A Certified in Risk and Information Systems Control® (CRISC®) certification demonstrates your IT risk management expertise. By taking a proactive approach, you will learn how to enhance your organization’s business resilience, deliver stakeholder value and optimize risk management across the enterprise. As a CRISC, you will be ready to address emerging technology, including AI risk assessment and general best practices for risk management and mitigation related to AI data governance and ethics.
Course Content
Domain 1: Governance
Domain 2: IT Risk Assessment
Domain 3: Risk Response and Reporting
Domain 4: Information Technology and Security
Module 1.1: Organizational Governance
You don't currently have access to this content
5 Topics
1 Quiz
Understanding Organizational Strategy, Goals, and Objectives
You don't currently have access to this content
Roles and Responsibilities of the Three Lines of Defense Model
You don't currently have access to this content
Developing and Implementing a Risk Governance Framework
You don't currently have access to this content
Defining Risk Culture and Appetite Statements
You don't currently have access to this content
Aligning Risk Management with Enterprise Architecture (EA)
You don't currently have access to this content
CRISC Module 1.1: Organizational Governance
You don't currently have access to this content
Module 1.2: Risk Strategy and Framework
You don't currently have access to this content
5 Topics
1 Quiz
Components of a Risk Management Framework (e.g., ISO 31000, COSO)
You don't currently have access to this content
Establishing and Communicating the Risk Vision and Strategy
You don't currently have access to this content
Integrating Risk Management into Organizational Processes
You don't currently have access to this content
Legal, Regulatory, and Contractual Requirements
You don't currently have access to this content
Business Continuity Planning (BCP) and Resilience Strategy
You don't currently have access to this content
CRISC Module 1.2: Risk Strategy and Framework
You don't currently have access to this content
Module 1.3: Policies, Standards, and Procedures
You don't currently have access to this content
5 Topics
1 Quiz
Developing and Maintaining Information Security Policies
You don't currently have access to this content
Creating and Implementing Control Standards and Baselines
You don't currently have access to this content
Documenting and Communicating Detailed Procedures
You don't currently have access to this content
Policy Exception and Risk Acceptance Processes
You don't currently have access to this content
Monitoring and Enforcing Policy Compliance
You don't currently have access to this content
CRISC Module 1.3: Policies, Standards, and Procedures
You don't currently have access to this content
Module 1.4: Business Impact Analysis (BIA)
You don't currently have access to this content
5 Topics
1 Quiz
Identifying and Prioritizing Critical Business Processes
You don't currently have access to this content
Determining Maximum Tolerable Downtime (MTD) and Recovery Objectives
You don't currently have access to this content
Identifying Dependencies and Interdependencies
You don't currently have access to this content
Quantifying Impact in Financial and Operational Terms
You don't currently have access to this content
Using BIA Outputs to Inform Risk Treatment and Resource Allocation
You don't currently have access to this content
CRISC Module 1.4: Business Impact Analysis (BIA)
You don't currently have access to this content
Module 2.1: Risk Identification
You don't currently have access to this content
5 Topics
1 Quiz
Threat Modeling and Threat Landscape Analysis
You don't currently have access to this content
Vulnerability Identification and Management
You don't currently have access to this content
IT Risk Scenario Development and Structuring
You don't currently have access to this content
Asset Identification and Valuation (Data, Systems, People)
You don't currently have access to this content
Risk Identification Techniques (Brainstorming, Delphi, Interviews)
You don't currently have access to this content
CRISC Module 2.1: Risk Identification
You don't currently have access to this content
Module 2.2: Risk Analysis and Evaluation
You don't currently have access to this content
5 Topics
1 Quiz
Qualitative vs. Quantitative Risk Analysis Methods
You don't currently have access to this content
Likelihood and Impact Assessment Criteria and Scales
You don't currently have access to this content
Inherent Risk vs. Residual Risk
You don't currently have access to this content
Risk Ranking, Heat Maps, and Prioritization
You don't currently have access to this content
Using FAIR (Factor Analysis of Information Risk) for Quantification
You don't currently have access to this content
CRISC Module 2.2: Risk Analysis and Evaluation
You don't currently have access to this content
Module 2.3: Emerging Risk and Industry Trends
You don't currently have access to this content
5 Topics
1 Quiz
Analyzing the Impact of Digital Transformation (Cloud, AI, IoT)
You don't currently have access to this content
Third-Party and Supply Chain Risk Management
You don't currently have access to this content
Cybersecurity Threats (Ransomware, Phishing, APTs)
You don't currently have access to this content
Regulatory and Privacy Landscape (e.g., GDPR, CCPA)
You don't currently have access to this content
Geopolitical and Environmental Risk Factors
You don't currently have access to this content
CRISC Module 2.3: Emerging Risk and Industry Trends
You don't currently have access to this content
Module 2.4: Risk Assessment Concepts
You don't currently have access to this content
5 Topics
1 Quiz
The Risk Assessment Lifecycle
You don't currently have access to this content
Risk Register Development and Maintenance
You don't currently have access to this content
Control Assessment and Gap Analysis
You don't currently have access to this content
Key Risk Indicators (KRIs) and Metrics
You don't currently have access to this content
Data Analytics for Risk Assessment
You don't currently have access to this content
CRISC Module 2.4: Risk Assessment Concepts
You don't currently have access to this content
Module 3.1: Risk Treatment / Response Options
You don't currently have access to this content
5 Topics
1 Quiz
The Four Risk Response Strategies: Accept, Mitigate, Transfer, Avoid
You don't currently have access to this content
Selecting the Optimal Risk Response Based on Cost-Benefit Analysis
You don't currently have access to this content
Developing Risk Treatment Plans and Action Plans
You don't currently have access to this content
Integrating Risk Responses with Business Processes
You don't currently have access to this content
Managing and Monitoring Risk Treatment Progress
You don't currently have access to this content
CRISC Module 3.1: Risk Treatment / Response Options
You don't currently have access to this content
Module 3.2: Control Design and Implementation
You don't currently have access to this content
5 Topics
1 Quiz
Categories of Controls (Preventive, Detective, Corrective)
You don't currently have access to this content
Control Types (Administrative, Technical, Physical)
You don't currently have access to this content
Designing Effective and Efficient Controls
You don't currently have access to this content
Control Ownership and Implementation Lifecycle
You don't currently have access to this content
Aligning Controls with Industry Frameworks (COBIT, NIST CSF)
You don't currently have access to this content
CRISC Module 3.2: Control Design and Implementation
You don't currently have access to this content
Module 3.3: Control Monitoring and Maintenance
You don't currently have access to this content
5 Topics
1 Quiz
Continuous Control Monitoring Techniques and Tools
You don't currently have access to this content
Control Testing and Assurance Frameworks
You don't currently have access to this content
Managing Control Exceptions and Deficiencies
You don't currently have access to this content
Control Automation and its Benefits
You don't currently have access to this content
Maturity Models for Control Improvement
You don't currently have access to this content
CRISC Module 3.3: Control Monitoring and Maintenance
You don't currently have access to this content
Module 3.4: Risk and Control Reporting
You don't currently have access to this content
5 Topics
1 Quiz
Identifying Target Audiences (Board, Management, Operational)
You don't currently have access to this content
Developing Effective Risk Dashboards and Reports
You don't currently have access to this content
Reporting on Risk Appetite Breaches and Top Risks
You don't currently have access to this content
Communicating Control Effectiveness and Audit Findings
You don't currently have access to this content
Data Visualization Techniques for Risk Reporting
You don't currently have access to this content
CRISC Module 3.4: Risk and Control Reporting
You don't currently have access to this content
Module 4.1: IT Principles and Architecture
You don't currently have access to this content
5 Topics
1 Quiz
Enterprise Architecture Frameworks (e.g., TOGAF, Zachman)
You don't currently have access to this content
Cloud Computing Models (IaaS, PaaS, SaaS) and Associated Risks
You don't currently have access to this content
Network Security Architecture (Zero Trust, Segmentation)
You don't currently have access to this content
System Development Life Cycle (SDLC) and DevOps/DevSecOps
You don't currently have access to this content
Data Governance, Classification, and Lifecycle Management
You don't currently have access to this content
CRISC Module 4.1: IT Principles and Architecture
You don't currently have access to this content
Module 4.2: IT Operations and Resilience
You don't currently have access to this content
5 Topics
1 Quiz
IT Service Management (ITSM) and ITIL Key Practices
You don't currently have access to this content
Physical and Environmental Security Controls
You don't currently have access to this content
Backup and Recovery Strategies
You don't currently have access to this content
Incident Response and Management Lifecycle
You don't currently have access to this content
Patch and Vulnerability Management Programs
You don't currently have access to this content
CRISC Module 4.2: IT Operations and Resilience
You don't currently have access to this content
Module 4.3: Information Security Core Concepts
You don't currently have access to this content
5 Topics
1 Quiz
The CIA Triad: Confidentiality, Integrity, and Availability
You don't currently have access to this content
Identity and Access Management (IAM)
You don't currently have access to this content
Cryptography and Public Key Infrastructure (PKI)
You don't currently have access to this content
Network Security Controls (Firewalls, IDS/IPS)
You don't currently have access to this content
Security Awareness, Training, and Education Programs
You don't currently have access to this content
CRISC Module 4.3: Information Security Core Concepts
You don't currently have access to this content
Module 4.4: Emerging Technology and Associated Risks
You don't currently have access to this content
5 Topics
1 Quiz
Artificial Intelligence (AI) and Machine Learning (ML) Risks
You don't currently have access to this content
Internet of Things (IoT) and Operational Technology (OT) Security
You don't currently have access to this content
Blockchain and Distributed Ledger Technology Risks
You don't currently have access to this content
Mobile and Remote Workforce Security Challenges
You don't currently have access to this content
Managing the Risks of Robotic Process Automation (RPA)
You don't currently have access to this content
CRISC Module 4.4: Emerging Technology and Associated Risks
You don't currently have access to this content
