Certified Information Systems Risk and Compliance Professional (CISRCP), distance learning and online certification program


Which is one of the biggest mistakes companies and organizations make in the areas of risk, compliance, IT, information security and privacy? They rely on expert opinion and technical advice that is not based on laws and regulations.

To minimize liability and reduce risks, including losses from legal action, managers and experts must understand the current legal environment.

The CISRCP program deals with the interaction of US and EU executive orders, directives and regulations that shape international standards and best practices. It covers the General Data Protection Regulation (GDPR) of the EU, and the extraterritorial application of EU law, including the data protection "by design" and "by default".


The seminar has been designed to provide with the knowledge and skills needed to understand the legal and regulatory obligations that shape international standards and best practices in risk, compliance, IT, information security and privacy protection, and to become a Certified Information Systems Risk and Compliance Professional (CISRCP).

Target Audience

The CISRCP certification program is beneficial to:
- Managers and employees involved in the design and implementation of risk, compliance, IT, information security and privacy protection strategies, policies, procedures, risk assessments, control activities, testing, documentation, monitoring and reporting.
- Vendors, suppliers and service providers.

This course is intended for employers demanding qualified professionals that meet the fit and proper requirements.

Course Synopsis

Part 1: US Executive Orders and federal government regulation that shape cybercrime laws, regulations and international standards.

Executive orders.
National Security Decision Directive 145 (NSDD 145).
National Security Presidential Directive 38 (NSPD 38).
The National Strategy to Secure Cyberspace.
National Security Presidential Directive 54 (NSPD 54).
Homeland Security Presidential Directive 23, (HSPD 23).
Einstein 1, 2 , E3A.
Executive Order 13587.
Executive Order (EO) 13636.
PPD 21.
Executive Order 13636.
Executive Order 13691.
PPD 41.
Executive Order 13794.
Executive Order 13800.

US federal government regulation.
Health Insurance Portability and Accountability Act (HIPAA).
Gramm-Leach-Bliley Act.

Part 2: The European Union's directives and regulations that shape international standards.

The Budapest Convention on Cybercrime, 2001.
The EU Cybersecurity Strategy, 2013.
Directive 2013/40/EU.
The Digital Single Market Strategy, 2015.

The European Agenda on Security, 2015.

The EU Computer Emergency Response Team (CERT-EU).
Europol’s Cybercrime Centre (EC3).
The EC3 Programme Board.

The directive on security of network and information systems (NIS Directive), 2016.
The NIS Directive, important parts.

Critical infrastructure protection in the EU.
Directive 2008/114/EC.
COM (2006) 786.
JOIN (2017) 450.
Reform of cyber security in Europe.

Part 3: The General Data Protection Regulation (GDPR) of the EU, and the extraterritorial application of EU law.

Important sections of the GDPR.
Principles relating to processing of personal data.
Data protection "by design" and "by default".
Representatives of controllers or processors not established in the Union.
Information security.
Security of processing.
Appropriate level of security, "taking into account the state of the art".
The "data protection impact assessment ".
Transfers of personal data to third countries.
GDPR practical steps, from ENISA.

Closing remarks.
World Economic Forum, Global Centre for Cybersecurity.

For secure payment we work with PayPal, the faster and safer way to make online payments. With PayPal we minimize the cost of administration and compliance with national and international laws, so we can keep the cost of our programs and services so low.

Only PayPal receives your credit card number and your financial information. We receive your full name, your email, and your mail address. According to the PayPal rules, you have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email and we will refund the payment, no questions asked.

When you click "Buy Now" below, you will be redirected to the PayPal web site. Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Rebackerstrasse 7, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.

We will send the program up to 24 hours after the payment.

The all-inclusive cost is $297. There is no additional cost, now or in the future, for this program.

What is included in this price:

A. The official presentations we use in our instructor-led classes (1,154 slides)

B. Up to 3 Online Exams

You have to pass one exam. If you fail, you must study the official presentations and try again, but you do not need to spend money. Up to 3 exams are included in the price. To learn more you may visit:


C. Your certificate

Processing and posting to your office or home (via registered mail).