Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

CRISC Training Boot Camp

Learn the principles and practices of IT governance. Build your knowledge around how IT risk relates to your organization and prepare to earn your Certified in Risk and Information Systems Control (CRISC) certification.

Train from home — save up to $1,000

Get expert, live instruction without having to travel with an Infosec Flex Pro boot camp. We’ve trained 1,000s of students online over the past 5 years, helping our clients meet their career goals wherever they are most comfortable studying.

Now through the end of the month, you can enroll in any online Infosec Flex boot camp and save up to $1,000.

Earn your CRISC, guaranteed!

Boot camp overview

Infosec’s CRISC Boot Camp is designed for IT professionals who are tasked with identifying, assessing and evaluting organizational risk. You’ll learn about identifying and evaluating entity-specific risk, as well as how to help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective information systems controls.

You’ll leave fully prepared to earn your CRISC, one of the most in demand certifications a risk professional can achieve.

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

93% pass rate — the best in the industry

  • Three days of training with an expert instructor
  • Infosec digital courseware (physical textbooks available to purchase)
  • ISACA review manual
  • ISACA CRISC exam voucher
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (Flex Pro)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Limited-time offer: Continue learning after your boot camp with a complimentary 90-day subscription to Infosec Skills, which includes unlimited access to 500+ online courses, 100+ hands-on labs and projects, skill assessments, custom certification practice exams and more.

Course objectives

This boot camp prepares you to pass the ISACA CRISC exam, which covers four domain areas designed to reflect the work performed by IT risk professionals:

  • Domain 1: IT risk identification
  • Domain 2: IT risk assessment
  • Domain 3: Risk response and mitigation
  • Domain 4: Risk and control monitoring and reporting

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Cyber Work with Chris Sienko

Best Cybersecurity Podcast

2019 Wisconsin Innovation Award


Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Who should attend?

  • IT and risk professionals
  • Business analysts
  • Project managers
  • Compliance professionals
  • Anyone tasked with identifying, evaluating and mitigating organizational risk


There are no prerequisites to take the exam. However, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA: a minimum of  three years of cumulative work experience performing the tasks of a CRISC professional across two of the four CRISC domains. Of these two required domains, one must be in either domain 1 or 2 (risk identification or assessment).

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee

Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

What you’ll learn

  • Identify risks related to an organization’s internal and external business and IT environments
  • Identify potential threats and vulnerabilities to the organization’s people, processes and technology
  • Develop and analyze IT risk scenarios to determine potential impact
  • Identify the effectiveness of existing controls
  • Identify key stakeholders and assign risk ownership
  • Communicate results of risk assessments
  • Consult with risk owners on the design and implementation of mitigating controls
  • Define and establish data-driven key risk indicators
  • Monitor changes in risk indicators
  • Report risk indicator changes to key stakeholders
  • Analyze risk indicators to determine the effectiveness of existing controls

Industry-leading exam pass rates

We don’t just have great instructors, our instructors have years of industry experience and are recognized as experts. Over the past 15 years, we’ve helped tens of thousands of students get certified and advance their careers.

Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Can’t get away for a week?

Learn CRISC on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 70+ learning paths
  • 500+ courses
  • Cloud-hosted cyber ranges and hands-on projects
  • Skill assessments and certification practice exams
  • Infosec community peer support

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

CRISC Boot Camp details

Domain 1 – IT risk identification

  • IT risk management best practices
  • Methods to identify risk
  • Risk culture and communication
  • Business IT risk strategy
  • Information security risk concepts and principles
  • Threats and vulnerabilities related to assets
  • IT risk related to organizational assets and business processes
  • IT risk scenarios
  • Ownership and accountability
  • The IT risk register
  • Risk capacity, risk appetite and risk tolerance
  • Risk awareness

Domain 2 – IT risk assessment

  • Risk identification vs. risk assessment
  • Risk assessment techniques
  • Analyzing risk scenarios
  • Current state of controls
  • Risk and control analysis
  • Risk analysis methodologies
  • Documenting incident response
  • Business-related risk
  • Risk associated with enterprise architecture
  • Data management

Domain 3 – Risk response and mitigation

  • Aligning risk response with business objectives
  • Risk response options
  • Analysis techniques
  • Vulnerabilities associated with new controls
  • Developing a risk action plan
  • Business process review tools and techniques
  • Control design and implementation
  • Control monitoring and effectiveness
  • Characteristics of inherent and residual risk
  • Control activities, objectives, practices and metrics
  • System control design and implementation
  • Impact of emerging technologies on design and implementation of controls
  • Control ownership
  • Risk management procedures and documentation
  • Risk responses and the risk action plan

Domain 4 – risk and control monitoring and reporting

  • Key risk indicators
  • Key performance indicators
  • Data collection and extraction tools and techniques
  • Changes to the IT risk profile
  • Monitoring controls
  • Control assessment types
  • Results of control assessment
  • Changes to the IT risk profile

Frequently asked questions

  • Why is getting certified an important part of a career in IT risk and control?
    • Professionals in the IT risk and control field often seek certification in order to hone their skills and prove their legitimacy among peers. Professional development is a key motivator for CRISC candidates, as they wish to implement effective and risk-based information system controls for their organizations.

  • What are the pre-requirements for taking the CRISC?
    • Aspiring candidates must have three cumulative years of work experience in the fields of IT risk management and IS control, performing the tasks of a CRISC professional. There are no substitutions or experience waivers for this particular ISACA credential. Click here for more info on CRISC prerequisites.

  • What qualifies as IT risk and control experience?
    • In order to define the task domains of IT risk and control, ISACA has provided a Job Practice article. Note that work experience must be gained from at least two of the four domains, and that one of these domains must be either domain 1 or domain 2. Click here to view the definitions of the four domains.

  • How does the CRISC examination process work?
    • The CRISC exam is a 150 question, multiple choice test that must be completed in a timeframe of four hours. It is scored on a scale of 200 to 800, with 450 points being the minimum passing score. Click here for more exam information.

  • Is the live online Flex Pro CRISC boot camp as effective and informative as an in-person training session?
    • Absolutely. Live online Flex Pro participants of our training boot camps have access to every resource that Flex Classroom participants have, as well as valuable one-on-one instructor feedback. In addition, they get full access to all of the features in their Infosec Flex Center — plus receive an Exam Pass Guarantee.

  • What material is covered on the CRISC exam?
    • The exam consists of questions pulled from each of the four CRISC Job Practice Area domains. These are as follows: IT Risk Identification (27%), IT Risk Assessment (28%), Risk Response and Mitigation (23%), and Risk and Control Monitoring and Reporting (22%). Click here for a detailed breakdown of each domain.

  • What does this CRISC training course provide that other offerings do not?
    • Infosec’s CRISC training boot camp is an intensive, three-day course designed to eliminate outside distractions. We provide award-winning training from the top security experts in the industry—so that you can join the 93% of our students who successfully pass their exam upon completion of our course! We also offer an Exam Pass Guarantee, which allows you to focus exclusively on the world of IT risk and control.

  • How is the CRISC certification different from other comparable security certifications?
    • The CRISC is for IT professionals — specifically individuals that perform risk management and implement internal controls. The closest certification to the CRISC is probably IIA’s CRMA certification, which is more oriented towards internal auditors, specifically those assessing risk management processes.

  • How long is the CRISC certification valid after you pass the test, and what are the renewal requirements?
    • Like other ISACA certifications, the CRISC is valid for three years after you pass the exam. However, certain terms must be met. There is an annual maintenance fee that must be paid, and CRISC holders must participate in ISACA’s CPE (Continuing Professional Education) program, reporting 20 CPE hours annually. For more renewal information, click here.

  • Is a CRISC exam voucher included with the purchase of this course?
    • Yes! The CRISC voucher is included for all participants of our CRISC training boot camp.

  • What are some tips for preparing for the CRISC?
    • Our #1 tip is to enroll in an exam training course, like the one offered here. Infosec students have the highest exam pass rate in the industry — 93%! Other resources to help you study include ISACA’s certified Review Manual and Test Exam, which can be purchased by clicking here. For more training strategies, click here.

  • What’s the job outlook for CRISC professionals?
    • Your CRISC credential proves that you’re a dedicated professional in the field, and can help you land a high-paying job in IT risk and control. Common job titles include: Project Manager, Business Analyst, Chief Information Officer, Control Professional, IT Risk Management Professional, and many more. Click here for more job titles and related descriptions.

  • What is the average CRISC salary?
    • CRISC professionals earn an average of $127,507 annually, making the CRISC the highest-paying IT certification available. Click here for more salary data.