ISACA CRISC Training Boot Camp
Learn the principles and practices of IT governance. Build your knowledge around how IT risk relates to your organization and prepare to earn your Certified in Risk and Information Systems Control (CRISC) certification.
Earn your CRISC, guaranteed!
- Three days of expert, live CRISC training
- Exam Pass Guarantee
- Exam voucher
- Unlimited practice exam attempts
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($599 value!)
- 1-year access to all boot camp video replays and materials
- 12-month subscription to the ISACA Official Question, Answer & Explanation (QAE) Database
- Pre-study learning path
- Knowledge Transfer Guarantee
ISACA Accredited Training Organization (ATO)
Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CRISC Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.
Training overview
Infosec’s CRISC Boot Camp is designed for IT professionals who are tasked with identifying, assessing and evaluating organizational risk. You’ll learn about identifying and evaluating entity-specific risk, as well as how to help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective information systems controls.
You’ll leave fully prepared to earn your CRISC, one of the most in-demand certifications a risk professional can achieve.
What you'll learn
This boot camp prepares you to pass the ISACA CRISC exam, which covers four domain areas designed to reflect the work performed by IT risk professionals:
- Domain 1: Governance
- Domain 2: IT risk assessment
- Domain 3: Risk response and reporting
- Domain 4: Information technology security
You will also learn how to:
- Identify risks related to an organization’s internal and external business and IT environments
- Identify potential threats and vulnerabilities to the organization’s people, processes and technology
- Develop and analyze IT risk scenarios to determine potential impact
- Identify the effectiveness of existing controls
- Identify key stakeholders and assign risk ownership
- Communicate results of risk assessments
- Consult with risk owners on the design and implementation of mitigating controls
- Define and establish data-driven key risk indicators
- Monitor changes in risk indicators
- Report risk indicator changes to key stakeholders
- Analyze risk indicators to determine the effectiveness of existing controls
Who should attend
- IT and risk professionals
- Business analysts
- Project managers
- Compliance professionals
- Anyone tasked with identifying, evaluating and mitigating organizational risk
Prerequisites
There are no prerequisites to take the exam. However, in order to apply for certification you must meet the necessary experience requirements as determined by ISACA: a minimum of three years of cumulative work experience performing the tasks of a CRISC professional across two of the four CRISC domains. Of these two required domains, one must be in either domain 1 or 2 (risk identification or assessment).
Everything you need to earn your CRISC
- Three days of expert, live CRISC training
- Exam Pass Guarantee
- Exam voucher
- Unlimited practice exam attempts
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($599 value!)
- 1-year access to all boot camp video replays and materials
- 12-month subscription to the ISACA Official Question, Answer & Explanation (QAE) Database
- Pre-study learning path
- Knowledge Transfer Guarantee

Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.
CRISC training schedule
Infosec’s CRISC training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
- Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth CRISC prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
- During your boot camp
-
Domain 1 – Governance
Organizational Governance A- Organizational strategy, goals and objectives
- Organizational structure, roles and responsibilities
- Organizational culture
- Policies and standards
- Business processes
- Organizational assets
Risk Governance B
- Enterprise risk management and risk management framework
- Three lines of defense
- Risk profile
- Risk appetite and risk tolerance
- Legal, regulatory and contractual requirements
- Professional ethics of risk management
Domain 2 – IT Risk Assessment
IT Risk Identification A- Risk events (e.g., contributing conditions, loss result)
- Threat modeling and threat landscape
- Vulnerability and control deficiency analysis (e.g., root cause analysis)
- Risk scenario development
IT Risk Analysis and Evaluation B
- Risk assessment concepts, standards and frameworks
- Risk register
- Risk analysis methodologies
- Business impact analysis
- Inherent and residual risk
Domain 3 – Risk Response and Reporting
Risk Response A- Risk treatment / risk response options
- Risk and control ownership
- Third-party risk management
- Issue, finding and exception management
- Management of emerging risk
Control Design and Implementation B
- Control types, standards and frameworks
- Control design, selection and analysis
- Control implementation
- Control testing and effectiveness evaluation
Risk Monitoring and Reporting C
- Risk treatment plans
- Data collection, aggregation, analysis and validation
- Risk and control monitoring techniques
- Risk and control reporting techniques (heatmap, scorecards and dashboards)
- Key performance indicators
- Key risk indicators (KRIs)
- Key control indicators (KCIs)
Domain 4 – Information Technology and Security
Information Technology Principles A- Enterprise architecture
- IT operations management (e.g., change management, IT assets, problems and incidents)
- Project management
- Disaster recovery management (DRM)
- Data lifecycle management
- System development life cycle (SDLC)
- Emerging technologies
Information Security Principles B
- Information security concepts, frameworks and standards
- Information security awareness training
- Business continuity management
- Data privacy and data protection principles
-
- After your boot camp
-
Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-
Free CRISC training resources
Sign up
Enroll in a boot camp
Frequently asked questions
- Why is getting certified an important part of a career in IT risk and control?
