Course Overview

Training Options

Corporate Training

Customized to your team's needs

  • Blended learning delivery model (self-paced eLearning and/or instructor-led options)
  • Flexible pricing options
  • Enterprise grade Learning Management System (LMS)
  • Enterprise dashboards for individuals and teams
  • 24x7 learner assistance and support

Course Curriculum

Course Content

  • Certified in Risk and Information Systems Control(CRISC®)

    Preview
    • Domain 00 - Introduction to CRISC®

      05:44Preview
      • 0.1 Introduction to CRISC®
        00:14
      • 0.2 Objectives
        00:26
      • 0.3 CRISC®
        00:35
      • 0.4 About ISACA
        01:20
      • 0.5 About ISACA® (contd.)
        00:42
      • 0.6 CRISC® Domains
      • 0.7 Value of CRISC®
      • 0.8 Requirements for CRISC® certification
        00:49
      • 0.9 CRISC® Exam
        00:50
      • Knowledge Check
      • 0.11 Summary
        00:40
      • 0.12 conclusion
        00:08
    • Domain 01 - Risk Indentification

      26:50Preview
      • 1.1 Risk Indentification
        00:14
      • 1.2 Objectives
        00:42
      • 1.3 Task Statements
      • 1.5 Knowledge Statements
      • 1.6 IT Risk Concepts
      • 1.7 Information Security Risk Concepts
        01:01
      • 1.8 Information Security Risk Concepts (contd)
        00:20
      • 1.9 Information Security Risk Concepts: Confidentiality
      • 1.10 Information Security Risk Concepts: Integrity
      • 1.11 Information Security Risk Concepts: Availability
      • 1.12 Information Security Risk Concepts: Segregation of Duties
      • 1.13 Information Security Risk Concepts: Authentication
        01:02
      • 1.14 Information Security Risk Concepts: IAAA
      • 1.16 Information Security Risk Concepts: Identity Management
        01:06
      • 1.17 Information Security Risk Concepts: Identity Management
      • 1.19 Risk Management Standards and Frameworks
        01:03
      • 1.20 COBIT 5 for Risk
        00:52
      • 1.21 ISO/IEC 27001 Series
        00:58
      • 1.22 ISO/IEC: 27005
      • 1.23 Risk Identification Frameworks
        00:48
      • 1.24 Threats and Vulnerabilities Related to Assets
      • 1.25 Risk Factors
        00:50
      • 1.26 Risk Factors (contd.)
        00:42
      • 1.27 Elements of Risk
        00:48
      • 1.28 Assets
        00:40
      • 1.29 Assets (contd.)
        00:47
      • 1.30 Threats
        00:35
      • 1.31 Threats (contd.)
        00:31
      • 1.32 Vulnerabilities
      • 1.33 Vulnerabilities (contd.)
      • 1.34 Vulnerabilities Assessment
        00:57
      • 1.35 Penetration Testing
        00:31
      • 1.36 Penetration Testing (contd.)
      • 1.38 Developing Risk Scenarios
      • 1.39 Benefits of Using Risk Scenarios
        00:51
      • 1.40 Risk Scenario Development Tools and Techniques
        01:05
      • 1.41 Risk Scenario Development Tools and Techniques (contd.)
        00:44
      • 1.42 Risk Scenario Development Tools and Techniques (contd.)
      • 1.44 Risk Communication, Awareness, and Culture
        00:34
      • 1.45 The Risk Awareness Program
        01:01
      • 1.46 The Risk Awareness Program (contd.)
      • 1.47 Risk Management Strategy
        01:02
      • 1.48 Organizational Structures and Impact on Risk
        01:09
      • 1.49 Organization Structures and Impact on Risk: RACI Model
      • 1.50 Organizational Culture, Ethics and Behavior, and the Impact on Risk
        00:39
      • 1.51 Organizational Culture, Ethics and Behavior, and the Impact on Risk (contd.)
        00:31
      • 1.53 Compliance With Laws, Regulations, Standards, and Compliance Requirements
      • 1.54 Establishing an Enterprise Risk Management Approach
        00:50
      • 1.55 Risk Register
        00:26
      • 1.56 Risk Register (contd.)
      • 1.58 Principles of Risk and Control Ownership
      • 1.59 Principles of Risk and Control Ownership (contd.)
      • 1.60 Risk Appetite and Tolerance
        00:49
      • 1.61 Risk Acceptance
        00:33
      • 1.62 Risk Acceptance (contd.)
        00:32
      • Knowledge Check
      • 1.64 Summary
        00:53
      • 1.65 Summary (contd.)
        00:39
      • 1.66 Conclusion
        00:05
    • Domain 02 - Risk Assessment

      42:11Preview
      • 2.1 Risk Assessment
        00:24
      • 2.2 Objectives
        00:28
      • 2.3 Task Statements
        00:51
      • 2.4 Knowledge Statements
      • 2.6 Risk Assessment Techniques
      • 2.7 Risk Assessment Techniques (contd.)
      • 2.8 Risk Assessment Techniques (contd.)
      • 2.9 Risk Scenarios Analysis
      • 2.10 Risk Scenarios Analysis: Organizational Structure and Culture
        00:49
      • 2.11 Risk Scenarios Analysis: Policies
        00:33
      • 2.12 Risk Scenarios Analysis: Policies (contd.)
      • 2.13 Risk Scenarios Analysis: Standards and Procedures
        01:03
      • 2.15 Risk Scenarios Analysis: Technology
        00:41
      • 2.16 Risk Scenarios Analysis: Architecture
        00:46
      • 2.17 Risk Scenarios Analysis Controls
      • 2.18 Risk Scenarios Analysis Controls (contd.)
      • 2.19 Risk Analysis Methodologies
        00:17
      • 2.20 Risk Analysis Methodologies: Quantitative Risk Assessment
      • 2.21 Risk Analysis Methodologies: Qualitative Risk Assessment
      • 2.23 Risk Analysis Methodologies: Semi-quantitative Risk Assessment
        00:43
      • 2.24 Risk Analysis Methodologies: Semi-quantitative Risk Assessment(contd)
        00:34
      • 2.25 Risk Ranking
        00:41
      • 2.26 OCTAVE®
        00:45
      • 2.28 Control Assessment: Current State of Controls
        00:34
      • 2.29 Control Assessment: Current State of Controls (contd.)
      • 2.30 Control Assessment: Current State of Controls (contd.)
        00:40
      • 2.31 Control Assessment: Logs
        00:27
      • 2.32 Control Assessment: Logs (contd.)
        00:39
      • 2.33 Current State of Controls: Vulnerability Assessments and Penetration Testing
        00:52
      • 2.72 Enterprise Architecture: Network Components (contd.)
        00:33
      • 2.34 Control Assessment: Vulnerability Assessments and Penetration Testing
        01:02
      • 2.36 Risk Evaluation and Impact Assessment: Risk and Control Analysis
      • 2.37 Risk and Control Analysis: Data Analysis
        00:37
      • 2.38 Risk and Control Analysis: Data Analysis
      • 2.39 Risk and Control Analysis: Threat and Misuse Case Modelling
        01:22
      • 2.40 Risk and Control Analysis: Root Cause Analysis
        00:52
      • 2.41 Risk and Control Analysis: Gap Analysis
        00:41
      • 2.42 Risk and Control Analysis: Gap Analysis (contd.)
        00:36
      • 2.43 Third-Party Management
        00:48
      • 2.44 Third-Party Management: Outsourcing
        01:00
      • 2.45 Cloud
        00:41
      • 2.47 Third-Party Management: Contractual Requirements
        01:08
      • 2.48 IT Operations Management
        00:22
      • 2.49 IT Operations Management (contd)
        00:33
      • 2.50 System Development Lifecycle
      • 2.51 System Development Lifecycle (contd.)
        00:50
      • 2.52 System Development Lifecycle (contd.)
        00:46
      • 2.53 Emerging Technologies
      • 2.54 Emerging Technologies (contd.)
      • 2.56 Enterprise Architecture
        00:46
      • 2.57 Enterprise Architecture: Hardware
        00:26
      • 2.58 Enterprise Architecture: Hardware (contd.)
        00:41
      • 2.59 Enterprise Architecture: Hardware (contd.)
        00:45
      • 2.60 Enterprise Architecture: Software
        00:44
      • 2.61 Enterprise Architecture: Software (contd)
        00:27
      • 2.63 Enterprise Architecture: Applications
        00:48
      • 2.64 Enterprise Architecture: Applications (contd.)
        00:39
      • 2.65 Enterprise Architecture: Utilities
      • 2.66 Enterprise Architecture: Software Utilities
        00:49
      • 2.67 Knowledge Check
      • 2.68 Enterprise Architecture: Platforms
      • 2.69 Enterprise Architecture: Network Components
        00:38
      • 2.70 Enterprise Architecture: Network Components (contd.)
        00:27
      • 2.71 Enterprise Architecture: Network Components
        00:36
      • 2.73 Enterprise Architecture: Network Components - Cabling
      • 2.74 Enterprise Architecture: Network Components - Cabling
        00:48
      • 2.76 Enterprise Architecture: Network Components-Repeaters
      • 2.77 Enterprise Architecture: Network Components - Switches
        01:01
      • 2.78 Enterprise Architecture Network: Components - Switches (contd.)
        00:25
      • 2.79 Enterprise Architecture: Network Components - Routers
        00:25
      • 2.80 Enterprise Architecture: Network Components - Routers (contd.)
        00:48
      • 2.81 Enterprise Architecture: Network Components - Routers (contd.)
        00:49
      • 2.82 Enterprise Architecture: Network Components-Firewalls
        00:50
      • 2.84 Enterprise Architecture: Network Components-Firewalls
      • 2.85 Enterprise Architecture: Network Components-Proxy
        00:31
      • 2.86 Enterprise Architecture: Network Components-Domain Name System
        00:56
      • 2.87 Enterprise Architecture: Network Components-Wireless Access Points
      • 2.88 Enterprise Architecture: Network Components-Other Network Devices
        00:40
      • 2.89 Enterprise Architecture: Network Architecture
        00:41
      • 2.90 Enterprise Architecture: Network Architecture
      • 2.91 Enterprise Architecture: Network Architecture (contd.)
        01:43
      • Knowledge Check
      • 2.94 Summary
        00:33
      • 2.95 Summary (contd.)
        00:31
      • 2.96 Conclusion
        00:06
    • Domain 03 - Risk Response

      47:52Preview
      • 3.1 Risk Response
        00:28
      • 3.2 Objectives
        00:50
      • 3.3 Task Statements
        01:31
      • 3.4 Knowledge Statements
        00:50
      • 3.6 Overview
      • 3.7 Risk Response Options
        00:32
      • 3.8 Response Risk Options: Risk Acceptance
      • 3.9 Risk Response Options: Risk Acceptance (contd.)
        00:38
      • 3.10 Risk Response Options: Risk Mitigation
        00:52
      • 3.11 Risk Response Options: Risk Avoidance
        00:37
      • 3.12 Risk Response Options: Risk Avoidance (contd.)
        00:39
      • 3.13 Risk Response Options: Risk Sharing
        00:42
      • 3.15 Response Analysis
        00:48
      • 3.16 Response Analysis (contd.)
        00:33
      • 3.17 Response Response Options: Risk Acceptance
      • 3.18 Response Analysis: Return on Investment
        00:50
      • 3.19 Response Analysis: Return on Investment (contd.)
        00:42
      • 3.20 Risk Response: Plans Developing a Risk Response Plan
        00:47
      • 3.21 Risk Response: Plans Developing a Risk Response Plan (contd.)
        00:31
      • 3.22 Risk Response: Plans Developing a Risk Response Plan (contd.)
      • 3.24 Risk Response: Plans Developing a Risk Response Plan (contd.)
        00:50
      • 3.25 Risk Response: Plans Developing a Risk Response Plan (contd.)
      • 3.26 Control Objectives and Practices
        00:48
      • 3.27 Control Objectives and Practices: Business Processes
        01:07
      • 3.28 Control Objectives and Practices: Information Security
        01:02
      • 3.29 Control Objectives and Practices:Information Security (contd.)
      • 3.31 Control Objectives and Practices: Third-party Management
        01:03
      • 3.32 Control Objectives and Practices: Third-party Management (contd.)
        00:44
      • 3.33 Control Objectives and Practices: Data Management
        01:00
      • 3.34 Control Objectives and Practices: Data Management (contd.)
        00:42
      • 3.35 Control Objectives and Practices: Data Management-Cryptography
        00:33
      • 3.37 Control Objectives and Practices: Information Systems Architecture
        00:34
      • 3.38 Control Objectives and Practices: Information Systems Architecture (contd.)
        01:19
      • 3.40 Control Objectives and Practices: Information Systems Architecture (contd.)
        00:44
      • 3.41 Control Objectives and Practices: Information Systems Architecture (contd.)
        01:15
      • 3.42 Control Objectives and Practices: Information Systems Architecture (contd.)
        00:38
      • 3.43 Control Objectives and Practices: Information Systems Architecture (contd.)
        00:30
      • 3.44 Control Objectives and Practices: Information Systems Architecture (contd.)
        00:35
      • 3.45 Control Objectives and Practices: Information Systems Architecture (contd.)
        00:56
      • 3.46 Control Objectives and Practices: Information Systems Architecture (contd.)
        01:08
      • 3.47 Control Objectives and Practices: Information Systems Architecture (contd.)
        01:41
      • 3.49 Control Ownership
        00:37
      • 3.50 Systems Control Design Implementation
        00:35
      • 3.51 SystemsControl Design Implementation: Unit Testing
      • 3.52 Systems Control Design Implementation: System Testing
        01:19
      • 3.53 Systems Control Design Implementation: System Testing (contd.)
        00:40
      • 3.54 Systems Control Design Implementation: System Testing (contd.)
        00:44
      • 3.56 Systems Control Design Implementation: Quality Assurance
        00:49
      • 3.57 Systems Control Design Implementation: Quality Assurance (contd.)
        00:29
      • 3.58 Systems Control Design Implementation: Others
      • 3.59 Systems Control Design Implementation: Go-live Techniques
      • 3.60 Systems Control Design Implementation: Post-implementation Review
        00:59
      • 3.61 Systems Control Design Implementation: Project Closeout
      • 3.63 Controls and Countermeasures
      • 3.64 Controls and Countermeasures: Control Matrix
        00:34
      • 3.65 Controls and Countermeasures: Control Standards and Frameworks
        00:56
      • 3.66 Controls and Countermeasures: Categories of Controls Interactivity
        00:57
      • 3.68 Business Continuity and Disaster Recovery Management
        01:22
      • 3.69 Business Continuity and Disaster Recovery Management (contd.)
        01:02
      • 3.70 Business Continuity and Disaster Recovery Management (contd.)
        01:05
      • 3.71 Business Continuity and Disaster Recovery Management (contd.)
        00:42
      • 3.73 Exception Management
        00:48
      • 3.74 Risk Ownership and Accountability
        00:51
      • 3.75 Inherent and Residual Risk
        00:37
      • 3.76 Inherent and Residual Risk (contd.)
        00:50
      • 3.77 Inherent and Residual Risk (contd.)
        00:35
      • Knowledge Check
      • 3.79 Summary
        00:41
      • 3.80 Summary (contd.)
        01:35
      • 3.81 Conclusion
        00:06
    • Domain 04 - Risk and Control Monitoring and Reporting

