top of page
Untitled design (6).png
CRISC Logo_edited.png

CRISC® by ISACA® teaches expertise in identifying and managing enterprise

IT risk and implementing and maintaining information systems controls.

ISACA-Accreditd-Partner.png

Online CRISC ISACA Training & Certification

Only $1,995 Training + Exam

What is CRISC Certification by ISACA?

Certified in Risk and Information Systems Control or CRISC is a globally recognised certification that validates expertise in designing, implementing and maintaining information security programs to protect against risks.

Professionals who earn the ISACA CRISC certification have proven their ability to identify

and manage risks across the entire enterprise.

#4

Top Paying

Certification

Worldwide

anab-certification-500.webp

$151k

Average Salary 

of a CRISC Certified Person

What You'll Learn from CRISC

Domain 1: Corporate IT Governance (26%)

The governance domain interrogates your knowledge of information about an organization’s business and IT environments, organizational strategy, goals and objectives, and examines potential or realized impacts of IT risk to the organization’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework. 

A: Organisational Governance

  1. Organizational Strategy, Goals, and Objectives

  2. Organizational Structure, Roles and Responsibilities

  3. Organizational Culture

  4. Policies and Standards

  5. Business Processes

  6. Organizational Assets

B: Risk Governance

  1. Enterprise Risk Management and Risk Management Framework

  2. Three Lines of Defense

  3. Risk Profile

  4. Risk Appetite and Risk Tolerance

  5. Legal, Regulatory and Contractual Requirements

  6. Professional Ethics of Risk Management

Domain 2: IT Risk Assessment (20%)

This domain will certify your knowledge of threats and vulnerabilities to the organization’s people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios. 

A: IT Risk Identification

  1. Risk Events (e.g., contributing conditions, loss result)

  2. Threat Modelling and Threat Landscape

  3. Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)

  4. Risk Scenario Development

B: IT Risk Analysis & Evaluation

  1. Risk Assessment Concepts, Standards and Frameworks

  2. Risk Register

  3. Risk Analysis Methodologies

  4. Business Impact Analysis

  5. Inherent and Residual Risk

Domain 3: Risk Response and Reporting (32%)

This domain deals with the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders. 

A: Risk Response

  1. Risk Treatment / Risk Response Options

  2. Risk and Control Ownership

  3. Third-Party Risk Management

  4. Issue, Finding and Exception Management

  5. Management of Emerging Risk

B: Control Design & Implementation

  1. Control Types, Standards and Frameworks

  2. Control Design, Selection and Analysis

  3. Control Implementation

  4. Control Testing and Effectiveness Evaluation

C: Risk Monitoring & Reporting

  1. Risk Treatment Plans

  2. Data Collection, Aggregation, Analysis and Validation

  3. Risk and Control Monitoring Techniques

  4. Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)

  5. Key Performance Indicators

  6. Key Risk Indicators (KRIs)

  7. Key Control Indicators (KCIs)

Domain 4: Information Technology and Security (22%)

In this domain we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training. 

A: Information Technology Principles

  1. Enterprise Architecture

  2. IT Operations Management (e.g., change management, IT assets, problems, incidents)

  3. Project Management

  4. Disaster Recovery Management (DRM)

  5. Data Lifecycle Management

  6. System Development Life Cycle (SDLC)

  7. Emerging Technologies

B: Risk Governance

  1. Enterprise Risk Management and Risk Management Framework

  2. Three Lines of Defense

  3. Risk Profile

  4. Risk Appetite and Risk Tolerance

  5. Legal, Regulatory and Contractual Requirements

  6. Professional Ethics of Risk Management

Who Is This CRISC
ISACA Course for?

Why Should I Take CRISC Training?

CRISC is a globally recognised, world-leading certification for advancing your career in information security.

 

It enhances your skills as a well-rounded security professional and increases your attractiveness to potential employers by showcasing your expertise in identifying, assessing, and responding to risk.

CRISC is an outstanding certification for advancing your career in information security. It enhances your skills as a well-rounded security professional and increases your attractiveness to potential employers by showcasing your expertise in identifying, assessing, and responding to risk.

Through this CRISC Course you will Explore:

Domain 1: Corporate IT Governance (26%)

What are the goals and objectives of the organization and how will risk management align with them?

What structure will be put in place to oversee risk management activities?

Who is responsible for the different aspects of risk management?

 

Better yet, who is the person who makes the decision on how to respond to the risk? Who is accountable?

