CRISC® – Certified in Risk and Information Systems Control

The Certified in Risk and Information Systems Control™ certification is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

Course description

The CRISC® training is a great tool for the preparation for the CRISC® exam. CRISC® will support enterprises to realize business objectives by design, implementation, monitoring and maintenance of risk-based, efficient and effective IS controls.
The CRISC® training schedule consist of the following:

Day 1:

  • Domain 1: IT Risk Identification
  • Review Questions Domain 1

Day 2:

  • Domain 2: IT Risk Assessment
  • Review Questions Domain 2
  • Domain 3: Risk Response and Mitigation
  • Review Questions Domain 3

Day 3:

  • Domain 3: Risk Response and Mitigation
  • Review Questions Domain 3
  • Domain 4: Risk and Control Monitoring and Reporting
  • Review Questions Domain 4
  • Test exam

Exam & Certification

The actual exam takes 4 hours and consists of 150 English multiple choice questions

To be CRISC® certified you have to meet the following requirements:

  • Pass the exam
  • Three years of cumulative experience across a minimum of 2 domains, one of which must be in either domain 1 or 2.
  • Agree with & adhere to the Code of Professional Ethics

Intended audience

Experienced Information Security Managers and those with Information Security Responsibilities, IT (Security) Consultants, Auditors, Audit Managers, Information Security Officers, Privacy Officers, Network Administrators; Security Engineers, Incident Managers.