Course Outline

Domain 1: Governance

  • Understanding governance and its importance
  • Organizational governance and risk governance
  • Enterprise Risk Management (ERM) and Risk Management Framework (RMF)
  • Policies, standards, and business processes related to IT risk

Domain 2: IT Risk Assessment

  • Identifying IT risk events and scenarios
  • Threat modeling and vulnerability analysis
  • Risk assessment methodologies and business impact analysis
  • Inherent and residual risk management

Domain 3: Risk Response and Reporting

  • Developing risk response strategies
  • Risk and control ownership
  • Third-party risk management
  • Risk reporting and communication

Domain 4: Information Technology and Security

  • IT and security frameworks and standards
  • Designing and implementing information systems controls
  • Control monitoring and maintenance
  • Current trends and emerging technologies in IT risk and control

Exam Preparation

  • Review of CRISC domains and knowledge areas
  • Exam-taking strategies and tips
  • Practice exams and question analysis
  • Final review and Q&A session


  • Recap of the CRISC certification objectives
  • Discussion on the value of CRISC certification for professionals and organizations
  • Next steps for taking the CRISC exam and maintaining certification


  • Quizzes at the end of each domain to reinforce learning
  • Practice exams to simulate the CRISC certification exam
  • Final assessment to evaluate readiness for the CRISC exam


  • An understanding of IT risk management and information systems control
  • Experience with risk analysis, mitigation, and business impact analysis
  • Familiarity with governance, compliance, and audit practices


  • IT professionals
  • Risk professionals
  • Control professionals
  • Business analysts and project managers
  • Information security and compliance professionals
 28 Hours

Number of participants

Price per participant

Testimonials (1)