ISACA Certified in Risk and Information Systems Control (CRISC)

Online price: SAR 1350

Offline Price: SAR 2550

Course Duration: 5

Duration (Hrs) 40 Hours/Hours

Category: IT

Course Mentor: Engineering Science Institute for Training

Buy course from below.


  • The Certified in Risk and Information Systems Control (CRISC) training course provides participants with an in-depth awareness of diverse business risks, as well as the practical knowledge and skills necessary to implement effective IS controls within a company.
  • CRISC is the most updated and holistic test available for evaluating IT professionals and other industry and financial sector employees. The CRISC online course prepares IT professionals for the specific difficulties presented by information systems. CRISC (Certified in Risk and Information Systems Control) is an IT certification for enterprise risk management. The course helps them learn the skills and knowledge necessary to assess and manage enterprise IT risk, as well as build and maintain information systems controls.
  • CRISC certification is an acquired qualification that certifies your risk management knowledge and skills. Certified in Risk and Information Systems Control (CRISC) enables IT Professionals to effectively develop, implement, monitor, control, and maintain a variety of companies. Check out the dates below to enroll in this CRISC course today.

Targeted Audience

  • This course is suitable  for
  • Chief Information Officers
  • Business Analysts
  • Information Security Specialists
  • Project Managers
  • Risk Management Professionals
  • Quality Assurance Professionals
  • Compliance Professionals
  • Control Professionals
  • IT Professionals
  • Aspiring Risk and Information Control Specialists
  • Professionals who are looking to understand Information Control and Risk Management concepts in an organization
  • Professionals who are looking to sit for ISACAs CRISC certification exam


  • CRISC is an acronym for Certified in Risk and Information Systems Control.
  • CRISC is “the most up-to-date and rigorous evaluation available to evaluate the risk management expertise of IT experts and other personnel inside a company or financial institution.”
  • If you’re a professional in the field of information technology, you’re aware of the importance of consistently enhancing your skill set.
  • A multitude of certifications are available to help you improve your qualifications for a promotion or a better job.
  • CRISC certification is an acquired qualification that certifies your risk management knowledge and skills.
  • CRISC-certified individuals assist organizations in comprehending business risk and have the technical knowledge to implement the most effective information security policies and control

The Main Topic of the Course

  • DOMAIN 1 – Governance 26%
  • DOMAIN 2 – IT Risk Assessment 20%
  • DOMAIN 3 – Risk Response and Reporting 32%
  • DOMAIN 4 – Information Technology and Security 22%

Course Requirements

  • Individuals who are interested in risk and information control are eligible to take the CRISC test, as are all other individuals.
  • Adhere to the Code of Professional Ethics: To guide CRISC approved conduct holders and individual members.
  • Program of Continuing Professional Education (CPE): The aims of the ongoing education programme are to maintain and distinguish the competency of individuals.
  • Demonstrate the Minimum Required Work Experience: A minimum of three years of aggregate work experience is required for certification in the execution of CRISC professional duties.

Course Outlines and Training Plan

Module 1 :

  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets
  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management

Module 2 :

  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development
  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk

Module 3 :

  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding, and Exception Management
  • Management of Emerging Risk
  • Control Types, Standards, and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)Key Control Indicators (KCIs)

Module 4 :

  •   Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies
  • Information Security Concepts, Frameworks, and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles