Course

CRISC

Certified in Risk and Information Systems Control® (CRISC®) («CRISC»)

Identify, assess and manage IT risks in a targeted manner. CRISC® training provides practical know-how for effective risk management and optimally prepares you for certification and professional handling of digital threats.
Duration 4 days
Price 4'900.–
Course documents Official ISACA® course materials
Price information The course price includes an exam voucher worth CHF 500.
Register

Course facts

  • Developing and managing a governance framework for IT risk management
  • Establishing roles, responsibilities, and risk profiles within the organization and IT department
  • Deriving an IT risk strategy, compliance, and ethical management in line with corporate objectives and regulatory requirements
  • Identifying risks by analyzing threats, vulnerabilities, and risk scenarios
  • Evaluating risks using methodologies such as business impact analysis, risk registers, and risk tolerance assessment
  • Prioritizing inherent and residual risks for targeted control
  • Designing and managing risk treatment plans in coordination with stakeholders and control owners
  • Implementing, testing, and evaluating controls according to standards
  • Developing efficient monitoring mechanisms, KPIs/KRIs/KCIs, and reporting tools (heat maps, dashboards)
  • Integrating risk management and security principles into IT infrastructure and architecture
  • Controlling IT operational processes (change, incident, asset, and project management), disaster recovery, and SDLC
  • Building a security culture, awareness programs, and compliance with data protection standards
Domain 1: Governance
  • Risk Assessment Concepts, Standards and Frameworks
  • Organizational Strategy, Goals and Objectives
  • Organizational Structure, Roles and Responsibilities
  • Organizational Culture and Assets
  • Policies, Standards and Business Processes
  • Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
  • Risk Profile, Risk Appetite and Risk Tolerance
  • Navigating Professional Ethics of Risk Management and Requirements in Laws, Regulations and Controls
Domain 2: IT Risk Assessment
  • Risk Events, Threat Modeling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current Risk
Domain 3: Risk Response and Reporting
  • Risk Treatment/Risk Response Options
  • Risk and Control Ownership
  • Managing Risk from Processes, Third Parties and Emerging Sources
  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation, Testing and Effectiveness
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring and Reporting Techniques
  • Performance, Risk and Control Metrics
Domain 4: Information Technology and Security
  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Disaster Recovery Management
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Technologies
  • Information Security Concepts, Frameworks, Standards and Awareness Training
  • Business Continuity Management
  • Data Privacy and Protection Principles

The course consists of interactive training in the form of presentations and group exercises.

Depending on your learning style, exam preparation requires an additional 10-20 hours of study outside of class.

The course is aimed at IT risk management professionals with at least three years of professional experience in identifying, assessing, managing, and monitoring IT risks, as well as in establishing effective control systems.

It is ideal for IT risk managers, information security officers, GRC managers, auditors, IT managers, and project managers who want to systematically align IT risks with corporate objectives. CRISC® certification strengthens your position within the company and builds trust among executives, stakeholders, and regulatory authorities.

There are no formal admission requirements for attending the course.

The requirements for official ISACA® certification are:

1 Passing the CRISC® exam

  • The exam can be taken without professional experience.
  • After passing, certification must be applied for within 5 years.

2 Proof of at least three years of professional experience in IT risk management and in the implementation of information system controls

  • This experience must have been gained within the last ten years prior to application or within five years of passing the exam.

3 Coverage of at least two of the four CRISC® domains

  • Professional experience must include practical knowledge in at least two of the following four areas:
    • Governance
    • IT Risk Assessment
    • Risk Response and Reporting
    • Information Technology and Security

4 Verifiability of professional experience

  • Professional experience must be confirmed by a higher authority (e.g., supervisor or human resources department).

5 Submitting the application for certification to ISACA®

  • Online application via ISACA® account
  • Payment of an application fee of currently USD 50

6 Agreement to the ISACA® Code of Professional Ethics

  • Commitment to adhere to ethical standards in professional practice

7 Compliance with Continuing Professional Education (CPE) requirements

  • After certification: annual continuing education and proof of maintenance of the title (at least 20 CPEs per year, 120 within 3 years)

Exam format:

  • 150 multiple-choice questions
  • Duration: 4 hours (240 minutes)
  • Location: online with remote proctoring or at an authorized test center
  • Language: available in several languages (you specify the language when registering for the exam)
  • Aids: none

© ISACA. All rights reserved.

CRISC® is a registered trademark of ISACA®.

Download

Download course details as PDF

Questions

Choose your date