ISACA Certified in Risk and Information Systems Control (CRISC) (2022 Update) Learning Path

The ISACA CRISC exam is one of the best ways to improve and demonstrate your skills in enterprise IT risk management. This learning path is your guide toward acing the CRISC exam — one of the most respected and highest-paying certifications available.

20 hours, 47 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    20 hours, 47 minutes

  • Assessment


About ISACA Certified in Risk and Information Systems Control (CRISC) (2022 Update)

This certification from ISACA dives deep into managing the risk of information systems. Get ready to traverse the four domains of the CRISC exam — governance, IT risk assessment, risk response and reporting, and information technology and security. Videos and written study materials teach you each concept, then you participate in review questions and activities for each domain. By the end of this learning path, you’ll be ready to ace the CRISC exam with flying colors.


Who this learning path is for


The CRISC certification is a high-paying credential for mid-level professionals looking to take their careers in IT risk management to the next level. It’s ideal for all types of risk management professionals, as it’s the most respected certification focused on governance, risk and compliance. It can especially benefit:

  • Information Risk Analysts and related risk professionals, such as risk managers and cyber risk specialists
  • Security Managers and other technical professionals tasked with reducing and organization’s risk
  • Members of third-party vendor risk management teams
  • Any other professional looking to validate their risk management skills

CRISC applicants must have at least three years of work experience in IT risk management and IS control (acquired within the 10-year window before the exam application date) to qualify.


By the end of this learning path, you will:


  • Be on your way to passing your exam and earning a CRISC certification, considered by many to be the top certification for governance, risk and compliance
  • Be better prepared to validate to employers your comprehensive knowledge in identifying, assessing and mitigating information security risks at the enterprise level
  • Understand governance, covering organizational strategy, structure, policies, standards and processes
  • Understand enterprise risk management and relevant legal and regulatory requirements
  • Master IT risk assessment, including organizational criteria like structure, policies, architecture and technology, and analyzing how likely a risk is and what impact it might have
  • Be able to handle risk response and reporting, including enterprise risk response options and third-party risk management, and designing, implementing, testing and analyzing controls
  • Know about enterprise architecture, IT operations management, disaster recovery management, data privacy, data protection and business continuity management



ISACA CRISC Practice Exam

Assessment - 75 questions

The practice exam includes 75 questions from the four Domains that model the types of questions a risk practitioner will encounter and are weighted as they will be on the ISACA CRISC exam.
CRISC Domain 1: Governance

Course - 05:39:00

CRISC Domain 1 covers both organizational governance and risk governance, and dives into such topics as such as organizational strategy, structure and culture; policies and standards; business processes; organizational assets; enterprise risk management and risk management framework; three lines of defense; risk profile, appetite, and tolerance; legal, regulatory and contractual requirements; and professional ethics of risk management.
CRISC Domain 2: IT risk assessment

Course - 04:04:00

CRISC Domain 2 covers risk identification and risk analysis and dives into such topics such as risk events; threat modeling and landscape; vulnerability and control deficiency analysis; risk scenario development; risk assessment concepts, standards and frameworks; risk register; risk analysis methodologies; business impact analysis; inherent and residual risk.
CRISC Domain 3: Risk response and reporting

Course - 05:07:00

CRISC Domain 3 covers risk treatment and response options and dives into such topics as risk and control ownership; third-party risk management; emerging risk; control design and implementation; control types, standards and frameworks; control design, selection and analysis; control implementation; control testing and effectiveness evaluation; key risk indicators (KRIs) and more.
CRISC Domain 4: Information technology and security

Course - 05:19:00

CRISC Domain 4 covers information technology and security and dives into such topics as enterprise architecture; IT operations management; project management; disaster recovery management (DRM); data life cycle management; system development life cycle (SDLC); emerging technologies and more.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo