home > training > CRISC: Certified in Risk and Information Systems Control

Certified in Risk and Information Systems Control Training Course



  • 3 Days
  • Replay™ Class Recordings Included

Interface Gold™Gold Benefits: Retake this course for one year. Replay™ class recordings included. Money-back guarantee. Price Match available.

Interested in scheduling a date for this course?
Request A Date
Register today - no risk!  No cancellation fees.  Full money back guarantee!
  • This field is for validation purposes and should be left unchanged.

Course Description

This four-session, exam-prep course brings together the knowledge and practice to give learners the knowledge and concepts necessary to successfully take and pass the CRISC Exam.


Session 1 – Governance

Session topics:

  • 1.1 Risk Assessment Concepts, Standards and Frameworks
  • 1.2 Organizational Strategy, Goals and Objectives
  • 1.3 Organizational Structure, Roles and Responsibilities
  • 1.4 Organizational Culture and Assets
  • 1.5 Policies, Standards and Business Processes
  • 1.6 Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
  • 1.7 Risk Profile, Risk Appetite and Risk Tolerance
  • 1.8 Navigating Professional Ethics of Risk Management and Requirements in Laws, regulations and Controls


Session 2 – IT Risk Assessment

Session topics:

  • 2.1 Risk Events, Threat Modeling and Threat Landscape
  • 2.2 Vulnerability and Control Deficiency Analysis
  • 2.3 Risk Scenario Development
  • 2.4 Risk Register
  • 2.5 Risk Analysis Methodologies
  • 2.6 Business Impact Analysis
  • 2.7 Inherent, Residual and Current Risk


Session 3 – Risk Response and Reporting

Session topics:

  • 3.1 Risk Treatment/Risk Response Options
  • 3.2 Risk and Control Ownership
  • 3.3 Managing Risk from Processes, Third Parties and Emerging Sources
  • 3.4 Control Types, Standards and Frameworks
  • 3.5 Control Design, Selection and Analysis
  • 3.6 Control Implementation, Testing and Effectiveness
  • 3.7 Risk Treatment Plans
  • 3.8 Data Collection, Aggregation, Analysis and Validation
  • 3.9 Risk and Control Monitoring and Reporting Techniques
  • 3.10 Performance, Risk and Control Metrics