Course Overview
Certified in Risk and Information Systems Control (CRISC) is a globally recognized certification offered by ISACA, which validates the knowledge and expertise of IT professionals in the field of risk management and information systems control.
Learning Options
Target audiences
- The primary audience targetted for Certified in Risk and Information Systems Control (CRISC) training are Information Technology (IT) professionals, such as Managers, IT Auditors, Security Administrators, IT Risk Managers, IT Security Analysts, and Business Analysts with at least three to five years of experience in IT risk management and information risk management.
- The training is also useful for anybody involved in the fields of IT Risk Management and Risk Information Systems such as IT Risk Assessors, IT Business Continuity and Disaster Recovery personnel, and Internal Control professionals.
- In addition to IT professionals, the course can also be beneficial for security consultants, Internal IT Auditors, Chief Risk Officers, Information and Data Protect Managers, IT/Security/Privacy Compliance Managers, and Finance/Accounting Managers.
- These individuals who are specifically involved in operational, technical, risk and/or information security processes within their organization can also benefit from this course.
- Overall, CRISC certification is ideal for anybody associated with the management of IT and information risk, as well as those who are looking to pursue a career in the field of IT Audit, Compliance Management and Risk Management.
Schedule Dates
Information-cyber-security
Certified in Risk and Information Systems Control (CRISC)
28/08/2023
Information-cyber-security
Certified in Risk and Information Systems Control (CRISC)
27/11/2023
Information-cyber-security
Certified in Risk and Information Systems Control (CRISC)
26/02/2024
Information-cyber-security
Certified in Risk and Information Systems Control (CRISC)
27/05/2024
Curriculum
-
DOMAIN 1 - Governance 26%
- Organizational Strategy, Goals, and Objectives
- Organizational Structure, Roles, and Responsibilities
- Organizational Culture
- Policies and Standards
- Business Processes
- Organizational Assets
- Enterprise Risk Management and Risk Management Framework
- Three Lines of Defense
- Risk Profile
- Risk Appetite and Risk Tolerance
- Legal, Regulatory, and Contractual Requirements
- Professional Ethics of Risk Management
-
DOMAIN 2 - IT Risk Assessment 20%
- Risk Events (e.g., contributing conditions, loss result)
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
- Risk Scenario Development
- Risk Assessment Concepts, Standards, and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent and Residual Risk
-
DOMAIN 3 - Risk Response and Reporting 32%
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Third-Party Risk Management
- Issue, Finding, and Exception Management
- Management of Emerging Risk
- Control Types, Standards, and Frameworks
- Control Design, Selection, and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis, and Validation
- Risk and Control Monitoring Techniques
- Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
- Key Performance Indicators
- Key Risk Indicators (KRIs)
- Key Control Indicators (KCIs)
-
DOMAIN 4 - Information Technology and Security 22%
- Enterprise Architecture
- IT Operations Management (e.g., change management, IT assets, problems, incidents)
- Project Management
- Disaster Recovery Management (DRM)
- Data Lifecycle Management
- System Development Life Cycle (SDLC)
- Emerging Technologies
- Information Security Concepts, Frameworks, and Standards
- Information Security Awareness Training
- Business Continuity Management
- Data Privacy and Data Protection Principles
The Certified in Risk and Information Systems Control (CRISC) certification is a globally recognized certification offered by ISACA, a professional association focused on information technology governance, assurance, risk management, and cybersecurity. CRISC is designed for IT professionals who are responsible for managing and mitigating IT and cybersecurity risks in organizations.
Experience Requirement: Candidates must have a minimum of three years of cumulative work experience in the field of IT risk management and information systems control. The work experience must be gained within the five-year period preceding the CRISC exam or within ten years after passing the CRISC exam.
Job Practice Requirement: Candidates must have experience in at least two of the four domains of the CRISC job practice areas, which include IT Risk Identification, IT Risk Assessment, Risk Response and Mitigation, and Risk and Control Monitoring and Reporting. Candidates must be able to demonstrate their work experience through relevant job descriptions, duties, and responsibilities.
Adherence to Code of Professional Ethics: Candidates must agree to adhere to the ISACA Code of Professional Ethics, which includes professional standards of conduct and ethical responsibilities for CRISC-certified professionals.
The CRISC exam is a computer-based exam that consists of 150 multiple-choice questions. The questions are randomly selected from a pool of questions, and the exam is designed to assess the candidate's knowledge and understanding of IT risk management concepts, principles, and best practices.
The exam is administered by ISACA and is available at various testing centres worldwide. The exam duration is four hours, and candidates must answer all 150 questions within this time frame. The questions are designed to assess the candidate's ability to apply their knowledge and experience in real-world scenarios related to IT risk management and information systems control.
The candidate must have to gain 70 per cent weightage to pass the exam.
