Course essentials
Boot camp at a glance
-
Method
Live online, in-person, onsite
-
Duration
3 days
-
Experience
3-5 years
-
Average salary
$151,000
-
Meets 8570.1
DoD information assurance requirements
What you'll learn
Training overview

This immersive CRISC Boot Camp prepares you to pass the ISACA CRISC exam, which covers four domain areas that reflect the work performed by IT risk professionals:
- Governance: Focuses on the organizational groundwork needed to set up successful IS controls. It covers company strategy, goals and objectives; structure, roles and responsibilities; culture, policies and standards and more.
- IT risk assessment: Focuses on the contributing conditions of risk events, threat modeling, root cause analysis and more.
- Risk response and reporting: Focuses on risk treatment plans and risk management, giving you a solid foundation for monitoring, control and reporting techniques and knowing key performance, risk and control indicators.
- Information technology and security: Focuses on IT operations, disaster recovery, project management, data lifecycle management, business continuity management and more.
ISACA Accredited Training Organization (ATO)
Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CISM Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.

Award-winning training you can trust
What's included
Everything you need to know

- 90-day extended access to Boot Camp components, including class recordings
- 12-Month subscription to the ISACA Official Question, Answer & Explanation (QAE) database
- 100% Satisfaction Guarantee
- Exam Pass Guarantee
- Exam voucher
- Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
- Knowledge Transfer Guarantee
- Pre-study learning path
- Unlimited practice exam attempts
Before your boot camp
Prerequisites
There are no prerequisites to take the CRISC certification exam. However, aspiring candidates must have:
- Three cumulative years of work experience in IT risk management and information systems control to apply for certification
There are no substitutions or experience waivers for this particular ISACA credential. Learn more about the CRISC prerequisites and conditions set by ISACA.
Syllabus
Training schedule
Preparation (before the boot camp starts)
CRISC prep course
Day 1
Introduction to CRISC exam and preparation methodology
Governance
Organizational Governance A
- Organizational strategy, goals and objectives
- Organizational structure, roles and responsibilities
- Organizational culture
- Policies and standards
- Business processes
- Organizational assets
Risk Governance B
- Enterprise risk management and risk management framework
- Three lines of defense
- Risk profile
- Risk appetite and risk tolerance
- Legal, regulatory and contractual requirements
- Professional ethics of risk management
Optional group & individual study
Schedule may vary from class to class
Day 2
IT Risk Assessment
IT Risk Identification A
- Risk events (e.g., contributing conditions, loss result)
- Threat modeling and threat landscape
- Vulnerability and control deficiency analysis (e.g., root cause analysis)
- Risk scenario development
IT Risk Analysis and Evaluation B
- Risk assessment concepts, standards and frameworks
- Risk register
- Risk analysis methodologies
- Business impact analysis
- Inherent and residual risk
Risk Response and Reporting
Risk Response A
- Risk treatment and risk response options
- Risk and control ownership
- Third-party risk management
- Issue, finding and exception management
- Management of emerging risk
Control Design and Implementation B
- Control types, standards and frameworks
- Control design, selection and analysis
- Control implementation
- Control testing and effectiveness evaluation
Risk Monitoring and Reporting C
- Risk treatment plans
- Data collection, aggregation, analysis and validation
- Risk and control monitoring techniques
- Risk and control reporting techniques (heatmap, scorecards and dashboards)
- Key performance indicators
- Key risk indicators (KRIs)
- Key control indicators (KCIs)
Optional group & individual study
Schedule may vary from class to class
Day 3
Risk Response and Reporting continued
Information Technology and Security
Information Technology Principles A
- Enterprise architecture
- IT operations management (e.g., change management, IT assets, problems and incidents)
- Project management
- Disaster recovery management (DRM)
- Data lifecycle management
- System development life cycle (SDLC)
- Emerging technologies
Information Security Principles B
- Information security concepts, frameworks and standards
- Information security awareness training
- Business continuity management
- Data privacy and data protection principles
Optional group & individual study
Schedule may vary from class to class
Guaranteed results
Our boot camp guarantees

Exam Pass Guarantee
If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Unlock team training discounts
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

FAQ
Frequently asked questions
Why is certification important to an IT risk and control career?
IT risk and control professionals often seek certification to hone their skills and prove their legitimacy among peers. Professional development is a key motivator for CRISC candidates who wish to implement effective and risk-based information system controls for their organizations.
What qualifies as IT risk and control experience?
ISACA states that work experience must be related to at least two of the four domains to qualify for the certification. At least one of these domains must be either domain 1 or domain 2. Read our article to learn more about the CRISC experience requirements.
How is the CRISC certification different from other comparable security certifications?
The CRISC is for IT professionals — specifically individuals that perform risk management and implement internal controls. The closest certification to the CRISC is probably IIA’s CRMA certification, which is more oriented towards internal auditors, specifically those assessing risk management processes.
How does the CRISC examination process work?
The CRISC exam is a 150 question, multiple choice test that must be completed in a timeframe of four hours. It is scored on a scale of 200 to 800, with 450 points being the minimum passing score. Click here for more exam information.
How long is the CRISC certification valid after you pass the test, and what are the renewal requirements?
Like other ISACA certifications, the CRISC is valid for three years after you pass the exam. However, certain terms must be met. An annual maintenance fee must be paid, and CRISC holders must participate in ISACA’s CPE (Continuing Professional Education) program, reporting 20 CPE hours annually and 120 CPE hours across the three-year period. For more renewal information, read our article on CRISC renewal requirements.
You're in good company
The instructor was able to take material that prior to the class had made no sense, and explained it in real world scenarios that were able to be understood.
Erik Heiss, United States Air Force
I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.
Michelle Jemmott, Pentagon
The course was extremely helpful and provided exactly what we needed to know in order to successfully navigate the exam. Without this I am not confident I would have passed.
Robert Caldwell, Salient Federal Solutions
Enroll in a boot camp
Explore our top boot camps
More learning opportunities
-
Most popularBoot camp
CompTIA Security+ Training Boot Camp
Infosec’s CompTIA Security+ Boot Camp teaches you information security theory and reinforces that theory with hands-on exercises to help you learn by doing. You’ll learn how to configure and operate many different technical security controls — and leave prepared to pass your Security+ exam.
Learn More
-
#1 FOR BEGINNERSBoot camp
Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification
Infosec’s authorized CCNA Dual Certification Boot Camp helps you build your knowledge of networking and provides hands-on experience installing, configuring and operating network devices — all while preparing you to earn two Cisco certifications.
Learn More
-
Most requestedBoot camp
(ISC)² CISSP® Certification Training and Boot Camp
Take your career to the next level by earning one of the most in-demand cybersecurity certifications. Infosec’s CISSP training provides a proven method for mastering the broad range of knowledge required to become a Certified Information Systems Security Professional.
Learn More