Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.



via Cybrary


What is the CRISC certification by ISACA?

ISACA’s Certified in Risk and Information Systems Control certification is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance. The CRISC is quickly being implemented into operational and management level positions at organizations of almost any size.

Individuals who have achieved the CRISC certification have proven a strong level of understanding and capability to enact best-practice information systems control. This certification is ideal for anyone involved in risk monitoring and mitigation within their organization, including the following personnel: IT, Cyber Security, Business Analysts, Risk Professionals, PM's, Management / Executives.

The Online CRISC Training Course - Risk and Information Systems Control

Our CRISC course will prepare you for identifying, evaluating, and managing risk through construction, implementation, and maintenance of information technology and security controls. In under nine hours, you can raise your confidence and understanding of IT risk management.

Our CRISC training course covers the four CRISC domains, including:

  • Domain 1 - Risk Identification
  • Domain 2 - IT Risk Assessment
  • Domain 3 - Risk Response and Reporting
  • Domain 4 - Information Technology and Security

About the CRISC Certification

The CRISC certification is an ANSI accredited certification and is, therefore, an internationally recognized standard of performance. Developed by a team of risk management industry-leading professionals, the CRISC certification is designed to ensure that those that achieve it are equipped to benefit their organizations in the following ways:

  • Firmly understand the impact of IT and Enterprise risk management and how risk affects their organization.
  • Can effectively prepare and enact strategic and focused plans and risk and control monitoring to mitigate risk.
  • Make competent risk-based decisions.
  • Set common language and perspective risks that can become the baseline for risk management within their organizations.

CEU / CPE: 9


  • CRISC Course Introduction
    • Welcome and Introduction
    • The CRISC Exam
  • Introduction to Information Security and Risk Management
    • Risk Definitions
    • Principles of Information Security
  • Domain 1: Governance
    • Governance Overview
    • Understanding GRC (Governance, Risk, and Compliance)
    • Liability
    • Information Security Strategy and Roadmap
    • Frameworks: ISO 27000 Series
    • Frameworks: NIST CSF
    • ISACA’s IT Risk Framework
    • Information Security Program
    • Information Security Policies
    • Standards, Procedures, Guidelines, and Baselines
    • Information Security Controls
    • Project Management
    • Risk Culture
    • Ethics
  • Domain 2: Risk Assessment
    • Risk Assessment Overview
    • Risk Identification
    • Threat Modeling and Risk Scenarios
    • Risk Register
    • NIST 800-39
    • NIST 800-30
    • Risk Assessment and Analysis
    • NIST SP 800-37 Rev 1 and SDLC
    • ISO 27005 Risk Management Standard
    • Risk Assessment Tools and Techniques
    • Cost-Benefit Analysis and ROI
  • Domain 3: Risk Response and Reporting
    • Risk Response and Reporting Overview
    • Risk Action Plan
    • Risk Acceptance
    • Risk Mitigation
    • Risk Avoidance, Sharing, and Transfer
    • Information Security Program Stakeholders
    • Control Design
    • Risk Monitoring and Reporting
  • Domain 4: IT and Security
    • IT Security and Data Protection Overview
    • Data Classification
    • States of Data
    • Secure Data Disposal
    • Mitigating External Risks
    • Mitigating Internal Risks
    • Identity and Access Management
    • Identity Management
    • Auditing
    • Vulnerability Assessment - Part 1
    • Vulnerability Assessment - Part 2
    • Penetration Testing - Part 1
    • Penetration Testing - Part 2
    • Monitoring
    • Configuration and Change Management
    • Third-Party Governance
    • Cloud Integration
    • Business Continuity and Disaster Recovery
    • Course Conclusion

Taught by

Kelly Handerhan


Start your review of CRISC

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.