298 reviews

ISACA CRISC Certification (Certified in Risk and Information Systems Control) Course

Item: crisc-certification
Rating: 10
Author: Johan Andersson

Excel in Risk Management with CRISC. Gain expertise in identifying, assessing, and mitigating IT risks to enhance organizational resilience and decision-making.

course: ISACA CRISC Certification (Certified in Risk and Information Systems Control)

Duration: 3 days

Format: Virtual or Classroom

Prepares for Exam: Certified in Risk and Information Systems Control CRISC

Prepares for Certification: ISACA: Certified in Risk and Information Systems Control (CRISC)

Attend this and 60+ other Security courses for FREE with Unlimited Security Training

Overview

The ISACA CRISC certification training course teaches you to identify, assess, and manage enterprise IT risks. You will gain expertise in designing and implementing risk mitigation strategies, controls, and frameworks to support business resilience. This instructor-led training prepares you for the CRISC exam and the ISACA Certified in Risk and Information Systems Control certification, a globally recognized credential for risk management professionals.

This course includes

Instructor-led training
Practice test
Pre-reading
Personal Learning Path
Certification Guarantee
Email, chat and phone support

Who is the ISACA CRISC online training course for?

The ISACA CRISC (Certified in Risk and Information Systems Control) certification is intended for professionals who work in the field of information systems risk management and control. It is designed for individuals who want to validate their knowledge and skills in identifying, assessing, and mitigating risks to information systems in organizations. The CRISC certification covers a wide range of topics related to information systems risk management and control, including identification and assessment of information systems risks, development and implementation of risk management strategies, monitoring and reporting of information systems risks, and alignment of information systems risk management with organizational goals and objectives.

Curriculum

What you will learn during our ISACA CRISC training.

Four domains of CRISC.

Risk Identification (27%)
Risk Assessment (28%)
Risk Response and Mitigation (23%)
Risk and Control Monitoring and Reporting (22%)

Risk Identification

Collect and review information, including existing documentation, regarding the organization’s internal and external business and IT environments to identify potential or realized impacts of IT risk to the organization’s business objectives and operations.
Identify potential threats and vulnerabilities to the organization’s people, processes and technology to enable IT risk analysis.
Develop a comprehensive set of IT risk scenarios based on available information to determine the potential impact to business objectives and operations.
Identify key stakeholders for IT risk scenarios to help establish accountability.
Establish an IT risk register to help ensure that identified IT risk scenarios are accounted for and incorporated into the enterprisewide risk profile.
Identify risk appetite and tolerance defined by senior leadership and key stakeholders to ensure alignment with business objectives.
Collaborate in the development of a risk awareness program, and conduct training to ensure that stakeholders understand risk and to promote a riskaware culture.

IT Risk Assessment

Analyze risk scenarios based on organizational criteria (e.g., organizational structure, policies, standards, technology, architecture, controls) to determine the likelihood and impact of an identified risk.
Identify the current state of existing controls and evaluate their effectiveness for IT risk mitigation.
Review the results of risk and control analysis to assess any gaps between current and desired states of the IT risk environment.
Ensure that risk ownership is assigned at the appropriate level to establish clear lines of accountability.
Communicate the results of risk assessments to senior management and appropriate stakeholders to enable riskbased decision making.
Update the risk register with the results of the risk assessment.

Risk Response and Mitigation

Consult with risk owners to select and align recommended risk responses with business objectives and enable informed risk decisions.
Consult with, or assist, risk owners on the development of risk action plans to ensure that plans include key elements (e.g., response, cost, target date).
Consult on the design and implementation or adjustment of mitigating controls to ensure that the risk is managed to an acceptable level.
Ensure that control ownership is assigned to establish clear lines of accountability.
Assist control owners in developing control procedures and documentation to enable efficient and effective control execution.
Update the risk register to reflect changes in risk and management’s risk response.
Validate that risk responses have been executed according to the risk action plans.

Risk and Control Monitoring and Reporting

Define and establish key risk indicators (KRIs) and thresholds based on available data, to enable monitoring of changes in risk.
Monitor and analyze key risk indicators (KRIs) to identify changes or trends in the IT risk profile.
Report on changes or trends related to the IT risk profile to assist management and relevant stakeholders in decision making.
Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of control performance.
Monitor and analyze key performance indicators (KPIs) to identify changes or trends related to the control environment and determine the efficiency and effectiveness of controls.
Review the results of control assessments to determine the effectiveness of the control environment.
Report on the performance of, changes to, or trends in the overall risk profile and control environment to relevant stakeholders to enable decision making.

