Certified in Risk and Information Systems Control (CRISC)

Our CRISC certification validates your knowledge and expertise in risk management. This course gives you a technical understanding to implement the most useful information security controls and procedures. Through this training, we prepare IT professionals for the challenges of enterprise risk management.

After this CRISC training, you will gain the confidence to implement appropriate IS control.


  134 Ratings

               320 Participants

Group Discount

Upto 20%

ISACA Authorized Training Partner

Guaranteed to run classes

24x7 Learner Assistance

Post Training Support

Certified in Risk and Information Systems Control Course Overview

Certified in Risk and Information Systems Control (CRISC) is an ISACA certification that demonstrates the holders’ ability to evaluate and identify IT risk and support enterprises accomplish their business objectives and long-term goals.

Since its inception in 2010, CRISC has leveled up the skills of 20,000 professionals worldwide and IT risk management competence and their ability to design, monitor, implement and maintain effective information security controls.

This training at Vinsys prepares you for the 4-hour CRISC exam with a focused, practical approach.

Course Curriculum


This Certified in Risk and Information Systems Control (CRISC) training is ideal for:

  • CEOs/CFOs
  • Chief Audit Executives
  • Audit Partners/Heads
  • CIOs/CISOs
  • Chief Compliance/Privacy/Risk Officers
  • Security Managers/Directors/Consultants
  • IT Directors/Managers/Consultants
  • Audit Directors/Managers/Consultants

Course Objective

This Certified in Risk and Information Systems Control (CRISC) training course will help you gain the following skills:

  • Prepare for the Certified in Risk and Information Systems Control exam
  • Gain the skills required to understand enterprise risk
  • Plan, execute, scrutinize and retain information systems controls
  • Risk: identification, evaluation, assessment, response, and monitoring
  • Information Security control design and execution
  • Information Security control maintenance and monitoring

Eligibility Criteria

Candidates applying for the Certified in Risk and Information Systems Control (CRISC) course must have:

  • 3 years of experience in risk management and information security control
  • Basic computer knowledge

Read More..

Get in touch

By providing your contact details, you agree to our Privacy policy

Training Options

Online Training

Online Live Interactive Training

  • Instructor led Online Training
  • Experienced Subject Matter Experts
  • Approved and Quality Ensured training Material
  • 24*7 learner assistance and support

Corporate Training

Customized to your team's need

  • Customized Training Across Various Domains
  • Instructor Led Skill Development Program
  • Ensure Maximum ROI for Corporates
  • 24*7 Learner Assistance and Support

Course Outline

This domain breaks down into two governance subcategories:

Organizational Governance A

  • Organizational strategy, goals, and objectives
  • Organizational structure, roles, and responsibilities
  • Organizational culture
  • Policies and standards
  • Business processes
  • Organizational assets

Risk Governance B

  • Enterprise risk management and risk management framework
  • Three lines of defense
  • Risk profile
  • Risk appetite and risk tolerance
  • Legal, regulatory and contractual requirements
  • Professional ethics of risk management

This domain breaks down into two distinct sections:

IT Risk Identification A

  • Risk events (e.g., contributing conditions, loss result)
  • Threat modeling and threat landscape
  • Vulnerability and control deficiency analysis (e.g., root cause analysis)
  • Risk scenario development

IT Risk Analysis and Evaluation B

  • Risk assessment concepts, standards, and frameworks
  • Risk register
  • Risk analysis methodologies
  • Business impact analysis
  • Inherent and residual risk

This domain is split into three sub-sections.

Risk Response A

  • Risk treatment/risk response options
  • Risk and control ownership
  • Third-party risk management
  • Issue, finding, and exception management
  • Management of emerging risk

Control Design and Implementation B

  • Control types, standards, and frameworks
  • Control design, selection, and analysis
  • Control implementation
  • Control testing and effectiveness evaluation

Risk Monitoring and Reporting C

  • Risk treatment plans
  • Data collection, aggregation, analysis, and validation
  • Risk and control monitoring techniques
  • Risk and control reporting techniques (heatmap, scorecards, and dashboards)
  • Key performance indicators
  • Key risk indicators (KRIs)
  • Key control indicators (KCIs)

This domain is split into two sections.

Information Technology Principles A

  • Enterprise architecture
  • IT operations management (e.g., change management, IT assets, problems, and incidents)
  • Project management
  • Disaster recovery management (DRM)
  • Data lifecycle management
  • System development life cycle (SDLC)
  • Emerging technologies

Information Security Principles B

  • Information security concepts, frameworks, and standards
  • Information security awareness training
  • Business continuity management
  • Data privacy and data protection principle
  • Duration: 4 Hours
  • Number of questions: 150
  • Question format: Multiple Choice
  • Passing marks: 450 out of 800
  • Exam language: English, French, German, Hebrew, Italian, Japanese, Korean, Spanish, Turkish, Chinese

Course Reviews


Vinsys has the right resources including official courseware and training expertise that accounts for successful certification. With a well-structured training program, the CRISC training at Vinsys is a guaranteed pathway for career progress in the field of information security.

CRISC is tangible proof of your expertise as a risk professional and increases your value for organizations that prioritize IT risk management. This certification grants you access to the ISACA global community of knowledge and consequently increases your value among other eligible candidates. As unprecedented situations can cause great damage to organizations, risk management is a very critical aspect and certified professionals are in high demand.

The price for the Certified in Risk and Information Systems Control (CRISC) 2021 exam is USD 575 for ISACA members and USD 760 for non-members. Our training prices for each course differ. For information about CRISC training costs, please get in touch with our learning coordinators.