Certified in Risk and Information Systems Control (CRISC) Training

Propel your career with CRISC certification and build greater understanding of the impact of IT risk and how it relates to your organization.. In this Certified in Risk and Information Systems Control (CRISC) Training course, you’ll cover all four domains of the ISACA Certified in Risk and Information Systems Control (CRISC) exam and gain the knowledge and concepts required to obtain CRISC certification. Since its inception in 2010, the CRISC certification is designed for IT and business professionals who identify and manage risks through the development, implementation, and maintenance of appropriate information systems (IS) controls.

Types of risk may vary, but with its key role as an agent of innovation, technology has become the most critical risk factor for today’s enterprises. Since, conducting a risk assessment is not something a typical information technology education includes, many IT professionals are lacking in knowledge that businesses increasingly deem integral to their future success.

The CRISC designation demonstrates the holder is able to identify and evaluate IT risk and help their enterprise accomplish its business objectives. Since its inception in 2010, more than 20,000 professionals worldwide have earned the CRISC to affirm their business and IT risk management competence, and their ability to design, implement, monitor and maintain effective, risk-based information systems controls.

  • CRISC certification ensures you are recognized as a professional with the skills and experience to provide value and insight from an overall organizational perspective on both IT risk and control.
  • One of the key CRISC domains focuses on the organizational framework for managing and mitigating risk across business processes and technology.
  • CRISC holders are able to establish a common language to communicate within IT and to stakeholders throughout the enterprise about risk.
  • With CRISC certification, your enterprise can rely on your input to make effective risk-based decisions and prioritize resources to areas that are most at risk.
  • With the CRISC certification you will understand information systems control design and implementation and control monitoring and maintenance.
  • CRISC certification affirms your ability to plan and implement appropriate control measures and frameworks that further mitigate enterprise risk without stifling innovation.

Your Registration Includes

  • 3 Days of Certified in Risk and Information Systems Control Training (CRISC) from an Authorized ISACA Instructor
  • ISACA issued CRISC Courseware / Review Manual
  • ISACA issued CRISC Review Questions, Answers & Explanations (QAE)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee

Required Exams:

Domain 1 – Information Security Governance (24%)
Domain 2 – Information Risk Management (30%)
Domain 3 – Information Security Program Development and Management (27%)
Domain 4 – Information Security Incident

  • All ISACA certification exams consist of 150 multiple choice questions that cover the respective job practice areas created from the most recent job practice analysis.
  • You have 4 hours to complete the exam.


The CRISC continuing professional education (CPE) policy requires that you attain at least 20 CPE hours per year and 120 CPE hours every three years.

Visit the ISACA website for additional detail.

Certified in Risk and Information Systems Control (CRISC) TrainingDuration: 3 days

  • We can adapt this Certified in Risk and Information Systems Control (CRISC) course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Certified in Risk and Information Systems Control (CRISC) course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Certified in Risk and Information Systems Control (CRISC) Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Certified in Risk and Information Systems Control (CRISC) course in manner understandable to lay audiences.

Certified in Risk and Information Systems Control Training (CRISC) is intended for risk and control professionals. Sample job titles might include:

  • IT Professionals
  • Control Professionals
  • Project Managers
  • Risk Professionals
  • Business Analysts
  • Compliance Professionals

The knowledge and skills that a learner must have before attending this Certified in Risk and Information Systems Control (CRISC) course are:

  • At least three years cumulative work experience performing tasks across at least three of the CRISC domains is recommended.
Certified in Risk and Information Systems Control (CRISC) Training - OBJECTIVES

This official Certified in Risk and Information Systems Control Training (CRISC) seminar has a total of seven primary sections. All seven sections will collectively help you prepare for the CRISC certification exam while also enhancing your overall competencies in IT and enterprise risk management. The seven primary sections of this class are the following:

  • General information regarding the exam
  • The Context of IT Risk Management
  • CRISC Domain 1: IT Risk Identification
  • CRISC Domain 2: IT Risk Assessment
  • CRISC Domain 3: Risk Response and Mitigation
  • CRISC Domain 4: Risk and Control Monitoring and Reporting
  • Exam practice / preparation (sample exam)

Course Objectives –

Participants in the Certified in Risk and Information Systems Control Training (CRISC) program will be provided instruction designed to provide the following:

  • An understanding of the format and structure of the CRISC certification exam
  • A knowledge of the various topics and technical areas covered by the exam
  • Practice with specific strategies, tips and techniques for taking and passing the exam
  • Opportunities to execute practice questions with debriefs of answers
Certified in Risk and Information Systems Control (CRISC) Training - COURSE SYLLABUS
Module 1: Introduction to the ISACA CRISC Exam
  • Class Overview
  • CRISC Domains
  • Test Registration
Module 2: Risk Identification
  • Good Practices for Risk Management
  • Components of Risk Management
  • Methods for Risk Identification
  • Risk Culture and Communication
  • The Businesses IT Risk Structure
  • Risk Principles and Concepts
  • Vulnerabilities and Threats
  • Assets
  • Threats
  • Vulnerabilities
  • Vulnerability Assessment
  • Pen Testing
  • Probability/Likelihood
  • IT Risk
  • IT Risk Scenarios
  • Ownership and Accountability
  • Other Risk Concepts
  • Risk Awareness
Module 3: IT Risk Assessment
  • Risk Assessment vs. Risk Identification
  • Techniques for Risk Assessment
  • Risk Scenarios
  • Analyzing the Current State of Controls
  • Risk and Control Analysis
  • Risk Analysis Techniques
  • Incident Response
  • Business Risk
  • Risk Associated with Enterprise Architecture
  • Management of Data
  • Emerging Technologies and Threats
  • Industry Trends
  • Third Party Management
  • Project and Program Management
  • SDLC
  • Recovery and Business Continuity
  • Risk Assessment Reports
  • Ownership of Risk and Accountability
  • Communication of Report Results
Module 4: Risk Response
  • Risk Response and Business Objectives Alignment
  • Response Options
  • Techniques for Analysis
  • New Controls and Related Vulnerabilities
  • A Risk Action Plan
  • Techniques for BPR
  • Design and Implementation of Controls
  • Control Monitoring
  • Inherent and Residual Risk
  • Control Objectives Practices and Metrics
  • Cryptography as a Control
  • Control Design and Implementation
  • Emerging Technologies and Controls
  • Ownership of Controls
  • Management Procedures and Documentation
  • Response and Action Plan
Module 5: Risk and Control Monitoring and Reporting
  • Key Risk Indicators
  • Risk Management Life Cycle
  • Key Performance and Goal Indicators
  • Data Collection and Extracting Techniques
  • Changes in Risk Profile
  • Monitoring Controls
  • Control Assessment Types
  • Control Assessment Results
  • Risk Profile Changes
Module 6: Test Review
  • Key Risk Indicators
  • Test Review
  • Test Registration
  • Test Preparation
  • Certification Maintenance
Certified in Risk and Information Systems Control (CRISC) Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: