COURSES
Information Systems Audit and Control Association (ISACA)
OUR COURSES SERIES
Information Systems Audit and Control Association (ISACA) Course Directory
Certified in Risk and Information Systems Control (CRISC)
| Course Name | Course Type | Syllabus |
|---|---|---|
| CRISC 2023: Attack Mitigations | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Attack MitigationsOverview/Description: Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. Knowledge of techniques and attacks, such as buffer overflows and distributed denial-of-service (DDoS) attacks, facilitates mitigation planning. In this course, you will begin by exploring SYN flood attacks and their relationship with the three-way Transmission Control Protocol (TCP) handshake. Next, you will spoof network traffic and discover different types of buffer overflow attacks. Then you will investigate DDoS attack mitigations and run a denial-of-service (DoS) attack against a website. Finally, you will compromise a client web browser, run a structured query language (SQL) injection and reverse shell attack, and crack Remote Desktop Protocol (RDP) passwords. This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_20_enus |
| CRISC 2023: Authentication | Course | View details Course Syllabus | Print Syllabus CRISC 2023: AuthenticationOverview/Description: Hardening authentication processes makes it more difficult for attackers to compromise accounts. Managing users and groups allows for access to required resources.In this course, you will explore authentication methods, including passwordless login. Then, you will learn how to manage Linux users and groups using the command line and how to enable Secure Shell (SSH) public key authentication. Next, you will manage Windows and cloud users and groups and examine dynamic membership cloud-based groups. Finally, you will configure multi-factor authentication (MFA) for users and explore identity federation.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_06_enus |
| CRISC 2023: Authorization | Course | View details Course Syllabus | Print Syllabus CRISC 2023: AuthorizationOverview/Description: Strong authorization settings limit permissions to resources for authenticated entities. Cybersecurity analysts must be aware of how to not only configure resource permissions, but also how to evaluate existing permissions to ensure adherence to the principle of least privilege. In this course, you will discover how authorization is related to, but differs from, authentication. Then, you will explore access control models, such as role-based access control (RBAC) and attribute-based access control (ABAC). Next, you will find out how to manage Linux and Windows file system permissions using the command lines. Finally, you will learn how to configure Windows dynamic access control, work with privileged access management in Linux using sudo, and manage RBAC permissions in the Microsoft Azure cloud. This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_07_enus |
| CRISC 2023: Business Continuity | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Business ContinuityOverview/Description: Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact.In this course, you will explore common characteristics of a business continuity plan (BCP) and learn how to conduct a business impact analysis (BIA). Then you will investigate disaster recovery plans (DRPs), including components, key considerations, and governance. Next, you will configure high availability for cloud storage accounts, virtual machines, and databases through replication. Finally, you will configure the backup of on-premises data to the cloud.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_16_enus |
| CRISC 2023: Cryptography | Course | View details Course Syllabus | Print Syllabus CRISC 2023: CryptographyOverview/Description: Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques.In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure Encrypting File System (EFS) file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Then learn how to hash files in Linux and Windows. Finally, find out about hardware security modules (HSMs) and the Trusted Platform Module (TPM), how Transport Layer Security (TLS) supersedes the Secure Sockets Layer (SSL), and how to enable HTTPS.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_08_enus |
| CRISC 2023: Data Classification | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Data ClassificationOverview/Description: The need to comply with data privacy regulations and reduce risk to sensitive data applies to most organizations. Organizations must know which sensitive data they possess in order to secure it properly.In this course, I will begin by using tags, or metadata, to organize Microsoft Azure cloud resources. Next, I will use Amazon Macie to discover and classify data stored in Simple Storage Service (S3) buckets. I will then use Microsoft Purview governance to discover and classify data stored in storage accounts. I will also discover and classify data on the Windows Server platform using File Server Resource Manager (FSRM). Lastly, I will configure automated life cycle management for blobs in Microsoft Azure storage accounts.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_05_enus |
| CRISC 2023: Data Privacy | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Data PrivacyOverview/Description: Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management.In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canadas Personal Information Protection and Electronic Documents Act (PIPEDA) and Chinas Personal Information Protection Law (PIPL).This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_03_enus |
| CRISC 2023: Firewalls | Course | View details Course Syllabus | Print Syllabus CRISC 2023: FirewallsOverview/Description: Security firewalls can determine what type of network traffic to allow or deny into and out of networks and hosts. Intrusion detection systems notify technicians of suspicious activity.Begin this course by discovering firewall types like next-generation firewall (NGFW) and web application firewall (WAF) and examining their use cases. Then you will configure Windows Defender Firewall and learn how to manage a Linux-based firewall solution. Next, you will manage a cloud-based firewall, explore proxy servers, and deploy the Squid proxy server on Linux. Finally, you will investigate intrusion detection and prevention and install Snort on Linux.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_15_enus |
| CRISC 2023: Hardening Techniques | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Hardening TechniquesOverview/Description: Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed.In this course, you will begin by discovering hardening techniques for a variety of IT environments. Then you will find out how to use Microsoft Intune to centrally manage mobile devices. You will explore the importance of applying hardware and software patches and patch AWS virtual machines. Next, you will install and configure a Windows Server Update Services (WSUS) server and harden Windows computers using Group Policy. You will investigate SANs and related security considerations and you will manage virtual machines through Microsoft Azure Bastion. Finally, you will harden a Wi-Fi router and printer, enable Microsoft Azure VNet peering, and configure Azure private endpoints.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_19_enus |
| CRISC 2023: Incident Response | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Incident ResponseOverview/Description: Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also to manage them to reduce their negative impact.In this course, learn the importance of incident response plans (IRPs) and explore incident response activities such as escalation, eradication, and containment. Next, discover the value of lessons learned from past incidents and how to make future incident response more effective. Finally, examine how to apply incident response to a scenario.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_22_enus |
| CRISC 2023: IT Baselines | Course | View details Course Syllabus | Print Syllabus CRISC 2023: IT BaselinesOverview/Description: Organizations must consider compliance with applicable laws and regulations through the management of security controls. IT systems and on-premises and cloud data can be secured, and compliance achieved using a variety of methods.In this course, explore various cloud provider compliance program details and how to use AWS conformance packs to track configuration compliance in the AWS cloud. Next, discover how security baselines are created and establish a performance baseline on the Windows Server platform and Azure Cloud. Finally, learn how to configure Azure Blueprints for a repeatable and compliant cloud environment and use Azure Policy to check resource configuration compliance.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_04_enus |
| CRISC 2023: IT Governance | Course | View details Course Syllabus | Print Syllabus CRISC 2023: IT GovernanceOverview/Description: Managing risk properly can result in reducing risk to acceptable levels for business objectives. IT governance principles guide activities related to reducing risk.In this course, explore IT security governance, its relationship to organizational security programs and project management, and how the COBIT framework applies to IT governance. Next, learn about organizational security policies, organizational culture and its relationship to security, and the importance of performing a gap analysis. Finally, examine supply chain security, personnel management, configuration and change management, IT audits, SLOs and SLAs, and chain of custody.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_02_enus |
| CRISC 2023: IT Monitoring | Course | View details Course Syllabus | Print Syllabus CRISC 2023: IT MonitoringOverview/Description: Logging and monitoring are crucial aspects of IT security governance. The ability to configure and centrally monitor logs to detect anomalies can prevent security incidents or minimize their impact.In this course, I will cover how to view Linux log files, configure log rotation for log retention, and configure Linux log forwarding to a central logging host. Next, I will work with Windows Event Viewer logs. Lastly, I will configure Windows log forwarding. This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_21_enus |
| CRISC 2023: Malware | Course | View details Course Syllabus | Print Syllabus CRISC 2023: MalwareOverview/Description: Threat actors use social engineering and exploit vulnerabilities to achieve their goals. Performance and security baselines can facilitate threat detection.In this course, I will begin by covering threat actor types. I will then explain the relationship between baselines and threat detection. Next, I will discuss indicators of malicious activity at the network, host and application levels. I will define how social engineering is a major threat and demonstrate how to execute a social engineering attack. Lastly, I will discuss common malware types, explore malware techniques, and analyze email messages.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_17_enus |
| CRISC 2023: Network Security | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Network SecurityOverview/Description: Organizations should secure resource access while remaining compliant with relevant laws and regulations. One way to do this is to ensure proper network security controls are in place and reviewed regularly.In this course, learn about the OSI model layers, their relevance to network security controls, and the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues, Wi-Fi authentication methods, and how to harden a DHCP and DNS deployment on Windows Server. Finally, discover the importance of honeypots and honeynets, how to implement a honeypot, how to analyze captured network traffic, and the purpose of an interconnection security agreement.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_10_enus |