Preparation

How to best be prepared for our ISACA CRISC online training.

At Readynez, we provide many resources and have experienced experts in the field. That is why we are also very successful with many satisfied customers. You can therefore safely take your course with us. In order to take the CRISC training, however, some prerequisites are required.

You have the perfect starting point to take this course with these prerequisites:

General knowledge of business and technology risk management, and the implementation of information systems controls.
Familiarity with general IT and business terminology.
At least three years of cumulative work experience carrying out the tasks of a CRISC professional across at least three of the ISACA CRISC domains. (No experience waivers or substitutions allowed.)
You may take the exam prior to meeting the requirements, but your CRISC designation is only awarded when all requirements are met.

Meet our instructors

Meet some of the Readynez Instructors you can meet on your course. They are experts, passionate about what they do, and dedicated to give back to their industry, their field, and those who want to learn, explore, and advance in their careers.

Kevin Henry

Kevin Henry delivers high-impact, LIVE instructor-led cybersecurity training for professionals preparing for certifications such as CISSP, CISM, CISA, and CCSP. With decades of global experience and deep industry insight, he equips learners with practical skills, strong exam readiness, and real-world understanding essential for modern security roles.

Meet the Instructor: Kevin Henry  

At Readynez, we’re beyond proud to have Kevin on the instructor team!  

With over 30 years of experience in IT security and audit, Kevin has helped thousands achieve certifications like CISSP, CISA, CISM, CCSP, and more.  

As the official course writer for ISC2 and ISACA, and a trusted advisor to organizations globally, Kevin brings unmatched expertise, actionable guidance, engaging stories and real-world insight to every course.  

Delegates consistently rate him 10/10 - and it’s easy to see why. His passion for teaching, deep knowledge, and genuine care for student success make him one of the most respected instructors in the field.  

Excellence starts with instructors like you. Thank you for empowering learners worldwide - and for your unwavering commitment and trust!  

Ready to join a session with Kevin? https://www.readynez.com/en/training/courses/vendors/isc2/

Read Less

Friedhelm Düsterhöft

As one of Europe’s most respected GRC and cybersecurity experts, Friedhelm Düsterhöft brings over 30 years of experience to his LIVE instructor-led training. He equips professionals with practical skills, strong certification readiness, and a clear understanding of complex regulatory frameworks essential for modern security roles.

Meet the Instructor: Friedhelm Düsterhöft

With over 30 years of experience in IT, information security, and data privacy, Friedhelm Düsterhöft is one of the most respected voices in the GRC (Governance, Risk, and Compliance) space - helping professionals build robust, regulation-ready organizations.

As an authorized trainer for ISC2 and an accredited trainer for ISACA & EXIN, Friedhelm’s dedication to excellence has earned him the titles PECB German Trainer of the Year 2022 and PECB Platinum Trainer 2024.

Founder of msdd.neT GmbH 
ISO 27001 & ISO 31000 Expert 
Accredited Certification Auditor
Contributor to global whitepapers on cybersecurity and compliance 
Instructor for GRC courses including CISSP, CISA and NIS2 Lead Implementer

Friedhelm is known for translating complex regulatory demands into clear, actionable strategies - empowering professionals to build strong compliance cultures from the ground up.

If you're training with Friedhelm, you're learning from one of the most trusted minds in the field.

Find your next IT and security course with Friedhelm Düsterhöft here: https://www.readynez.com/en/training/courses/all/

Read Less

James Rowney

James is recognised for his more than 20 years of contribution to learning and certification within IT Security.

James has worked on many large mission critical environments in some of the largest companies in their industries.

Understanding business requirements and drivers are essential to any strategy and design. Understanding environments are key to any application or infrastructure changes, both the immediate services they interface with and those beyond. A failure to satisfy Non Functional Requirements can not be fixed by a process.

Specialties: CISSP, CCSP, AWS Solution Architect Associate, TOGAF 9 certified 86080 member of The Association of Enterprise Architects (AEA) - 27519830. BCS Solution & Enterprise Architect Certified - AMBCS - 990529878, Linux RHCE V5 expired, RHCVA Unix, Storage, SAN, Netbackup, Clusters, Design and Delivery of Infrastructure.

