Framework introduction
  2. Principles
  3. Governance system and components
  4. Governance and management objectives
  5. Performance management
  6. Designing a tailored governance system
  7. Business case
  8. Implementation

Certificate candidates explore COBIT 2019 concepts, principles and methodologies used to establish, enhance and maintain a system for effective governance and management of enterprise information technology. The exam will test a candidate’s understanding of the topics and those that achieve a passing score on the COBIT 2019 Foundation exam receive the COBIT 2019 Foundation Certificate.

COBIT® is a Trademark of ISACA® registered in the United States and other countries

Course Objectives

At the conclusion of this course, attendees will be able to understand:

  • Recognize the target audience of COBIT 2019.
  • Recognize the context, benefits and key reasons COBIT is used as an information and technology governance framework.
  • Recognize the descriptions and purposes of the COBIT product architecture.
  • Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
  • Understand and describe the governance “system” and governance “framework” principles.
  • Describe the components of a governance system.
  • Understand the overall structure and contents of the Goals Cascade.
  • Recall the 40 Governance and Management Objectives and their purpose statements.
  • Understand the relationship between Governance and Management Objectives and Governance Components.
  • Differentiate COBIT based performance management using maturity and capability perspectives.
  • Discover how to design a tailored governance system using COBIT.
  • Explain the key points of the COBIT business case.
  • Understand and recall the phases of the COBIT implementation approach.
  • Describe the relationships between the COBIT Design and Implementation Guides.
  • Prepare for the COBIT 2019 Foundation exam

Course Content

  • Module 1:  Course Introduction
  • Module 2:  Framework Introduction
  • Module 3:  Principles
  • Module 4:  Governance System and Components
  • Module 5:  Governance and Management Objectives
  • Module 6:  Performance Management
  • Module 7:  Designing a Tailored Governance System
  • Module 8:  Business Case
  • Module 9:  Implementation
  • Module 10: Closing

Course Overview

CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.

When an enterprise employs a CGEIT, they ensure good governance, which provides for an environment of no or few “surprises” and the ability to have an agile response to any that arise. CGEIT is considered by many companies and governmental agencies as a prerequisite for employees involved with enterprise IT governance.

For the professional, CGEIT provides:

  • A global and prestigious, lifelong symbol of knowledge and expertise.
  • Competitive advantage that will distinguish you from your peers.
  • Higher earnings and greater career growth.
  • The benefits of becoming part of an elite peer network.
  • The ability to leverage the tools and resources of a global community of industry experts.

CGEIT enhances credibility, influence and recognition. CGEIT combines the achievement of passing a comprehensive exam with recognition of work, management and educational experience, providing greater recognition in the marketplace and influence at the executive level.

Why employers hire CGEIT’s:

  • The employee has the knowledge and experience necessary to support and advance the IT governance of an enterprise.
  • The employee maintains ongoing professional development necessary for successful on-the-job performance.
  • The enterprise’s IT and business systems operate with greater efficiencies and optimum effectiveness resulting in greater trust in, and value from, information systems.

CGEIT demonstrates proven expertise. Boards and executive management expect IT to deliver business value. IT governance is a key component of enterprise governance and success. A CGEIT designation demonstrates that you have proven experience and knowledge in the governance of enterprise IT.

  • Continuing Professional Education (CPE) : 23,25
  • Practice questions (QAE = Questions, Answers and Explanations) : 12 month access

Course Objectives

CGEIT provides you the credibility to discuss critical issues around governance and strategic alignment, and the traction to consider a move to the C-suite, if you aren’t already there.

ISACA’s Certified in the Governance of Enterprise IT (CGEIT®) certification instantly validates your knowledge, skills and expertise with enterprise IT governance. It proves you can discuss critical issues around enterprise governance and align IT with strategic enterprise goals. That’s why hiring managers and clients look for it and many businesses and government agencies require it.

Course Content

Some of the focus areas include:

  • Frameworks for the governance of enterprise IT.
  • Strategic management.
  • Benefits realization.
  • Risk optimization.
  • Resource optimization. 

CGEIT empowers you to handle the governance of an entire organization and consider a move to the C-suite, if you aren’t already there. That’s why the ranks of CGEIT holders around the world are filled with CEOs, CIOs, CISOs, IT directors, security directors and more.

Course Overview

The CRISC – Certified Risk and Information System Control – certificate gives you international recognition (from ISACA) as a security professional. The CRISC extensive set of online practice questions (QAE) are included in the courseprice.

  • Continuing Professional Education (CPE) : 31
  • Practice questions (QAE = Questions, Answers and Explanations) : 12 month access

Course Objectives

The Certified in Risk and Information Systems Control certification is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

The CRISC designation will not only certify professionals who have knowledge and experience identifying and evaluating entity-specific risk, but also aid them in helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.

  • Governance (25%)
  • IT Risk Assessment (20%)
  • Risk Response and Reporting (32%)
  • Information Technology and Security (22%)

Course Content

DOMAIN 1—Governance 26%

Organizational Governance A

  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets

Risk Governance B

  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management

DOMAIN 2—IT Risk Assessment 20%

IT Risk Identification A

  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development

IT Risk Analysis and Evaluation B

  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk

DOMAIN 3—Risk Response and Reporting 32%

Risk Response A

  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding, and Exception Management
  • Management of Emerging Risk

Control Design and Implementation B

  • Control Types, Standards, and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation

Risk Monitoring and Reporting C

  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)
  • Key Control Indicators (KCIs)

DOMAIN 4—Information Technology and Security 22%

Information Technology Principles A

  • Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies

Information Security Principles B

  • Information Security Concepts, Frameworks, and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles