top of page


Certified Information Systems Risk Manager.


Target audience.

Information System Security Officers; Risk Managers; Information Systems Owners; Info Security Control Assessors; System Managers; State & Local Government Risk Managers.


Purpose of the course.

Mile2's CISRM certification course focuses on understanding the impact and mitigation techniques associated with Internet Technology and enterprise risk. The CISRM will focus on the following domains :

  • Identification, Assessment and Evaluation of Risk

  • Risk Response

  • Monitoring Risk

  • Information System Control, Design and Implementation

  • Information System Control, Monitoring and Maintenance

Upon successful completion of Mile2's CISRM certification course, students will have developed extensive knowledge of all five ISRM domains and gain extensive knowledge and skills in both IS management and ISMS concepts, standards, implementation approaches. Students will also learn effective techniques to either audit or implement acceptable controls, best practices, corporate strategies and industry compliance standards.

In addition to the skills the student will obtain, they will also be able to sit for Mile2's CISRM and/or ISACA's CRISC exam.



Duration of studies: 5 days / 40 hours
Language of instruction (students may choose): Russian, English

Language of materials and test: English


This course package includes:

  • Certified trainer

  • Learning resources

  • Exam

The Certified Information Systems Risk Manager exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your account. The exam will take 2 hours and consist of 100 multiple choice questions.


Course Outline.

Domain 1: Risk Identification, Assessment and Evaluation

  • Lesson 1.1: Collect and review information necessary to the identification and evaluation of risk scenarios

  • Lesson 1.2: Review requirements and polices to determine impact on business objectives

  • Lesson 1.3: Identify vulnerabilities and threats associated in the evaluation of enterprise risk

Domain 2: IS Control Design and Implementation

  • Lesson 2.1: Develop understanding of business process objectives

  • Lesson 2.2: Identify required IS controls.

  • Lesson 2.3: Design IS controls for alignment with business objectives

  • Lesson 2.4: Facilitate the resource identification

Domain 3: Risk Response

  • Lesson 3.1: Identification and evaluation of risk response options

  • Lesson 3.2: Review risk responses for efficient and effectiveness

  • Lesson 3.3: Use of risk criteria in the risk profile development process

  • Lesson 3.4: Develop risk response action plan

  • Lesson 3.5.: Develop business cases that align risk responses with business objectives

Domain 4: IS Control Monitoring and Maintenance

  • Lesson 4.1: Conduct testing for IS control effectiveness and efficiency

  • Lesson 4.2: Identify IS control deficiencies

  • Lesson 4.3: Verify IS policies and standards address organizational requirements

  • Lesson 4.4: Tools and techniques for automating IS control verification processes

Domain 5: Risk Monitoring

  • Lesson 5.1: Collect and validate data measuring key risk indicators (KRIs)

  • Lesson 5.2: Monitor and communicate KRIs and management activities

  • Lesson 5.3: Facilitate independent risk assessments and management process reviews for efficiency and effectiveness

  • Lesson 5.4: Identification of risk and reports to initiate corrective action

bottom of page