      09:53Preview
      • 4.1 Risk and Control Monitoring and Reporting
        00:23
      • 4.2 Objectives
        00:17
      • 4.3 Task Statements
        00:52
      • 4.4 Knowledge Statements
      • 4.6 Key Risk Indicators (KRIs)
      • 4.7 KRIs Selection
        00:47
      • 4.8 Benefits of KRIs
        00:24
      • 4.9 KRIs Effectiveness
      • 4.10 KRIs Optimization
      • 4.11 Knowledge Check
      • 4.12 KRIs Maintenance
        00:32
      • 4.13 Data Collection
      • 4.14 Data Collection (contd.)
      • 4.16 Monitoring Controls
        00:46
      • 4.17 Monitoring Controls (contd.)
        00:53
      • 4.18 Monitoring controls (contd.)
      • 4.19 Control Assessment
      • 4.21 Vulnerability Assessments
        01:06
      • 4.22 Penetration Testing
        01:04
      • 4.23 Third-party Assurance
        00:27
      • 4.24 Results of Control Assessments
        00:31
      • 4.25 Maturity Model Assessment and Improvement Techniques
        00:43
      • 4.26 Capability Maturity Model
      • 4.28 IT Risk Profile
      • Knowledge Check
      • 4.30 Summary
        00:57
      • 4.31 Conclusion
        00:06
      • 4.32 Thank you
        00:05

Exam & Certification

  • How do you become a CRISC certified professional?

