CRISC Training Course Training 課程
  Facebook: CRISC Training Course Training 課程
 
CRISC Training Course Training 課程
CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程 CRISC Training Course Training 課程  
CRISC Training Course Training 課程 CRISC Training Course Training 課程

想定期知道最新課程及優惠嗎?
免費訂閱本中心的課程通訊!

課堂錄影隨時睇 10 大優點之地點方便:本中心位於旺角、觀塘、北角、沙田及 屯門,就近港鐵站!

CRISC 國際認可證書課程
課程簡稱:CRISC Training Course

  • 課程時間
  • 課程簡介
  • 課程特點
  • 考試須知
  • 課程內容
  • 詳細內容

課程優惠!現凡同時報讀以下三個課程:
即減 $840!報讀其中兩個即減 $480!

推介服務:課堂錄影隨時睇 (在家觀看 = 0%,在校觀看 = 100%)
學員使用 WhatsApp、電話或本網頁報名,待本中心確認已為學員留位後,即可使用 轉數快 繳付學費,過程簡便!
編號 地點 可預約星期及時間 學費低至 85 折  
RG2412AV 不限
請參看個別地點
$2,980 按此報名:CRISC Training Course Training 課程
RG2412MV 旺角 一至五:14:30 - 22:15   六:13:45 - 21:30   日:10:15 - 18:00 (公眾假期休息) 95 折後只需 $2,831 按此報名:CRISC Training Course Training 課程
RG2412OV 觀塘 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期三及公眾假期休息) 9 折後只需 $2,682 按此報名:CRISC Training Course Training 課程
RG2412PV 北角 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期三及公眾假期休息) 9 折後只需 $2,682 按此報名:CRISC Training Course Training 課程
RG2412SV 沙田 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期三及公眾假期休息) 85 折後只需 $2,533 按此報名:CRISC Training Course Training 課程
RG2412YV 屯門 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期一、三及公眾假期休息) 85 折後只需 $2,533 按此報名:CRISC Training Course Training 課程
* 各政府部門可使用 P Card 付款  
如使用 P Card 繳付考試費,考試費需另加 2.5% 行政費  
在校免費試睇: 首 1 小時,請致電與本中心職員預約。 查看各地點電話
旺角 2332-6544
觀塘 3563-8425
北角 3580-1893
沙田 2151-9360
屯門 3523-1560
在校免費重睇: 學員可於享用時期內於報讀地點不限次數地重看課堂錄影,從而可反覆重溫整個課程!
導師解答: 學員可於觀看某一課堂錄影後提出課堂直接相關的問題,課程導師會樂意為學員以單對單的形式解答!
課時: 18 小時
享用時期: 6 星期。進度由您控制,可快可慢。
課堂錄影導師: Franco (任教課程清單)
在校觀看: 詳情及示範片段


推介服務:課堂錄影隨時睇 (在家觀看 = 33%,在校觀看 = 67%)
學員使用 WhatsApp、電話或本網頁報名,待本中心確認已為學員留位後,即可使用 轉數快 繳付學費,過程簡便!
編號 地點 星期及時間 費用  
  在家 享用時期內每星期 7 天 (包括公眾假期),每天 24 小時全天候不限次數地觀看。    
RG2412MH 旺角 一至五:14:30 - 22:15   六:13:45 - 21:30   日:10:15 - 18:00 (公眾假期休息) $2,980 按此報名:CRISC Training Course Training 課程
RG2412OH 觀塘 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期三及公眾假期休息) $2,980 按此報名:CRISC Training Course Training 課程
RG2412PH 北角 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期三及公眾假期休息) $2,980 按此報名:CRISC Training Course Training 課程
RG2412SH 沙田 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期三及公眾假期休息) $2,980 按此報名:CRISC Training Course Training 課程
RG2412YH 屯門 一至五:14:15 - 22:00   六及日:12:15 - 20:00   (星期一、三及公眾假期休息) $2,980 按此報名:CRISC Training Course Training 課程
* 各政府部門可使用 P Card 付款  
如使用 P Card 繳付考試費,考試費需另加 2.5% 行政費  
在校免費試睇: 首 1 小時,請致電與本中心職員預約。 查看各地點電話
旺角 2332-6544
觀塘 3563-8425
北角 3580-1893
沙田 2151-9360
屯門 3523-1560
在校免費重睇: 學員可於享用時期內於報讀地點不限次數地重看在校觀看的課堂錄影,從而可反覆重溫!
導師解答: 學員可於觀看某一課堂錄影後提出課堂直接相關的問題,課程導師會樂意為學員以單對單的形式解答!
課時: 18 小時
在家及在校觀看: 在家觀看首 6 小時,在校觀看尾 12 小時。
在家觀看時禁用程式: 一些危害課堂錄影版權的程式。
享用時期: 6 星期。進度由您控制,可快可慢。
課堂錄影導師: Franco (任教課程清單)
在家觀看: 服務條款及守則、報讀程序及示範片段


