Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

Claim your FREE 7-day trial

Get Certified in Risk and Information Systems Control (CRISC)

The Certified in Risk and Information Systems Control (CRISC) certification path teaches you how to design, implement, monitor and maintain risk-based, efficient and effective IS controls.

15 courses  //   49 videos  //   12 hours of training

ISACA CRISC training

This learning path builds on your existing enterprise security knowledge and prepares you to earn ISACA’s highly-regarded CRISC certification. You’ll learn how to help enterprises understand their business risk and improve your skills around implementing effective information systems controls as you progress through 15 courses aligned with the four CRISC exam objectives. You’ll dive deep into the world of enterprise risk, including frameworks, strategies, assessments, analysis, mitigation and response, as well as the design, implementation and monitoring of information system controls. Upon completion, you’ll be prepared to earn your CRISC certification and validate your knowledge as an enterprise risk management professional.

Learning path components

CRISC Custom Practice Exam
Practice Exam
CRISC Custom Practice Exam

CRISC Custom Practice Exam

Prepare for your CRISC exam and test your domain knowledge.

Number of questions: 150

CRISC Skill Assessment
Assessment
CRISC Skill Assessment

CRISC Skill Assessment

See how your CRISC skills stack up against other professionals in your field.

Number of questions: 20

Risk Identification Overview
Course
Risk Identification Overview

Risk Identification Overview

Understand what you’ll need to prepare for the ISACA CRISC certification exam, and learn what to expect on the exam.

4 videos
60 minutes of training

Risk Identification Frameworks and Methods
Course
Risk Identification Frameworks and Methods

Risk Identification Frameworks and Methods

Review best practices for IT risk management, including the steps that risk managers need to go through.

2 videos
40 minutes of training

Risk Culture and Communication
Course
Risk Culture and Communication

Risk Culture and Communication

Risk culture, appetite and communication of risk are important in understanding how risk relates to the organization’s values, goals and objectives.

1 video
27 minutes of training

IT Risk Strategy
Course
IT Risk Strategy

IT Risk Strategy

Dive deeper into the importance of an IT strategy and how it should align with business goals, objectives and values.

1 video
31 minutes of training

Impact of Compliance
Course
Impact of Compliance

Impact of Compliance

Refresh your awareness about the regulatory and statutory privacy and security requirements and their impact on risk.

1 video
29 minutes of training

IT Security Risk Concepts
Course
IT Security Risk Concepts

IT Security Risk Concepts

Understand the security risks concepts and principles that impact IT risk practitioners’ jobs.

6 videos
105 minutes of training

Risk Assessment Overview
Course
Risk Assessment Overview

Risk Assessment Overview

Get an overview of the IT risk assessment aspects that risk practitioners need to know.

3 videos
41 minutes of training

Risk Assessment Techniques
Course
Risk Assessment Techniques

Risk Assessment Techniques

Learn how to assess the potential impacts of the various IT risks.

3 videos
34 minutes of training

Risk and Control Analysis
Course
Risk and Control Analysis

Risk and Control Analysis

From audits and logs to incident reports, each control gives you a different view of your risks, and should be enhanced by other tools such as vendor reports and penetration testing. Walk through the different controls and tools to get a better understanding of how they can help you manage your organization’s risks. The course also explains quantitative and qualitative methodologies and risk ranking.

3 videos
76 minutes of training

Risk-Based Decision Making
Course
Risk-Based Decision Making

Risk-Based Decision Making

Learn about different business-related and IT management aspects that factor into risk assessment.

6 videos
52 minutes of training

Risk Response and Mitigation Overview
Course
Risk Response and Mitigation Overview

Risk Response and Mitigation Overview

See the learning objectives for CRISC Domain 3, Risk Response and Mitigation.

3 videos
19 minutes of training

Risk Response Options
Course
Risk Response Options

Risk Response Options

Alignment with business objectives is one of the drivers of risk management.

4 videos
44 minutes of training

Control Design and Implementation
Course
Control Design and Implementation

Control Design and Implementation

Understand the major types of risk controls and their interdependencies.

5 videos
65 minutes of training

Risk and Control Monitoring and Reporting Overview
Course
Risk and Control Monitoring and Reporting Overview

Risk and Control Monitoring and Reporting Overview

Gain the knowledge you need for monitoring and reporting risks.

3 videos
22 minutes of training

Key Risk Indicators and Key Performance Indicators
Course
Key Risk Indicators and Key Performance Indicators

Key Risk Indicators and Key Performance Indicators

Learn key risk indicators, key performance indicators, plus monitoring and reporting tools and techniques.

4 videos
49 minutes of training

 

What you’ll learn.

The CRISC certification exam covers four primary domains:

  • IT risk identification
  • IT risk assessment
  • Risk response and mitigation
  • Risk and control monitoring and reporting

Who is this for?

To become a CRISC, you need to both pass the CRISC exam and have three years experience performing the tasks of a CRISC professional across at least two of the four domains (one of which must be either IT risk identification or IT risk assessment).

This certification path is designed for:

  • Risk management professionals
  • Cybersecurity managers
  • Business analysts
  • Project managers
  • Compliance professionals
  • Anyone with a desire to learn risk management and get certified!

You're in good company

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

Plans and pricing

Personal

$299

Annually

Teams

$599 / license

Annually. Includes all content plus team admin and reporting.

Infosec Named a Leader in Security Awareness & Training

Read the Forrester Wave to learn what sets Infosec apart and the latest training program trends.