What is the organization’s risk profile, and how will you monitor for changes to it?

What is the organization’s risk capacity and tolerance levels?

How does risk management fit with the legal, regulatory and contractual requirements of the organization?

Domain 2: IT Risk Assessment (20%)

How do you identify risk?

What are risk scenarios and how can you use one to understand risks and potential impact?

What is the root cause of the risk?

Understanding different risk assessment methodologies

Domain 3: Risk Response and Reporting (32%)

What are the different options for responding to and treating risk, and why would you choose one over the other?

What risks do third parties and emerging technologies present?

What is a risk treatment plan?

How do you select the appropriate controls including design, implementation and testing?

How do you monitor risk, including your chosen risk treatment plan to ensure that it is reducing risk to the desired level?

What are the different types of indicators to monitor your risk management activities?

Domain 4: Information Technology and Security (22%)

Overview of key cybersecurity concepts:

What are core aspects of information technology operations and what risks do they present and/or treat?

What are the different cybersecurity frameworks and standards that can aid your activities?

How does risk management fit into project management and the systems development lifecycle?

Privacy and business continuity management concepts

Prerequisites for CRISC by ISACA

There are no formal prerequisites for attending the CISM course or sitting for the exam. This practice is accepted and encouraged by ISACA. 

However, to be eligible for CRISC certification you must have three or more years of experience in IT risk management and information system control. 

If you don't have this experience then you can still take the CRISC course and exam. If you wish to certify, then you have 5 years in which to do so after passing the exam. 

The CRISC Course is ideal for professionals managing risks associated with information technology in any industry. 

 

CISM is typically chosen by enterprise risk managers, information security auditors, information security analysts, compliance officers, chief information security officers (CISOs) and other IT or cybersecurity professionals.

Frequently Asked Questions 

 

1. What is the cost of the CRISC certification course? 

 

The cost of the CRISC certification course is $1,995.

2. What is the duration of the CRISC training course? 

 

The CRISC training course takes 5 days.

3. What is included in the CRISC training course? 

 

The course includes official courseware, labs, practice exams, and the CRISC certification exam.

4. What are the subjects covered in the CRISC certification? 

 

The CRISC certification covers the following four domains:

  • IT Risk Identification

  • IT Risk Assessment

  • Risk Response and Mitigation

  • Risk and Control Monitoring and Reporting

5. Is the CRISC training course conducted online? 

 

Yes, all CRISC training courses are conducted live online to keep costs to a minimum for customers.

6. Who should take the CRISC certification course? 

 

The course is ideal for IT professionals responsible for managing enterprise risk, including network architects, information security managers, and IT risk managers.

7. What are the prerequisites for attending the CRISC training course? 

 

There are no formal prerequisites for attending the CRISC course and sitting for the exam.

8. How do I become CRISC certified? 

 

To become CRISC certified, you must:

  • Pass the CRISC exam

  • Adhere to ISACA's Code of Professional Ethics

  • Agree to comply with the Continuing Professional Education Policy

  • Accumulate sufficient work experience in IT risk management

  • Submit an application for CRISC certification within 5 years of passing the exam

9. What work experience is required for CRISC certification? 

 

You need a minimum of three years of work experience in at least two of the CRISC domains. This experience must be gained within the ten years preceding the application date or within five years of passing the exam.

10. Are there any substitutions for the work experience requirement? 

 

Yes, certain certifications and experience can substitute for up to two years of the work experience requirement, including certifications like CISA or CISSP and postgraduate degrees in information security or related fields.

11. What are the benefits of obtaining the CRISC certification? 

 

Benefits include recognition of advanced risk management skills, worldwide recognition as a competent IT risk manager, career growth opportunities, and the potential for a salary increase or promotion.

12. How can I prepare for the CRISC exam? 

 

ISACA offers various resources, including group training, self-paced training, study materials, and an online community for exam guidance.

13. What is the format of the CRISC exam? 

 

The CRISC exam consists of 150 multiple-choice questions and has a duration of 4 hours. The exam is available in multiple languages, including English, Spanish, Japanese, Korean, and Chinese (Simplified).

14. How do I register for the CRISC exam? 

 

You can register for the CRISC exam through the ISACA website. 

15. What continuing education is required to maintain the CRISC certification? 

 

CRISC certification holders must comply with the Continuing Professional Education (CPE) policy, which requires earning a specific number of CPE hours annually to maintain their certification.

bottom of page