| CRISC 2023: Public Key Infrastructure | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Public Key InfrastructureOverview/Description: Public key infrastructure (PKI) certificates are used to secure IT environments in many different ways, such as through email encryption and web server HTTPS bindings. Technicians must have an understanding of how PKI certificates are requested, issued, and used.In this course, you will explore the PKI hierarchy from certification authorities (CAs) down to issued certificates, as well as the PKI certificate life cycle. Next, you will learn how to deploy a private CA on the Windows platform and how to manage PKI certificate templates. Then, you will acquire PKI certificates and configure a web server HTTPS binding. Finally, you will configure a website to allow access only from clients with trusted PKI certificates.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_09_enus |
| CRISC 2023: Risk Case Studies | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Risk Case StudiesOverview/Description: The ability to effectively mitigate risk to levels acceptable to the organization is possible through risk management. Business leaders and technicians must apply risk management techniques to many levels of threats. In this course, I will begin with a risk management scenario related to a ransomware outbreak. I will then manage risk related customer data breaches, user account compromises, and Internet of Things (IoT) device usage. Lastly, I will apply risk management techniques to phishing scams. This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_23_enus |
| CRISC 2023: Risk Management | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Risk ManagementOverview/Description: Proper IT governance consists of proper risk management. Risk management specialists can apply a variety of techniques to manage risk to an acceptable level.In this course, you will begin by exploring how risk management can minimize the impact of IT security events and discussing the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, you will learn how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. You will explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_01_enus |
| CRISC 2023: Security Controls | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Security ControlsOverview/Description: To protect assets, organizations must apply a structured approach to software development, as well as implement, manage, and monitor security controls. Organizations must also determine the appropriate cost to protect assets.In this course, learn about security control types, how physical security and digital data security relate, and how critical infrastructure should be protected. Next, explore the Cloud Controls Matrix (CCM), how to use the annual loss expectancy (ALE) formula, and security within the software development life cycle (SDLC). Finally, examine continuous integration and continuous deployment (CI/CD), Git version control, how to use the git CLI, and the benefits of the OWASP Enterprise Security API (ESAPI).This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_11_enus |
| CRISC 2023: Security Testing | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Security TestingOverview/Description: Vulnerability scanning identifies host and network vulnerabilities and must be an ongoing task. Penetration testing is an active security method by which there is an attempt to exploit discovered vulnerabilities.In this course, you will begin by discovering how to plan for, schedule, and execute vulnerability assessments, identify common vulnerability scanning tools, and conduct an Nmap scan. Next, you will use Zenmap to execute a security scan and test web app security using the Open Worldwide Application Security Project (OWASP) Zed Attack Proxy (ZAP) tool. Then you will explore penetration testing and the Metasploit framework and use the Burp Suite tool as an HTTP intermediary proxy. Finally, you will view security alerts using Microsoft Defender for Cloud.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_18_enus |
| CRISC 2023: SIEM & SOAR | Course | View details Course Syllabus | Print Syllabus CRISC 2023: SIEM & SOAROverview/Description: Security information and event management (SIEM) solutions serve as centralized data ingestion and analysis engines that seek out potential security issues. Security incident response can be partially or fully automated using security orchestration, automation, and response (SOAR) solutions.In this course, discover the benefits of SIEM and SOAR security incident monitoring and response solutions. Next, learn how to deploy the Splunk SIEM on Linux. Then, you will configure a Splunk universal forwarder. Finally, you will use various tools like Wireshark to capture and analyze industrial control system (ICS) network traffic.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_14_enus |
| CRISC 2023: Threat Intelligence | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Threat IntelligenceOverview/Description: Risk analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible.In this course, you will examine different threat intelligence sources such as the common vulnerabilities and exposures (CVEs) website. Then you will explore how the Open Web Application Security Project (OWASP) Top 10 can help harden vulnerable web applications. You will discover how artificial intelligence (AI) and machine learning (ML) are used in threat hunting. Next, you will investigate threat positives and negatives, as well as how advanced persistent threats (APTs) are executed. Finally, you will focus on the Cyber Kill Chain and learn how to detect threats using Amazon GuardDuty.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_13_enus |
| CRISC 2023: Virtualization & the Cloud | Course | View details Course Syllabus | Print Syllabus CRISC 2023: Virtualization & the CloudOverview/Description: Virtualization has become a standard for on-premises and cloud-based IT deployments. Application container use is increasing, and both virtualization and application containers are used in cloud computing.In this course, learn about the different types of virtualization, virtualization security, and how to configure a VMware Workstation hypervisor. Next, explore application containers by learning how to install Docker on Linux, as well as how to manage and secure application containers and configure an isolated virtualization sandbox. Finally, examine cloud computing deployment and service models, as well as cloud-based security solutions.This course can be used to prepare for the ISACA Certified in Risk and Information Systems Control (CRISC) certification. Course Number: it_cscrisc23_12_enus |