地區 地址 電話 教育局註冊編號
旺角 九龍旺角亞皆老街 109 號,皆旺商業大廈 18 樓 1802 - 1807 室 2332-6544 533459
觀塘 九龍觀塘成業街 7 號寧晉中心 12 樓 G2 室 3563-8425 588571
北角 香港北角馬寶道 41-47 號華寶商業大廈 3 樓 01-02 號舖 3580-1893 591262
沙田 新界沙田石門安群街 3 號京瑞廣場 1 期 10 樓 M 室 2151-9360 604488
屯門 新界屯門屯喜路 2 號屯門柏麗廣場 17 樓 1708 室 3523-1560 592552
注意! 客戶必須查問報讀學校的教育局註冊編號,以確認該校為註冊學校,以免蒙受不必要的損失!


ISACA® 成立於1969年,多年來不斷參與各項系統確認性與安全、企業資訊治理及資訊風險的活動,口碑載譽。

ISACA® 會員遍佈逾 160 個國家,總數超過 86,000 人。其頒授的全球認可國際資訊風險控制師 (CRISC, Certified in Risk and Information Systems Control) 資格,更是各位管理人員必考的證書。取得 CRISC 資格標誌著該專業人員具備定義明確及敏捷的風險管理計劃,並能有效識別、分析、評估、優先排序和應對風險。

本中心的 CRISC 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。

CRISC ISACA


課程名稱: CRISC 國際認可證書課程
- 簡稱:CRISC Training Course
課程時數: 合共 18 小時 (共 6 堂)
適合人士: 具備 3 年或以上的資訊科技風險管理與資訊系統控制工作經驗
授課語言: 以廣東話為主,輔以英語
課程筆記: 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。

1. Franco Tsang (CCIE #19772) 親自教授: 本課程由擁有 CISA, CISM, CRISC, CDPSE, CISSP, ITILv3 Expert, ITIL 4 Managing Professional, ITIL 4 Strategic Leader, PMP 等專業認證的 Franco Tsang 親自教授。
2. Franco Tsang 親自編寫筆記: Franco 親自編寫筆記,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。
3. 提供模擬考試題目: 本中心為學員提供充足的模擬考試題目,每條考試題目均附有標準答案。而較難理解的題目,均會附有 Franco 的解釋。
4. 深入淺出:

Franco 會在課堂上深入淺出地講解相關概念,務求令同學理解抽象的概念。

5. 免費重讀: 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。

本中心為 PSI 指定的 CRISC 考試試場,導師會在課堂上講解考試程序。考試費用如下:

  • ISACA Member: US $575
  • ISACA Nonmember: US $760

通過考試後,同學需要

  • 具備 3 年或以上的資訊科技風險管理與資訊系統控制工作經驗
  • 同意遵守 ISACA 制定的職業道德準則
  • 提交 CRISC 申請表

完成上述事項後,便能成為 CRISC。




課程名稱:CRISC 國際認可證書課程
- 簡稱:CRISC Training Course


DOMAIN 1: Governance

  • Organizational Governance
    • Organizational Strategy, Goals, and Objectives
    • Organizational Structure, Roles, and Responsibilities
    • Organizational Culture
    • Policies and Standards
    • Business Processes
    • Organizational Assets
  • Risk Governance
    • Enterprise Risk Management and Risk Management Framework
    • Three Lines of Defense
    • Risk Profile
    • Risk Appetite and Risk Tolerance
    • Legal, Regulatory, and Contractual Requirements
    • Professional Ethics of Risk Management

DOMAIN 2: IT Risk Assessment

  • IT Risk Identification
    • Risk Events (e.g., contributing conditions, loss result)
    • Threat Modelling and Threat Landscape
    • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
    • Risk Scenario Development
  • IT Risk Analysis and Evaluation
    • Risk Assessment Concepts, Standards, and Frameworks
    • Risk Register
    • Risk Analysis Methodologies
    • Business Impact Analysis
    • Inherent and Residual Risk

DOMAIN 3: Risk Response and Reporting

  • Risk Response
    • Risk Treatment / Risk Response Options
    • Risk and Control Ownership
    • Third-Party Risk Management
    • Issue, Finding, and Exception Management
    • Management of Emerging Risk
  • Control Design and Implementation
    • Control Types, Standards, and Frameworks
    • Control Design, Selection, and Analysis
    • Control Implementation
    • Control Testing and Effectiveness Evaluation
  • Risk Monitoring and Reporting
    • Risk Treatment Plans
    • Data Collection, Aggregation, Analysis, and Validation
    • Risk and Control Monitoring Techniques
    • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
    • Key Performance Indicators
    • Key Risk Indicators (KRIs)
    • Key Control Indicators (KCIs)

DOMAIN 4: Information Technology and Security

  • Information Technology Principles
    • Enterprise Architecture
    • IT Operations Management (e.g., change management, IT assets, problems, incidents)
    • Project Management
    • Disaster Recovery Management (DRM)
    • Data Lifecycle Management
    • System Development Life Cycle (SDLC)
    • Emerging Technologies
  • Information Security Principles
    • Information Security Concepts, Frameworks, and Standards
    • Information Security Awareness Training
    • Business Continuity Management
    • Data Privacy and Data Protection Principles

The course content above may change at any time without notice in order to better reflect the content of the examination.





1 Governance
1.1 Organizational Governance
1.1.1 Organizational Strategy, Goals, and Objectives
1.1.1.1 The Context of IT Risk Management
1.1.1.2 Key Concepts of Risk
1.1.1.3 Importance and Value of IT Risk Management
1.1.1.4 The IT Risk Strategy of the Business
1.1.1.5 Alignment With Business Goals and Objectives
1.1.2 Organizational Structure, Roles, and Responsibilities
1.1.2.1 RACI (Responsible, Accountable, Consulted, Informed)
1.1.2.2 Key Roles
1.1.3 Organizational Culture
1.1.3.1 Organizational Culture and Behavior and the Impact on Risk Management
1.1.3.2 Risk culture
1.1.3.3 Risk-driven Business Approach
1.1.3.4 The Value of Risk Communication
1.1.4 Policies and Standards
1.1.4.1 Policies
1.1.4.2 Standards
1.1.4.3 Procedures
1.1.4.4 Exception Management
1.1.4.5 Risk Management Standards and Frameworks
1.1.5 Business Processes / Business Processes Review
1.1.5.1 Risk Management Principles, Processes and Controls
1.1.5.1.1 Principles
1.1.5.1.2 Processes and Controls
1.1.5.2 IT Risk in Relation to Other Business Functions
1.1.6 Organizational Assets
1.2 Risk Governance
1.2.1 Enterprise Risk Management and Risk Management Framework
1.2.1.1 IT Risk Management Good Practices
1.2.1.2 Establishing an Enterprise Approach to Risk Management
1.2.2 Three Lines of Defense
1.2.2.1 The First Line of Defense
1.2.2.2 The Second Line of Defense
1.2.2.3 The Third Line of Defense
1.2.2.4 The Role of the Risk Practitioner within the Three Lines of Defense
1.2.3 Risk Profile
1.2.4 Risk Appetite and Risk Tolerance
1.2.5 Legal, Regulatory, and Contractual Requirements
1.2.6 Professional Ethics of Risk Management
1.2.6.1 ISACA Code of Professional Ethics

2 IT Risk Assessment
2.1 IT Risk Identification
2.1.1 Risk Events (e.g., contributing conditions, loss result)
2.1.1.1 Risk Factors
2.1.1.2 Methods of Risk Identification
2.1.1.3 Changes in the Risk Environment
2.1.2 Threat Modelling and Threat Landscape
2.1.2.1 Internal Threats
2.1.2.2 External Threats
2.1.2.3 Emerging Threats
2.1.2.4 Additional Sources for Threat Information
2.1.2.5 Threat, Misuse and Abuse-Case Modeling
2.1.2.5.1 Threat modeling
2.1.3 Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
2.1.3.1 Sources of Vulnerabilities
2.1.3.2 Gap Analysis
2.1.3.3 Vulnerability Assessment and Penetration Testing
2.1.3.3.1 Vulnerability Assessment
2.1.3.3.2 Penetration Testing
2.1.3.4 Root Cause Analysis
2.1.4 Risk Scenario Development
2.1.4.1 Risk Scenario Development Tools and Techniques
2.1.4.1.1 Top-down Approach scenario development
2.1.4.1.2 Bottom-up Approach scenario development
2.1.4.2 Benefits of Using Risk Scenarios / Why Using Risk Scenarios
2.1.4.3 Developing IT Risk Scenarios
2.1.4.4 Analyzing Risk Scenarios
2.1.4.4.1 Factor Analysis of Information Risk (FAIR)
2.1.4.4.2 Holistic Approach to Risk Management (HARM)
2.2 IT Risk Analysis and Evaluation and Assessment
2.2.1 Risk Assessment Concepts, Standards, and Frameworks
2.2.1.1.1 Risk Ranking
2.2.1.1.2 Risk Maps
2.2.1.2 Risk Ownership and Accountability
2.2.1.3 Documenting Risk Assessments
2.2.1.4 Addressing Risk Exclusions
2.2.2 Risk Register
2.2.3 Risk Analysis Methodologies
2.2.3.1 Quantitative Risk Assessment
2.2.3.2 Qualitative Risk Assessment
2.2.3.3 Semiquantitative/Hybrid Risk Assessment
2.2.4 Business Impact Analysis
2.2.4.1 Business Continuity and Organizational Resiliency
2.2.4.2 Regulatory and Contractual Obligations
2.2.4.3 Strategic Investments
2.2.4.4 Business Impact Analysis and Risk Assessment
2.2.5 Inherent and Residual Risk
2.2.5.1 Inherent Risk
2.2.5.2 Residual Risk
2.2.5.3 Current Risk