-
Professionals in the IT risk and control field often seek certification in order to hone their skills and prove their legitimacy among peers. Professional development is a key motivator for CRISC candidates, as they wish to implement effective and risk-based information system controls for their organizations.
-
- What are the pre-requirements for taking the CRISC?
-
Aspiring candidates must have three cumulative years of work experience in the fields of IT risk management and IS control, performing the tasks of a CRISC professional. There are no substitutions or experience waivers for this particular ISACA credential. Click here for more info on CRISC prerequisites.
-
- What qualifies as IT risk and control experience?
-
In order to define the task domains of IT risk and control, ISACA has provided a Job Practice article. Note that work experience must be gained from at least two of the four domains, and that one of these domains must be either domain 1 or domain 2. Click here to view the definitions of the four domains.
-
- How does the CRISC examination process work?
-
The CRISC exam is a 150 question, multiple choice test that must be completed in a timeframe of four hours. It is scored on a scale of 200 to 800, with 450 points being the minimum passing score. Click here for more exam information.
-
- Is the live online CRISC Boot Camp as effective and informative as an in-person training session?
-
Absolutely. Live online students in our training boot camps have access to every resource that in-person participants have, as well as valuable one-on-one instructor feedback. In addition, they get full access to all of the features in Infosec Skills — plus receive an Exam Pass Guarantee.
-
- What material is covered on the CRISC exam?
-
The exam consists of questions pulled from each of the four CRISC Job Practice Area domains. These are as follows: IT Risk Identification (27%), IT Risk Assessment (28%), Risk Response and Mitigation (23%), and Risk and Control Monitoring and Reporting (22%). Click here for a detailed breakdown of each domain.
-
- What does this CRISC training course provide that other offerings do not?
-
Infosec’s CRISC training boot camp is an intensive, three-day course designed to eliminate outside distractions. We provide award-winning training from the top security experts in the industry—so that you can join the 93% of our students who successfully pass their exam upon completion of our course! We also offer an Exam Pass Guarantee, which allows you to focus exclusively on the world of IT risk and control.
-
- How is the CRISC certification different from other comparable security certifications?
-
The CRISC is for IT professionals — specifically individuals that perform risk management and implement internal controls. The closest certification to the CRISC is probably IIA’s CRMA certification, which is more oriented towards internal auditors, specifically those assessing risk management processes.
-
- How long is the CRISC certification valid after you pass the test, and what are the renewal requirements?
-
Like other ISACA certifications, the CRISC is valid for three years after you pass the exam. However, certain terms must be met. There is an annual maintenance fee that must be paid, and CRISC holders must participate in ISACA’s CPE (Continuing Professional Education) program, reporting 20 CPE hours annually. For more renewal information, click here.
-
- Is a CRISC exam voucher included with the purchase of this course?
-
Yes! The CRISC voucher is included for all participants of our CRISC training boot camp.
-
- What are some tips for preparing for the CRISC?
-
Our #1 tip is to enroll in an exam training course, like the one offered here. Infosec students have the highest exam pass rate in the industry — 93%! Other resources to help you study include ISACA’s certified Review Manual and Test Exam, which can be purchased by clicking here. For more training strategies, click here.
-
- What’s the job outlook for CRISC professionals?
-
Your CRISC credential proves that you’re a dedicated professional in the field, and can help you land a high-paying job in IT risk and control. Common job titles include: Project Manager, Business Analyst, Chief Information Officer, Control Professional, IT Risk Management Professional, and many more. Click here for more job titles and related descriptions.
-
- What is the average CRISC salary?
-
CRISC professionals earn an average of $127,507 annually, making the CRISC the highest-paying IT certification available. Click here for more salary data.
-