1800 419 8722
Courses

CRISC Course Features/USP/Highlights

32 Hours of Instructor Led Training

Certified and Experienced Instructors

Session recording access

Study materials and exam prep questions

ChatGPT

CRISC Practice Questions

Target audience of CRISC Course 

  • IT professionals
  • Risk professionals
  • Control professionals
  • Project managers
  • Business analysts.

 

Prerequisites of CRISC Certification  

 

CRISC Exam and Certification information 

 

The Certified in Risk and Information Systems Control (CRISC) exam consists of 150 questions covering 4 job practice domains, all testing your knowledge and ability on real-life job practices leveraged by expert professionals.

  • Duration – 4 hours
  • Questions – 150 MCQ type
  • Passing score – 450 or above (The exam scores on a scale between 200 and 800)
  • Exam Location - The PSI testing location is either a testing center or online remoted proctored.

 

 

CRISC Certification Journey 

 

 

Course Outline

Domain 1: GOVERNANCE

A—ORGANIZATIONAL GOVERNANCE 

  • Organizational Strategy, Goals, and Objectives 
  • Organizational Structure, Roles and Responsibilities 
  • Organizational Culture 
  • Policies and Standards 
  • Business Processes 
  • Organizational Assets 

B—RISK GOVERNANCE 

  • Enterprise Risk Management and Risk Management Framework 
  • Three Lines of Defense 
  • Risk Profile 
  • Risk Appetite and Risk Tolerance 
  • Legal, Regulatory and Contractual Requirements 
  • Professional Ethics of Risk Management 
Domain 2: IT RISK ASSESSMENT

A—IT RISK IDENTIFICATION 

  • Risk Events (e.g., contributing conditions, loss result) 
  • Threat Modelling and Threat Landscape 
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) 
  • Risk Scenario Development 

B—IT RISK ANALYSIS AND EVALUATION 

  • Risk Assessment Concepts, Standards and Frameworks 
  • Risk Register 
  • Risk Analysis Methodologies 
  • Business Impact Analysis 
  • Inherent and Residual Risk 
DOMAIN 3 – RISK RESPONSE AND REPORTING

A—RISK RESPONSE 

  • Risk Treatment / Risk Response Options 
  • Risk and Control Ownership 
  • Third-Party Risk Management 
  • Issue, Finding and Exception Management 
  • Management of Emerging Risk 

B—CONTROL DESIGN AND IMPLEMENTATION 

  • Control Types, Standards and Frameworks 
  • Control Design, Selection and Analysis 
  • Control Implementation 
  • Control Testing and Effectiveness Evaluation 

C—RISK MONITORING AND REPORTING 

  • Risk Treatment Plans 
  • Data Collection, Aggregation, Analysis and Validation 
  • Risk and Control Monitoring Techniques 
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) 
  • Key Performance Indicators 
  • Key Risk Indicators (KRIs) 
  • Key Control Indicators (KCIs) 
DOMAIN 4 – INFORMATION TECHNOLOGY AND SECURITY

A—INFORMATION TECHNOLOGY PRINCIPLES 

  • Enterprise Architecture 
  • IT Operations Management (e.g., change management, IT assets, problems, incidents) 
  • Project Management 
  • Disaster Recovery Management (DRM) 
  • Data Lifecycle Management 
  • System Development Life Cycle (SDLC) 
  • Emerging Technologies 

B—INFORMATION SECURITY PRINCIPLES 

  • Information Security Concepts, Frameworks and Standards 
  • Information Security Awareness Training 
  • Business Continuity Management 
  • Data Privacy and Data Protection Principles 

Student feedback

4.8
Course Rating
70%
15%
20%
3%
2%

Write a Review

What is the experience of taking a course like?