3 Risk Response and Reporting
3.1 Risk Response
3.1.1 Risk and Control Ownership
3.1.1.1 Ownership and Accountability
3.1.2 Risk Treatment / Risk Response Options
3.1.2.1 Aligning Risk Response with Business Objectives
3.1.2.2 Risk Response Options
3.1.2.2.1 Risk acceptance
3.1.2.2.2 Risk mitigation
3.1.2.2.3 Risk sharing/transfer
3.1.2.2.4 Risk avoidance
3.1.2.3 Choosing a Risk Response
3.1.3 Third-Party Risk Management
3.1.4 Issue, Finding, and Exception Management
3.1.4.1 Configuration Management
3.1.4.2 Release Management
3.1.4.3 Exception Management
3.1.4.4 Change Management
3.1.4.5 Issue and Finding Management
3.1.5 Management of Emerging Risk
3.1.5.1 Vulnerabilities Associated with New Controls
3.1.5.2 Impact of Emerging Technologies on Design and Implementation of Controls
3.2 Control Design and Implementation
3.2.1 Control Types, Standards, and Frameworks
3.2.1.1 Control Standards and Frameworks
3.2.1.2 Administrative, Technical and Physical Controls
3.2.1.3 Capability Maturity Models (CMM)
3.2.2 Control Design, Selection, and Analysis
3.2.2.1 Control Design and Selection
3.2.3 Control Implementation
3.2.3.1 Changeover (Go-live) Techniques
3.2.3.2 Post-implementation Review
3.2.3.3 Control Documentation
3.2.4 Control Testing and Effectiveness Evaluation
3.2.4.1 Good Practices for Testing
3.2.4.1.1 Various testing approaches
3.2.4.1.1.1 Unit Testing and Code Review
3.2.4.1.1.2 Integration/System Testing
3.2.4.1.1.3 User Acceptance Testing (UAT)
3.2.4.1.1.4 Quality Assurance (QA)
3.2.4.1.1.5 Testing for Non-technical Controls
3.2.4.2 Updating the Risk Register
3.3 Risk Monitoring and Reporting
3.3.1 Risk Treatment Plans
3.3.2 Data Collection, Aggregation, Analysis, and Validation
3.3.2.1 Data Collection and Extraction Tools and Techniques
3.3.2.1.1 Several sources of data
3.3.2.1.1.1 Logs
3.3.2.1.1.2 Security Information and Event Management (SIEM)
3.3.2.1.1.3 Integrated Test Facilities (ITF)
3.3.2.1.1.4 External Sources
3.3.3 Risk and Control Monitoring Techniques
3.3.3.1 Monitoring Controls
3.3.3.2 Control Assessment Types
3.3.3.2.1 Self-assessment
3.3.3.2.2 IS Audit / Third-party Assurance
3.3.3.2.3 Vulnerability Assessment
3.3.3.3 Penetration Testing
3.3.4 Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
3.3.4.1 Heat Maps
3.3.4.2 Scorecards
3.3.4.3 Dashboards
3.3.5 Key Performance Indicators (KPIs)
3.3.6 Key Risk Indicators (KRIs)
3.3.6.1 KRI Selection
3.3.6.2 KRI Effectiveness
3.3.6.3 KRI Optimization
3.3.6.4 KRI Maintenance
3.3.6.5 Using KPIs with KRIs
3.3.7 Key Control Indicators (KCIs)

4 Information Technology and Security
4.1 Information Technology Principles
4.1.1 Enterprise Architecture
4.1.1.1 Maturity Models
4.1.2 IT Operations Management (e.g., change management, IT assets, problems, incidents)
4.1.2.1 Hardware
4.1.2.1.1 Supply Chain Management
4.1.2.2 Software
4.1.2.2.1 Operating Systems
4.1.2.2.2 Applications
4.1.2.2.3 Databases
4.1.2.2.4 Software Utilities
4.1.2.3 Environmental Controls
4.1.2.4 Networks
4.1.2.4.1 Firewalls
4.1.2.4.2 Proxies
4.1.2.4.3 Intrusion Systems
4.1.2.4.4 Domain Name System
4.1.2.4.5 Software-defined Networking
4.1.2.4.6 Demilitarized Zones (DMZ)
4.1.2.4.7 Virtual Private Networks (VPNs)
4.1.2.5 Technology Refresh
4.1.2.6 Operations and Management Evaluation
4.1.2.7 Virtualization and Cloud Computing
4.1.3 Project Management
4.1.3.1 Project Risk
4.1.3.2 Project Closeout
4.1.4 Disaster Recovery Management (DRM) / Enterprise Resiliency
4.1.4.1 Business Continuity
4.1.4.2 Disaster Recovery
4.1.5 Data Lifecycle Management
4.1.5.1 Data Management
4.1.5.2 Data Loss Prevention (DLP)
4.1.6 System Development Life Cycle (SDLC)
4.1.7 Emerging Technologies / Emerging Trends in Technology
4.1.7.1 Omnipresent Connectivity
4.1.7.1.1 Bring Your Own Devices (BYOD)
4.1.7.1.2 The Internet of Things
4.1.7.2 Massive Computing Power
4.1.7.2.1 Deepfakes
4.1.7.2.2 Blockchain
4.1.7.2.3 Artificial Intelligence (AI)
4.2 Information Security Principles
4.2.1 Information Security Concepts, Frameworks, and Standards
4.2.1.1 Likelihood and Impact
4.2.1.2 CIA Triad
4.2.1.3 Segregation of Duties / Separation of Duties / SoD
4.2.1.4 Cross-training and Job Rotation
4.2.1.5 Access Control / Identity and Access Management (IAM)
4.2.1.5.1 Identification
4.2.1.5.2 Authentication
4.2.1.5.3 Authorization
4.2.1.5.4 Accountability
4.2.1.6 Encryption
4.2.1.6.1 Symmetric Encryption Algorithms
4.2.1.6.2 Asymmetric Encryption Algorithms / Public Key Cryptography
4.2.1.6.3 Message Integrity and Hashing Algorithms
4.2.1.6.4 Digital Signatures
4.2.1.6.5 Certificates
4.2.1.6.6 Public Key Infrastructure (PKI)
4.2.2 Information Security Awareness Training
4.2.3 Business Continuity Management
4.2.4 Data Privacy and Data Protection Principles
4.2.4.1 Key Concepts of Data Privacy
4.2.4.1.1 Informed Consent
4.2.4.1.2 Privacy Impact Assessment (PIA)
4.2.4.1.3 Minimization
4.2.4.1.4 Destruction
4.2.4.2 Risk Management in a Privacy Context

5 Further readings
5.1 Example of Bayesian analysis
5.2 Example of Bow Tie analysis
5.3 Example of cause-and-effect analysis
5.4 Example of Event tree analysis
5.5 Example of Fault tree analysis
5.6 Example of Markov analysis
5.7 More about Network
5.7.1 The TCP/IP Stack / TCP/IP Model
5.7.2 Cabling
5.7.3 Repeaters
5.7.4 Switches
5.7.5 Routers
5.8 More about Technical Refresh
5.9 IaaS, PaaS, and SaaS

 

更多綜合課程
  攝影課程
  • 攝影初級
  • 攝影中級 (風景專題)
  英文課程
  • IPA 拼音:級別 1 2 3 4
  普通話課程
  • 基礎普通話拼音 (免費)
  • 進階普通話拼音
  • 普通話會話:級別 1 2 3
  西班牙語文課程
  • 級別 1 2 3
  中醫課程
  • 濕疹與皮膚敏感病
  • 暗瘡與色斑 | 鼻敏感與感冒
  • 脫髮與白髮 | 從五官看健康
  風水命理課程
  • 紫微斗數:級別 1 2 3
  • 子平八字:級別 1 2 3
  • 八字風水:級別 1 2 3
  • 奇門遁甲:級別 1 2 3