    To become a CRISC certified professional you need to meet the following requirements:
    • Successful completion of the CRISC examination
    • IT risk management and information systems control experience
    • Adherence to the Code of Professional Ethics
    • Adherence to the Continuing Professional Education (CPE) Policy

  • What are the prerequisites for CRISC certification?

    To become a CRISC certified professional, you need to fulfill the following criteria:
    • A completed application must be submitted within 5 years from the date of initially passing the examination.
    • This experience must have been gained within the 10-year period preceding the application date for certification or within five years of passing the examination.
    • Three (3) or more years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) CRISC domains, of which One must be in Domain 1 or 2, is required for certification. There are no substitutions or experience waivers.

  • What do I need to do to unlock my certificate?

    OSL:
    1. Complete 85% of the course.
    2. Complete 1 simulation test with a minimum score of 60%.

Why Join this Program

  • Develop skills for real career growthCutting-edge curriculum designed in guidance with industry and academia to develop job-ready skills
  • Learn from experts active in their field, not out-of-touch trainersLeading practitioners who bring current best practices and case studies to sessions that fit into your work schedule.
  • Learn by working on real-world problemsCapstone projects involving real world data sets with virtual labs for hands-on learning
  • Structured guidance ensuring learning never stops24x7 Learning support from mentors and a community of like-minded peers to resolve any conceptual doubts

FAQs

  • What all will I get as part of the training?

    You get access to our e-learning content along with the practice simulation tests that help you tackle the toughest of the exam questions. You will also get an online participant handbook with cross references to the e-learning for reinforcement of your learning.

  • Is exam fee included in the course fee?

    No. The exam fee is not included in the course fee as it is directly paid to ISACA for the membership, application and examination.

  • How many questions are there in the CRISC certification exam?

    ISACA uses and reports scores on a common scale from 200 to 800. For example, the scaled score of 800 represents a perfect score with all questions answered correctly; a scaled score of 200 is the lowest score possible and signifies that only a small number of questions were answered correctly. You need to achieve a score of 450 or higher to pass the CRISC® Exam.

  • What certification will I receive after completing the training?

    After successful completion of the training, you will be awarded the course completion certificate along with the 20 CPE hour certificate from Simplilearn.

  • What is the date of the next CRISC exam?

    CRISC exam is conducted thrice in a year in the months of July, September and December. To find the exam locations & dates go to (www.isaca.org/certification/pages/exam-locations.aspx)

  • Can I defer my exam?

    If you are unable to take the exam, you can request a deferral of your registration fees to the next exam date. To learn more about deferring your exam, including deferral deadlines and costs, please visit http://www.isaca.org/certification/pages/exam-deferral.aspx.

  • Do you provide assistance for the exam application process?

    Yes, we do provide assistance for the exam application process. You can state your queries on community.simplilearn.com and get them answered along with any other query or concern that you might have about the course.

  • How does Simplilearn assure me that the training and course material delivered are effective?

    Our CRISC course is developed to deliver a first attempt pass rate of 100%. With a hands-on learning approach, the training not only gives you the confidence to clear the exam but also helps you retain the knowledge beyond the examination.

  • Can I cancel my enrollment? Will I get a refund?

    Yes, you can cancel your enrollment. We provide you a refund after deducting the administration fee. To know more, please go through our Refund Policy.

  • I’d like to learn more about this training program. Who should I contact?

    Contact us using the form on the right of any page on the Simplilearn website, or select the Live Chat link. Our customer service representatives will be able to give you more details.

  • Acknowledgement
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, OPM3 and the PMI ATP seal are the registered marks of the Project Management Institute, Inc.