Programme Objective
In view of the changing business environment and the pervasive use of technology, there is greater need for businesses to understand and manage systems related risks. ISCA, with the support of the Singapore Accountancy Commission (SAC), has worked with IT risk experts to develop the ISCA Information Systems Risk Management Certificate programme. The training programme will help to upskill the industry and increase the capabilities of service providers in the area of information systems risk management.
It covers essential knowledge for non-IT professionals to get more insights into IS risk management. Key topics include Enterprise IT Architecture, Network and Information Security Management, IT Service Management, IS Risk Management Framework - covering Risk Identification, Assessment, Treatment, Reporting and Monitoring.
After completing the Certificate programme, learners will be able to:
- Understand information systems security, risks and controls with the aim of managing risks within the organisation
- Understand and apply common IT risk identification, risk assessment and risk mitigation techniques
- Design information system risk management plans
- Identify Key Risk Indicators and Key Performance Indicators to monitor and control IT Risk within the organization
- Progress towards taking the ISACA Certified in Risk and Information Systems Control (CRISC) Certification
Programme Outline
This programme is the second series under the ISCA Compliance Certificate Series and is made up of modules as shown in the table below:
| | Series 1: ISCA PDPA Compliance Certificate | Series 2: ISCA Information Systems Risk Management Certificate |
Fundamental
(2 modules)
*Optional | | DGT048v: Cybersecurity Literacy
RM002i: Enterprise Risk Management |
Intermediate
(1 module) | Essentials of Information Systems Risk and Controls (ISRM Part 1) |
Advanced
(1 module) | Information Systems Risk Management (ISRM Part 2) |
Note:
- Participants are recommended to attend the Fundamental modules to obtain a basic understanding of cybersecurity and risk management. Participants who have attended equivalent courses previously or have sufficient understanding/ knowledge of the topics during the course of their work do not need to attend the Fundamental modules. Please refer to the course information for more details.
- Participants are required to take both the Intermediate and Advanced modules of the programme to receive the ISCA Information Systems Risk Management Certificate.
There are two parts to the programme – Intermediate (ISRM Part 1) and Advanced Modules (ISRM Part 2).
Intermediate Module - Essentials of Information Systems Risk and Controls (ISRM Part 1)
Topics covered in the Intermediate Module are:
Day 1
Introduction to Risk Management
Risk Management & Governance
Enterprise Risk Management
Enterprise IT Architecture
Operating Systems
Application Software
Enterprise Networking
(7 CPE Hours)
Day 2
Network Control Design and Implementation
Firewalls, IDS & IPS
Authentication, Access Control, Accounting
Project & Risk Management
Outsourcing Risk Management
Incident Handling & Business Continuity
(7 CPE Hours)
Day 3
Control Practices and Metrics
Configuration Management
Patch Management
Change Management
Vulnerability Management
(7 CPE Hours)
Training Methodology
Classroom style with both formative and summative assessment components.
Participants will be required to complete an assessment at the end of each day’s class.
Closing Date for Registration
1 week before programme or until full enrolment of 15 pax.
Intended For
- Advisory and audit professionals in professional service firms looking to enhance their knowledge or skills in information systems risk management.
- Accountants in business who are involved in risk identification and management within their organisation and would like to deepen skillsets in the area of information systems and controls.
Schedule & Fees
Testimonial
Funding
No funding Available!
Programme Facilitator(s)
Programme Objective
In view of the changing business environment and the pervasive use of technology, there is greater need for businesses to understand and manage systems related risks. ISCA, with the support of the Singapore Accountancy Commission (SAC), has worked with IT risk experts to develop the ISCA Information Systems Risk Management Certificate programme. The training programme will help to upskill the industry and increase the capabilities of service providers in the area of information systems risk management.
It covers essential knowledge for non-IT professionals to get more insights into IS risk management. Key topics include Enterprise IT Architecture, Network and Information Security Management, IT Service Management, IS Risk Management Framework - covering Risk Identification, Assessment, Treatment, Reporting and Monitoring.
After completing the Certificate programme, learners will be able to:
- Understand information systems security, risks and controls with the aim of managing risks within the organisation
- Understand and apply common IT risk identification, risk assessment and risk mitigation techniques
- Design information system risk management plans
- Identify Key Risk Indicators and Key Performance Indicators to monitor and control IT Risk within the organization
- Progress towards taking the ISACA Certified in Risk and Information Systems Control (CRISC) Certification
Programme Outline
This programme is the second series under the ISCA Compliance Certificate Series and is made up of modules as shown in the table below:
| | Series 1: ISCA PDPA Compliance Certificate | Series 2: ISCA Information Systems Risk Management Certificate |
Fundamental
(2 modules)
*Optional | | DGT048v: Cybersecurity Literacy
RM002i: Enterprise Risk Management |
Intermediate
(1 module) | Essentials of Information Systems Risk and Controls (ISRM Part 1) |
Advanced
(1 module) | Information Systems Risk Management (ISRM Part 2) |
Note:
- Participants are recommended to attend the Fundamental modules to obtain a basic understanding of cybersecurity and risk management. Participants who have attended equivalent courses previously or have sufficient understanding/ knowledge of the topics during the course of their work do not need to attend the Fundamental modules. Please refer to the course information for more details.
- Participants are required to take both the Intermediate and Advanced modules of the programme to receive the ISCA Information Systems Risk Management Certificate.
There are two parts to the programme – Intermediate (ISRM Part 1) and Advanced Modules (ISRM Part 2).
Intermediate Module - Essentials of Information Systems Risk and Controls (ISRM Part 1)
Topics covered in the Intermediate Module are:
Day 1
Introduction to Risk Management
Risk Management & Governance
Enterprise Risk Management
Enterprise IT Architecture
Operating Systems
Application Software
Enterprise Networking
(7 CPE Hours)
Day 2
Network Control Design and Implementation
Firewalls, IDS & IPS
Authentication, Access Control, Accounting
Project & Risk Management
Outsourcing Risk Management
Incident Handling & Business Continuity
(7 CPE Hours)
Day 3
Control Practices and Metrics
Configuration Management
Patch Management
Change Management
Vulnerability Management
(7 CPE Hours)
Training Methodology
Classroom style with both formative and summative assessment components.
Participants will be required to complete an assessment at the end of each day’s class.
Closing Date for Registration
1 week before programme or until full enrolment of 15 pax.
Intended For
- Advisory and audit professionals in professional service firms looking to enhance their knowledge or skills in information systems risk management.
- Accountants in business who are involved in risk identification and management within their organisation and would like to deepen skillsets in the area of information systems and controls.
Programme Facilitator(s)
