- Validate your proficiencies for handling the challenges and responsibilities of a modern risk management expert with a CRISC, which focuses on these domains:
- Corporate IT Governance
- IT Risk Assessment
- Risk Response and Reporting
- Information Technology and Security
Certified in Risk and Information Systems Control (CRISC)
A Certified in Risk and Information Systems Control® (CRISC®) certification will make you a Risk Management expert. Studying a proactive approach based on Agile methodology, you’ll learn how to enhance your company’s business resilience, deliver stakeholder value, and optimize Risk Management across the enterprise.
IT risk management professionals with at least 3 years of relevant professional work experience in IT risk and information systems control.
- Professionals preparing to become CRISC certified
- Risk practitioners
- Students or recent graduates
Organizational Governance
o Organizational Strategy, Goals, and Objectives
o Organizational Structure, Roles, and Responsibilities
o Organizational Culture
o Policies and Standards
o Business Processes
o Organizational Assets
Risk Governance
o Enterprise Risk Management and Risk Management Framework
o Three Lines of Defence
o Risk Profile
o Risk Appetite and Risk Tolerance
o Legal, Regulatory, and Contractual Requirements
o Professional Ethics of Risk Management
o Organizational Strategy, Goals, and Objectives
o Organizational Structure, Roles, and Responsibilities
o Organizational Culture
o Policies and Standards
o Business Processes
o Organizational Assets
Risk Governance
o Enterprise Risk Management and Risk Management Framework
o Three Lines of Defence
o Risk Profile
o Risk Appetite and Risk Tolerance
o Legal, Regulatory, and Contractual Requirements
o Professional Ethics of Risk Management
IT Risk Identification
o Risk Events
o Threat Modelling and Threat Landscape
o Vulnerability and Control Deficiency Analysis
o Risk Scenario Development
IT Risk Analysis and Evaluation
o Risk Assessment Concepts, Standards, and Frameworks
o Risk Register
o Risk Analysis Methodologies
o Business Impact Analysis
o Inherent and Residual Risk
o Risk Events
o Threat Modelling and Threat Landscape
o Vulnerability and Control Deficiency Analysis
o Risk Scenario Development
IT Risk Analysis and Evaluation
o Risk Assessment Concepts, Standards, and Frameworks
o Risk Register
o Risk Analysis Methodologies
o Business Impact Analysis
o Inherent and Residual Risk
Control Design and Implementation
o Control Types, Standards, and Frameworks
o Control Design, Selection, and Analysis
o Control Implementation
o Control Testing and Effectiveness Evaluation
Risk Monitoring and Reporting
o Risk Treatment Plans
o Data Collection, Aggregation, Analysis, and Validation
o Risk and Control Monitoring Techniques
o Risk and Control Reporting Techniques
o Key Performance Indicators
o Key Risk Indicators (KRIs)
o Key Control Indicators (KCIs)
o Control Types, Standards, and Frameworks
o Control Design, Selection, and Analysis
o Control Implementation
o Control Testing and Effectiveness Evaluation
Risk Monitoring and Reporting
o Risk Treatment Plans
o Data Collection, Aggregation, Analysis, and Validation
o Risk and Control Monitoring Techniques
o Risk and Control Reporting Techniques
o Key Performance Indicators
o Key Risk Indicators (KRIs)
o Key Control Indicators (KCIs)
Information Technology Principles
o System Development Life Cycle (SDLC)
o Emerging Technologies
o Enterprise Architecture
o IT Operations Management
o Project Management
o Disaster Recovery Management (DRM)
Information Security Principles
o Data Privacy and Data Protection Principles.
o Information Security Concepts, Frameworks, and Standards
o Information Security Awareness Training
o Business Continuity Management
o System Development Life Cycle (SDLC)
o Emerging Technologies
o Enterprise Architecture
o IT Operations Management
o Project Management
o Disaster Recovery Management (DRM)
Information Security Principles
o Data Privacy and Data Protection Principles.
o Information Security Concepts, Frameworks, and Standards
o Information Security Awareness Training
o Business Continuity Management
Length of exam | 4 hours |
Number of questions | 150 |
Question format | Multiple choice |
Passing grade | 450 out of 800 points |
Exam availability | English, Chinese Simplified, Spanish. |
Testing center | PSI Testing Center |
Description
CPE Information:
- To maintain your CRISC, you must earn and report a minimum of 120 CPE hours every 3-year reporting cycle period.
- Earn and report an annual minimum 20 CPE hours. These hours must be appropriate to the currency or advancement of the CRISC’s knowledge or ability to perform CRISC-related tasks.
- Comply with the annual CPE audit if selected
- Comply with ISACA’s Code of Professional Ethics