The Certified in Risk and Information Systems Control (CRISC) covers all four of the CRISC domains, and each section corresponds directly to the CRISC job practice. CRISC qualification is awarded to IT professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. Learn from anywhere – choose whether you attend our courses Live Online or in person.
CRISC Course Objectives
At the completion of this course you will be able to:
- Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy.
- Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making.
- Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives.
- Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives.
CRISC Four Domains
Domain 1 – Risk Management
- Collect and review environmental risk data
- Identify potential vulnerabilities to people, processes and assets
- Develop IT scenarios based on information and potential impact to the organization
- Identify key stakeholders for risk scenarios
- Establish risk register
- Gain senior leadership and stakeholder approval of the risk plan
- Collaborate to create a risk awareness program and conduct training
Domain 2 – IT Risk Assessment
- Analyze risk scenarios to determine likelihood and impact
- Identify current state of risk controls and their effectiveness
- Determine gaps between the current state of risk controls and the desired state
- Ensure risk ownership is assigned at the appropriate level
- Communicate risk assessment data to senior management and appropriate stakeholders
- Update the risk register with risk assessment data
Domain 3 – Risk Response and Mitigation
- Align risk responses with business objectives
- Develop consult with and assist risk owners with development risk action plans
- Ensure risk mitigation controls are managed to acceptable levels
- Ensure control ownership is appropriately assigned to establish accountability
- Develop and document control procedures for effective control
- Update the risk register
- Validate that risk responses are executed according to risk action plans
Domain 4 – Risk and Control Monitoring and Reporting
- Risk and control monitoring and reporting
- Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
- Determine the effectiveness of control assessments
- Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile
- Course reference manual containing copy of course slides, support documents, quizzes and answers
- Training Course Completion Certificate
Who should attend?
- Internal auditors
- Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
- Project managers or consultants wanting to master the Information Security Management System audit process
- CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
- Members of an information security team
- Expert advisors in information technology
- Technical experts wanting to prepare for an Information security audit function
CRISC Certification Examination
- International Student Training Fee : 500 USD | 1,875 AED | 1,875 SAR (Online Class FEE)
- CRISC Certification Exam Fee ISACA Member Price: $795.00 | Non-Member Price: $895.00
- Click to join ISACA membership to save cost
What are the requirements for the CRISC qualification?
The Certified in Risk and Information Systems Control (CRISC) qualification is awarded to candidates with at least three years of relevant work experience who pass a rigorous written examination.
ISACA defines four CRISC domains on which you will be examined:
- Domain 1 – IT Risk Identification (27% of exam)
- Domain 2 – IT Risk Assessment (28% of exam)
- Domain 3 – Risk Response and Mitigation (23% of exam)
- Domain 4 – Risk and Control Monitoring and Reporting (22% of exam)
Flexible Class Options
- Weekend Class | Corporate Workshops | Fast-Track
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Information Security Courses
Cyber Security is all about trusted relationships, from the time we first meet, we’ll be focused on helping you to improve your compliance and security posture, take advantage of the latest technology innovations, stay ahead of malicious threats, and drive efficiencies in service delivery across your business. OMNI cyber security experts are dedicated to your success, we are happy to provide you a FREE Cyber Security Assessment – contact us +92.213.4986664, +92.312.2169325
Click here to get Expert Advise from our Information Security Service Expert (Cyber Security Services)