Read Less

FAQ

FAQs for the ISACA CRISC Certification (Certified in Risk and Information Systems Control).

What is ISACA CRISC Certification?

The ISACA CRISC (Certified in Risk and Information Systems Control) certification is a globally recognized credential designed for professionals who manage and oversee enterprise risk management and information systems control. It validates expertise in identifying and managing IT-related risks, implementing information systems control, and ensuring alignment between business goals and risk management strategies. CRISC certification enhances career prospects for individuals involved in risk management, IT control, and governance.

How do I prepare for the ISACA CRISC certification exam?

Empower your career with Readynez's specialized course for the ISACA CRISC (Certified in Risk and Information Systems Control) exam. Gain the skills needed to navigate the complex landscape of risk management and information systems control. Our expert-led training ensures you're well-prepared to pass the CRISC exam, becoming a certified professional. Join Readynez and unlock opportunities to excel in risk management.

What are the prerequisites for ISACA CRISC certification?

To qualify for CRISC, you must have 3 years of risk management and information system control experience within the past 10 years of the application submission date.

How much does the ISACA CRISC exam cost?

The expenses involved in obtaining ISACA CRISC certification include exam fees (ranging from $575 to $760 for ISACA members and $760 to $965 for non-members), study materials (such as official CRISC review manuals and online practice questions), and possible training courses or workshops for preparation.

What topics are covered in the ISACA CRISC exam?

The ISACA CRISC exam syllabus explores four vital domains in risk management and information systems control. Candidates delve into risk identification, assessing likelihood and impact, developing effective responses and mitigation strategies, and monitoring/reporting on risk and control effectiveness. This comprehensive exam ensures proficiency in navigating the complex landscape of risk, preparing individuals to excel in roles involving risk management and information systems control.

Is ISACA CRISC certification worth it for my career?

Yes, the ISACA CRISC (Certified in Risk and Information Systems Control) certification significantly boosts your career. Globally recognized, it validates your expertise in managing IT-related risks and implementing robust information systems control. CRISC enhances professional credibility, unlocking diverse career opportunities in risk management, IT governance, and information systems control.

How long does it take to become ISACA CRISC certified?

The time it takes to become ISACA CRISC (Certified in Risk and Information Systems Control) certified can vary depending on factors such as your existing knowledge, experience, and the time you can dedicate to preparation. Generally, candidates may spend several weeks to a few months preparing for the exam through self-study, training courses, and practical experience.

Can I take the ISACA CRISC exam online?

ISACA's CRISC certification exams are computer-based and administered at authorized PSI testing centers globally or as remotely proctored exams. CRISC exam registration is continuous, meaning candidates can register at any time, with no restrictions.

How easy or difficult is it to pass the ISACA CRISC exam?

The difficulty of the ISACA CRISC (Certified in Risk and Information Systems Control) exam can vary depending on your level of experience, knowledge, and preparation. The CRISC exam is designed to assess proficiency in risk management and information systems control, and it covers comprehensive domains. For individuals with a strong background in risk management and information systems control, thorough preparation and hands-on experience can make the exam more manageable.

What is the passing score for the ISACA CRISC exam?

Candidates must achieve at least 450 to pass the exam. The CRISC Certification Committee of ISACA has defined a minimal criterion of knowledge of 450 points.

How can I maintain my ISACA CRISC certification?

ISACA requires certified individuals, including those with the Certified in Risk and Information Systems Control (CRISC) certification, to engage in Continuing Professional Education (CPE) activities to maintain their certification. CPE activities help ensure that certified professionals stay current with evolving industry practices.

How much salary can I get after getting ISACA CRISC certified?

The average salary for CRISC-certified professionals can be influenced not only by the workplace location but also by the specific job title. Below is a breakdown of average salaries for various job titles seeking CRISC certification holders:

Chief Information Security Officer: $191,038
Director, Computing/Networking/Information Technology (IT) Security: $176,082
Director, Risk Management/Risk Control: $165,000
Information Security Manager: $132,452
Information Security Officer: $122,456
Information Security Analyst: $97,666
Senior Information Technology (IT) Auditor: $91,759

Reviews

Feedback from our delegates.

Stephen Ridgway

Readynez is the best training provider I've used for many years. Their customer service is first class, prices are very competitive and instruction excellent.