Boot Camp

ISACA CRISC Training Boot Camp

Learn the principles and practices of IT governance. Build your knowledge around how IT risk relates to your organization and prepare to earn your Certified in Risk and Information Systems Control (CRISC) certification.

4.1 (518 ratings)

Get certified, guaranteed

Everything you need to earn your CRISC

  • 90-day extended access to Boot Camp components, including class recordings
  • 12-Month subscription to the ISACA Official Question, Answer & Explanation (QAE) database
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts

Award-winning training you can trust

Wistia video thumbnail

What you'll learn

Training overview

Infosec’s CRISC Boot Camp is designed for IT professionals who are tasked with identifying, assessing and evaluating organizational risk. You’ll learn about identifying and evaluating entity-specific risk, as well as how to help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective information systems controls.

You’ll leave fully prepared to earn your CRISC, one of the most in-demand certifications a risk professional can achieve.

ISACA Accredited Training Organization (ATO)

Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CISM Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.

Before your boot camp


There are no prerequisites to take the exam. However, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA: a minimum of three years of cumulative work experience performing the tasks of a CRISC professional across two of the four CRISC domains. Of these two required domains, one must be in either domain 1 or 2 (risk identification or assessment).


Training schedule

  • Domain 1 – Governance
    • Organizational Governance A

      • Organizational strategy, goals and objectives
      • Organizational structure, roles and responsibilities
      • Organizational culture
      • Policies and standards
      • Business processes
      • Organizational assets

      Risk Governance B

      • Enterprise risk management and risk management framework
      • Three lines of defense
      • Risk profile
      • Risk appetite and risk tolerance
      • Legal, regulatory and contractual requirements
      • Professional ethics of risk management
  • Domain 2 – IT Risk Assessment
    • IT Risk Identification A

      • Risk events (e.g., contributing conditions, loss result)
      • Threat modeling and threat landscape
      • Vulnerability and control deficiency analysis (e.g., root cause analysis)
      • Risk scenario development

      IT Risk Analysis and Evaluation B

      • Risk assessment concepts, standards and frameworks
      • Risk register
      • Risk analysis methodologies
      • Business impact analysis
      • Inherent and residual risk
  • Domain 3 – Risk Response and Reporting
    • Risk Response A

      • Risk treatment / risk response options
      • Risk and control ownership
      • Third-party risk management
      • Issue, finding and exception management
      • Management of emerging risk

      Control Design and Implementation B

      • Control types, standards and frameworks
      • Control design, selection and analysis
      • Control implementation
      • Control testing and effectiveness evaluation

      Risk Monitoring and Reporting C

      • Risk treatment plans
      • Data collection, aggregation, analysis and validation
      • Risk and control monitoring techniques
      • Risk and control reporting techniques (heatmap, scorecards and dashboards)
      • Key performance indicators
      • Key risk indicators (KRIs)
      • Key control indicators (KCIs)
  • Domain 4 – Information Technology and Security
    • Information Technology Principles A

      • Enterprise architecture
      • IT operations management (e.g., change management, IT assets, problems and incidents)
      • Project management
      • Disaster recovery management (DRM)
      • Data lifecycle management
      • System development life cycle (SDLC)
      • Emerging technologies

      Information Security Principles B

      • Information security concepts, frameworks and standards
      • Information security awareness training
      • Business continuity management
      • Data privacy and data protection principles

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.


Frequently asked questions

  • Why is getting certified an important part of a career in IT risk and control?
    • Professionals in the IT risk and control field often seek certification in order to hone their skills and prove their legitimacy among peers. Professional development is a key motivator for CRISC candidates, as they wish to implement effective and risk-based information system controls for their organizations.

  • What are the pre-requirements for taking the CRISC?
    • Aspiring candidates must have three cumulative years of work experience in the fields of IT risk management and IS control, performing the tasks of a CRISC professional. There are no substitutions or experience waivers for this particular ISACA credential. Click here for more info on CRISC prerequisites.

  • What qualifies as IT risk and control experience?
    • In order to define the task domains of IT risk and control, ISACA has provided a Job Practice article. Note that work experience must be gained from at least two of the four domains, and that one of these domains must be either domain 1 or domain 2. Click here to view the definitions of the four domains.

  • How does the CRISC examination process work?
    • The CRISC exam is a 150 question, multiple choice test that must be completed in a timeframe of four hours. It is scored on a scale of 200 to 800, with 450 points being the minimum passing score. Click here for more exam information.

  • Is the live online CRISC Boot Camp as effective and informative as an in-person training session?
    • Absolutely. Live online students in our training boot camps have access to every resource that in-person participants have, as well as valuable one-on-one instructor feedback. In addition, they get full access to all of the features in Infosec Skills — plus receive an Exam Pass Guarantee.

  • What material is covered on the CRISC exam?
    • The exam consists of questions pulled from each of the four CRISC Job Practice Area domains. These are as follows: IT Risk Identification (27%), IT Risk Assessment (28%), Risk Response and Mitigation (23%), and Risk and Control Monitoring and Reporting (22%). Click here for a detailed breakdown of each domain.

  • What does this CRISC training course provide that other offerings do not?
    • Infosec’s CRISC training boot camp is an intensive, three-day course designed to eliminate outside distractions. We provide award-winning training from the top security experts in the industry—so that you can join the 93% of our students who successfully pass their exam upon completion of our course! We also offer an Exam Pass Guarantee, which allows you to focus exclusively on the world of IT risk and control.

  • How is the CRISC certification different from other comparable security certifications?
    • The CRISC is for IT professionals — specifically individuals that perform risk management and implement internal controls. The closest certification to the CRISC is probably IIA’s CRMA certification, which is more oriented towards internal auditors, specifically those assessing risk management processes.

  • How long is the CRISC certification valid after you pass the test, and what are the renewal requirements?
    • Like other ISACA certifications, the CRISC is valid for three years after you pass the exam. However, certain terms must be met. There is an annual maintenance fee that must be paid, and CRISC holders must participate in ISACA’s CPE (Continuing Professional Education) program, reporting 20 CPE hours annually. For more renewal information, click here.

  • Is a CRISC exam voucher included with the purchase of this course?
    • Yes! The CRISC voucher is included for all participants of our CRISC training boot camp.

  • What are some tips for preparing for the CRISC?
    • Our #1 tip is to enroll in an exam training course, like the one offered here. Infosec students have the highest exam pass rate in the industry — 93%! Other resources to help you study include ISACA’s certified Review Manual and Test Exam, which can be purchased by clicking here. For more training strategies, click here.

  • What’s the job outlook for CRISC professionals?
    • Your CRISC credential proves that you’re a dedicated professional in the field, and can help you land a high-paying job in IT risk and control. Common job titles include: Project Manager, Business Analyst, Chief Information Officer, Control Professional, IT Risk Management Professional, and many more. Click here for more job titles and related descriptions.

  • What is the average CRISC salary?
    • CRISC professionals earn an average of $127,507 annually, making the CRISC the highest-paying IT certification available. Click here for more salary data.

Enroll in a boot camp

  • March 29, 2023 - March 31, 2023

    Online only

    Exam Pass Guarantee
  • May 31, 2023 - June 2, 2023

    Online only

    Exam Pass Guarantee
  • July 5, 2023 - July 7, 2023

    Online only

    Exam Pass Guarantee
  • September 6, 2023 - September 8, 2023

    Online only

    Exam Pass Guarantee
  • December 18, 2023 - December 20, 2023

    Online only

    Exam Pass Guarantee
  • March 26, 2024 - March 28, 2024

    Online only

    Exam Pass Guarantee