Narrated ‘Ali bin Abi Talib (RA): The Prophet (RA) stood up for a funeral (to show respect) and thereafter he sat down. (Dawud)

Certified in Risk and Information Systems Control [CRISC] Course


The technical knowledge and practices that CRISC evaluates and promotes are the building blocks of victory in the field. After qualifying for CRISC certification, a professional can be hired as a senior IT auditor, security engineer architect, IT security analyst, or information assurance program manager.

The CRISC is designed for professionals who have three years of experience in professional-level risk control and management. To get the CRISC credential, a professional must: Concur to abide by the CRISC Continuing Education Policy Pass the CRISC exam Stick to the ISACA Code of Professional Ethics.

Training Options

Classroom Training

Online Instructor Led

Onsite Training

Course Information

Domain 1: Governance

Module 1: Organisational Governance

  • Organisational Strategy, Goals and Objectives
  • Organisational Structure, Roles and Responsibilities
  • Organisational Culture
  • Policies and Standards
  • Business Process Review
  • Organisational Assets

Module 2: Risk Governance

  • Enterprise Risk Management and Risk Management Frameworks
  • Three Lines of Defence
  • Risk Profile
  • Risk Appetite, Tolerance and Capacity
  • Legal, Regulatory and Contractual Requirements
  • Professional Ethics of Risk Management

Domain 2: IT Risk Assessment

Module 3: IT Risk Identification

  • Risk Events
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development

Module 4: IT Risk Analysis, Evaluation and Assessment

  • Risk Assessment Concepts, Standards and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current Risk

» Show More 👇

Domain 3: Risk Response and Reporting

Module 5: Risk Response

  • Risk and Control Ownership
  • Risk Treatment/Risk Response Options
  • Third Party Risk Management
  • Issue, Finding and Expectation Management
  • Management of Emerging Risk

Module 6: Control, Design and Implementation

  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation

Module 7: Risk Monitoring and Reporting

  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring Techniques
  • Key Performance Indicators
  • Key Risk Indicators
  • Key Control Indicators

Domain 4: Information Technology and Security

Module 8: Information Technology Principles

  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Enterprise Resiliency
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Trends in Technology

Module 9: Information Security Principles

  • Information Security Concepts, Frameworks and Standards
  • Information Security Awareness Training
  • Data Privacy and Principles of Data Protection

» Show Less 👆

Audience Profile

This training course is ideal for anyone who wants to develop their knowledge and skills of managing IT risk and information security controls within their organization successfully.

100% Business Fulfilment

Request more Information

    Corporate Training Options

    Online Instructor Led

    Live, Online Training by top Instructors and practitioners across the globe.


    Conduct training at the work location you desired.

    Classroom Training

    The Venue will be ideally located and easy to access with covid-19 SOP's.

    Overseas Training

    Travel to any desired location for your training.

    What People say?

    Mohammed Aljbreen Operation Specialist, SAMA

    The Clarity of the Content was very good. The explanation of the trainer with in-depth knowledge in a proper flow really impressed me to give 5 star rating.

    Arindam Chakraborty Systems Specialist, King Abdullah University of Sciences & Technology

    The Instructor was really impressive. Clear cut explanation of every topic he covered with real time scenarios.

    Sher Afzal Khan Cloud Engineer, Cloud 9 Networks

    The Trainer and the Course Material, both are good. Good flow of explanation with simple examples. The complete training was focused on current industry challenges.

    Jawed Ahmad Siddiqui Sr. System Administrator, Saudi Ceramics

    The Trainer’s presentation was impressed me to continue the course till end. Never feel bore till the entire sessions. She studied our mindset and follows.

      Not sure,
      which course to choose?

      Our Clients across the Globe!

      Our Corporate Clients