
ISACA Authorized Training Partner

Guaranteed to run classes

24x7 Learner Assistance

Post Training Support
Certified in Risk and Information Systems Control Course Overview
Certified in Risk and Information Systems Control (CRISC) is an ISACA certification that demonstrates the holders’ ability to evaluate and identify IT risk and support enterprises accomplish their business objectives and long-term goals.
Since its inception in 2010, CRISC has leveled up the skills of 20,000 professionals worldwide and IT risk management competence and their ability to design, monitor, implement and maintain effective information security controls.
This training at Vinsys prepares you for the 4-hour CRISC exam with a focused, practical approach.
Course Curriculum
Audience
This Certified in Risk and Information Systems Control (CRISC) training is ideal for:
- CEOs/CFOs
- Chief Audit Executives
- Audit Partners/Heads
- CIOs/CISOs
- Chief Compliance/Privacy/Risk Officers
- Security Managers/Directors/Consultants
- IT Directors/Managers/Consultants
- Audit Directors/Managers/Consultants
Course Objective
This Certified in Risk and Information Systems Control (CRISC) training course will help you gain the following skills:
- Prepare for the Certified in Risk and Information Systems Control exam
- Gain the skills required to understand enterprise risk
- Plan, execute, scrutinize and retain information systems controls
- Risk: identification, evaluation, assessment, response, and monitoring
- Information Security control design and execution
- Information Security control maintenance and monitoring
Eligibility Criteria
Candidates applying for the Certified in Risk and Information Systems Control (CRISC) course must have:
- 3 years of experience in risk management and information security control
- Basic computer knowledge
Training Options
Online Training
Online Live Interactive Training
- Instructor led Online Training
- Experienced Subject Matter Experts
- Approved and Quality Ensured training Material
- 24*7 learner assistance and support
Corporate Training
Customized to your team's need
- Customized Training Across Various Domains
- Instructor Led Skill Development Program
- Ensure Maximum ROI for Corporates
- 24*7 Learner Assistance and Support
Course Outline
This domain breaks down into two governance subcategories:
Organizational Governance A
- Organizational strategy, goals, and objectives
- Organizational structure, roles, and responsibilities
- Organizational culture
- Policies and standards
- Business processes
- Organizational assets
Risk Governance B
- Enterprise risk management and risk management framework
- Three lines of defense
- Risk profile
- Risk appetite and risk tolerance
- Legal, regulatory and contractual requirements
- Professional ethics of risk management
This domain breaks down into two distinct sections:
IT Risk Identification A
- Risk events (e.g., contributing conditions, loss result)
- Threat modeling and threat landscape
- Vulnerability and control deficiency analysis (e.g., root cause analysis)
- Risk scenario development
IT Risk Analysis and Evaluation B
- Risk assessment concepts, standards, and frameworks
- Risk register
- Risk analysis methodologies
- Business impact analysis
- Inherent and residual risk
This domain is split into three sub-sections.
Risk Response A
- Risk treatment/risk response options
- Risk and control ownership
- Third-party risk management
- Issue, finding, and exception management
- Management of emerging risk
Control Design and Implementation B
- Control types, standards, and frameworks
- Control design, selection, and analysis
- Control implementation
- Control testing and effectiveness evaluation
Risk Monitoring and Reporting C
- Risk treatment plans
- Data collection, aggregation, analysis, and validation
- Risk and control monitoring techniques
- Risk and control reporting techniques (heatmap, scorecards, and dashboards)
- Key performance indicators
- Key risk indicators (KRIs)
- Key control indicators (KCIs)
This domain is split into two sections.
Information Technology Principles A
- Enterprise architecture
- IT operations management (e.g., change management, IT assets, problems, and incidents)
- Project management
- Disaster recovery management (DRM)
- Data lifecycle management
- System development life cycle (SDLC)
- Emerging technologies
Information Security Principles B
- Information security concepts, frameworks, and standards
- Information security awareness training
- Business continuity management
- Data privacy and data protection principle
- Duration: 4 Hours
- Number of questions: 150
- Question format: Multiple Choice
- Passing marks: 450 out of 800
- Exam language: English, French, German, Hebrew, Italian, Japanese, Korean, Spanish, Turkish, Chinese
Course Reviews


Zhe Scott
Engineer


Anatolii Ulitovskyi
Application Enginner
FAQ's
Vinsys has the right resources including official courseware and training expertise that accounts for successful certification. With a well-structured training program, the CRISC training at Vinsys is a guaranteed pathway for career progress in the field of information security.
CRISC is tangible proof of your expertise as a risk professional and increases your value for organizations that prioritize IT risk management. This certification grants you access to the ISACA global community of knowledge and consequently increases your value among other eligible candidates. As unprecedented situations can cause great damage to organizations, risk management is a very critical aspect and certified professionals are in high demand.
The price for the Certified in Risk and Information Systems Control (CRISC) 2021 exam is USD 575 for ISACA members and USD 760 for non-members. Our training prices for each course differ. For information about CRISC training costs, please get in touch with our learning coordinators.