Certified in Risk and Information Systems Control incl QAE [CRISC]
Starting dates and places
place(Virtual Training Centre) 3 Feb 2025 until 6 Feb 2025 |
computer Online: VIRTUAL TRAINING CENTER 3 Mar 2025 until 6 Mar 2025 |
place(Virtual Training Centre) 14 Apr 2025 until 17 Apr 2025 |
computer Online: VIRTUAL TRAINING CENTER 23 Jun 2025 until 26 Jun 2025 |
place(Virtual Training Centre) 15 Sep 2025 until 18 Sep 2025 |
computer Online: VIRTUAL TRAINING CENTER 22 Sep 2025 until 25 Sep 2025 |
place(Virtual Training Centre) 10 Nov 2025 until 13 Nov 2025 |
computer Online: VIRTUAL TRAINING CENTER 15 Dec 2025 until 18 Dec 2025 |
Description
OVERVIEW
The CRISC - Certified Risk and Information System Control - certificate gives you international recognition (from ISACA) as a security professional. The CRISC extensive set of online practice questions (QAE) are included in the courseprice.
- Continuing Professional Education (CPE) : 31
- Practice questions (QAE = Questions, Answers and Explanations) : 12 month access
OBJECTIVES
The Certified in Risk and Information Systems Control certification is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.
The CRISC …
Frequently asked questions
There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.
OVERVIEW
The CRISC - Certified Risk and Information System Control - certificate gives you international recognition (from ISACA) as a security professional. The CRISC extensive set of online practice questions (QAE) are included in the courseprice.
- Continuing Professional Education (CPE) : 31
- Practice questions (QAE = Questions, Answers and Explanations) : 12 month access
OBJECTIVES
The Certified in Risk and Information Systems Control certification is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.
The CRISC designation will not only certify professionals who have knowledge and experience identifying and evaluating entity-specific risk, but also aid them in helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
- Governance (25%)
- IT Risk Assessment (20%)
- Risk Response and Reporting (32%)
- Information Technology and Security (22%)
AUDIENCE
CRISC is for IT professionals, risk professionals, business analysts, and project manager and/or compliance professionals and anyone who has job responsibilities in the following areas: Risk identification, assessment, evaluation, risk response, monitoring and IS control design/monitoring and implementation/maintenance.
CERTIFICATION
QAE (Questions, Answers and Explanations) is online available via a voucher which is part of the courseware.
The requirements for certification are:
- Pass the official CRISC-exam
- Three (3) or more years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) CRISC domains, of which one must be in Domain 1 or 2, is required for certification. There are no substitutions or experience waivers.
The exam lasts 4 hours and consists of 150 English Multiple Choice questions.
The examenvoucher for the official CRISC exam is not included in the price.
CONTENT
DOMAIN 1—Governance 26%Organizational Governance A
- Organizational Strategy, Goals, and Objectives
- Organizational Structure, Roles, and Responsibilities
- Organizational Culture
- Policies and Standards
- Business Processes
- Organizational Assets
Risk Governance B
- Enterprise Risk Management and Risk Management Framework
- Three Lines of Defense
- Risk Profile
- Risk Appetite and Risk Tolerance
- Legal, Regulatory, and Contractual Requirements
- Professional Ethics of Risk Management
IT Risk Identification A
- Risk Events (e.g., contributing conditions, loss result)
- Threat Modelling and Threat Landscape
- Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
- Risk Scenario Development
IT Risk Analysis and Evaluation B
- Risk Assessment Concepts, Standards, and Frameworks
- Risk Register
- Risk Analysis Methodologies
- Business Impact Analysis
- Inherent and Residual Risk
Risk Response A
- Risk Treatment / Risk Response Options
- Risk and Control Ownership
- Third-Party Risk Management
- Issue, Finding, and Exception Management
- Management of Emerging Risk
Control Design and Implementation B
- Control Types, Standards, and Frameworks
- Control Design, Selection, and Analysis
- Control Implementation
- Control Testing and Effectiveness Evaluation
Risk Monitoring and Reporting C
- Risk Treatment Plans
- Data Collection, Aggregation, Analysis, and Validation
- Risk and Control Monitoring Techniques
- Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
- Key Performance Indicators
- Key Risk Indicators (KRIs)
- Key Control Indicators (KCIs)
Information Technology Principles A
- Enterprise Architecture
- IT Operations Management (e.g., change management, IT assets, problems, incidents)
- Project Management
- Disaster Recovery Management (DRM)
- Data Lifecycle Management
- System Development Life Cycle (SDLC)
- Emerging Technologies
Information Security Principles B
- Information Security Concepts, Frameworks, and Standards
- Information Security Awareness Training
- Business Continuity Management
- Data Privacy and Data Protection Principles
Share your review
Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate £1.- to Stichting Edukans.There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.