Certified IT Risk and Incident Management Professional - CRIMP

This course combines two critical aspects of cybersecurity and IT operations: proactively identifying and mitigating potential threats (risk management) and effectively responding to actual security breaches or service disruptions (incident management).

This essential knowledge will guide an information security professional to perform their roles in a highly efficient, effective and professional manner.

Introduction to IT Risk and Incident Management:

Defining Key Concepts:

What is IT Risk? (Likelihood and Impact of threats to IT assets)

What is Information Security Risk Management?

What is Incident Management? (Responding to unplanned service interruptions)

Difference between an Incident and a Problem (quick fix vs. root cause)

Importance and Benefits:
Why are these crucial for organizations? (Protecting reputation, minimizing financial losses, ensuring business continuity, regulatory compliance)
Impact of incidents on business operations, data, and reputation.
Relationship between Risk and Incident Management:
How proactive risk management reduces incident occurrence.
How incident data feeds back into risk assessment.
Overview of Relevant Frameworks and Standards:
ISO/IEC 27000 series (especially ISO 27005 for Information Security Risk Management)
NIST Cybersecurity Framework

IT Risk Management:
Risk Governance and Context:
Establishing the context for risk-related activities.
Defining risk appetite and risk tolerance.
Roles and responsibilities in IT risk management.
Risk Identification:
Identifying IT assets (hardware, software, data, people, processes).
Identifying threats (malware, phishing, insider threats, natural disasters, hardware failures).
Identifying vulnerabilities (software bugs, misconfigurations, weak passwords).
Threat modeling and landscape analysis.
Risk scenario development.
Risk Analysis and Evaluation:
Qualitative Risk Assessment (e.g., high, medium, low).
Quantitative Risk Assessment (e.g., Annualized Loss Expectancy - ALE).
Business Impact Analysis (BIA) - understanding the impact of IT disruptions on business functions.
Risk register development and maintenance.
Inherent vs. Residual Risk.
Risk Response and Treatment:
Risk Avoidance.
Risk Reduction/Mitigation (implementing controls and safeguards).
Risk Transfer (e.g., insurance, outsourcing).
Risk Acceptance.
Developing risk treatment plans.
Control design and implementation.
Risk Monitoring, Reporting, and Communication:
Monitoring techniques (Key Risk Indicators - KRIs).
Risk reporting principles (heatmaps, scorecards, dashboards).
Communicating risks to stakeholders.
Third-party risk management.
Managing emerging risks

IT Incident Management:
Fundamentals of Incident Management:
Purpose and scope of incident management.
Common terms and concepts.
Incident vs. Service Request vs. Problem.
Benefits of effective incident management.
Incident Response Process (based on NIST or similar models):
Preparation:
Developing an Incident Response Plan (IRP).
Building an Incident Response Team (IRT/CSIRT).
Defining roles and responsibilities.
Establishing communication guidelines.
Implementing tools and technologies (SIEM, EDR, SOAR).
Training and awareness programs.
Identification:
Incident detection methods (monitoring, alerts, user reports).
Initial assessment and triage.
Logging and documentation.
Containment:
Strategies to limit the scope and impact of an incident.
Short-term and long-term containment.
Network segmentation, isolating affected systems.
Eradication:
Removing the root cause of the incident.
Cleaning infected systems.
Applying patches, updating configurations.
Recovery:
Restoring affected systems and services to normal operation.
Data recovery and restoration.
Prioritizing recovery efforts based on BIA.
Business Continuity and Disaster Recovery (BCDR) concepts.
Post-Incident Activity/Lessons Learned:
Post-mortem analysis.
Identifying what went well and what could be improved.
Updating policies, procedures, and controls.
Knowledge sharing and training.
Practical Skills and Techniques:
Digital Forensics fundamentals (evidence collection, chain of custody).
Malware analysis basics.
Vulnerability assessment and penetration testing (as they relate to identifying and responding to incidents).
Secure coding techniques (to prevent future vulnerabilities).
Secure DNS, directory services, file transfer.
Scripting, automation, and orchestration in incident response.
Incident Types and Specific Responses:
Malware incidents (viruses, worms, ransomware).
Phishing and social engineering attacks.
Denial of Service (DoS/DDoS) attacks.
Insider threats.
Web application attacks (SQL injection, XSS).
Data breaches.
Cloud security incidents.

Tools and Technologies:
Risk Management Tools: Risk registers, GRC platforms.
Incident Response Tools: SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), SOAR (Security Orchestration, Automation, and Response), forensic tools, ticketing systems.
Monitoring Tools: Network monitoring, log management, security analytics.

ISO/IEC 27035 - information security incident management standard:
Providing guidelines for organizations to establish a systematic approach to detecting, reporting, responding to, and recovering from security incidents. A detailed discussion on the recommendations from this standard.

Case Studies and Practical Exercises:
Analyzing real-world incident scenarios and risk assessments.
Developing incident response playbooks.
Conducting tabletop exercises or simulated incident drills.

IT and IT security professionals, security analysts, engineers, and architects
Information Security Managers
Network Engineers and Administrators
System Administrators
DevOps Engineers
IT Managers seeking to understand cloud security risks.
Aspiring CIOs / CISOs
Consultants and auditors
Anyone who is looking to specialize in the rapidly evolving field of cloud security

1. Gain a deep understanding of cloud architectures, security principles, threats, and mitigation techniques
2. Enables a professional to play the role of a cloud security manageer
3. Enables professionals from traditional IT or security roles to pivot into the booming cloud sector.
4. Strong cloud security expertise can lead to senior security roles like Cloud Security Architect, Security Manager, or CISO.
5. Learn to identify, assess, and mitigate security risks specific to cloud environments
6. Understand how to navigate complex regulatory landscapes (GDPR, HIPAA, PCI DSS, etc.) in the cloud

Exam consisting of multiple-choice questions
Number of questions: 50
Exam duration: 75 minutes
Passing criteria: 65% to be scored

1. What is the mode of this course?
The course is available in either modes, classroom or virtual.

2. Is VILT a live training, or do I get access to watch pre-recorded videos?
This is a live virtual instructor-led training (VILT) session where you can interact with the trainer. Pre-recorded videos are not available or permitted.

3. Will I get a refund if I cancel my enrolment?
Please check Cancellation and Refund Policy page.

4. Can the dates of the training be customized?
The training dates are published in advance, although you may let us know your preferred dates for exclusive training by mailing us on [email protected].

5. How does IT Risk & Incident Management Training help?
The training adequately equips you with the necessary knowledge to identify and mitigate potential threats (risk management) and respond to security breaches and service disruptions (incident management).

6. To whom is this training relevant?

• IT and IT security professionals, security analysts, engineers, and architects
• Network Engineers and Administrators
• DevOps Engineers
• IT Managers seeking to understand cloud security risks
• Aspiring CIOs / CISOs
• Consultants and auditors

7. Are there any prerequisites to attending the training?

• Basic Knowledge of IT and Information Security.
• A minimum of 3 years of working experience in IT and information security areas.

8. How are the examinations hosted?
Remotely proctored Online exam.

9. What is the duration of the examination?
Exam duration is 75 minutes.

10. How are participants assessed during the course?
Participants must appear for an online examination at the end of the course, which is remotely proctored.

11. What is the passing criterion for a written examination?

Minimum passing criteria is 65%.
The exam consists of 50 multiple-choice questions.

12. Will I be awarded a certificate for attending the training course?
The Certificate of Successful Completion will be awarded by TUV SUD to participants.

13. Is it possible to retake the online final exam? Under what conditions is this possible?
Students who fail the online examination are allowed one retake examination at no cost.

14. Will I be charged for an online exam retake?
You will have to contact one of the TÜV SÜD representatives to avail one retake exam at no cost.