phone icon 888.418.7051 info@testpassacademy.com

ISACA Crisc certification training

Test Pass Academy has Expert Instructors that have been doing the ISACA Certified in Risk and Information Systems Control - CRISC Certification training for many years. Our instructors are well known in the industry not only as top level instructors with rave reviews, but also as top level Security Professionals who pass along real world examples to the class. Our experts have a vast understanding of security and a remarkable teaching ability making it easy to PASS the CRISC Exam on the 1st attempt. If you are looking to gain CRISC experience and pass the CRISC exam, you found the right place. This 3 day bootcamp is geared for the Government, Military and Contractors seeking 8140 compliance.

SCHEDULE
REGISTER OR NEED A QUOTE?
QUESTIONS?

What is the ISACA CRISC Certification?

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise. CRISC is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute. Those who earn CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls. 

The CRISC certification is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate Information Systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control lifecycle, the risk area spans the gamut from identification and assessment of the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs. The CRISC is designed for:

  • IT Professionals
  • Risk Professionals
  • Control Professionals
  • Business Analysts
  • Project Managers
  • Compliance Professionals

ISACA CRISC Class Details:

  • 3 Days of the Top CRISC Training in the Industry
  • Instruction by a High-Level CRISC Certified Expert
  • CRISC Courseware - Continually Updated
  • CRISC Practice Questions
  • Class Hours: 9:00 - 5:00 Daily
  • CRISC Exam Fee INCLUDED
  • CRISC Exam Retake INCLUDED

Upon completion of the ISACA CRISC Course, you will demonstrate competence and learn to master:

DOMAIN 1 – GOVERNANCE

The governance domain interrogates your knowledge of information about an organization’s business and IT environments, organizational strategy, goals and objectives, and examines potential or realized impacts of IT risk to the organization’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework.

ORGANIZATIONAL GOVERNANCE

  1. Organizational Strategy, Goals, and Objectives
  2. Organizational Structure, Roles and Responsibilities
  3. Organizational Culture
  4. Policies and Standards
  5. Business Processes
  6. Organizational Assets

RISK GOVERNANCE

  1. Enterprise Risk Management and Risk Management Framework
  2. Three Lines of Defense
  3. Risk Profile
  4. Risk Appetite and Risk Tolerance
  5. Legal, Regulatory and Contractual Requirements
  6. Professional Ethics of Risk Management

DOMAIN 2 – IT RISK ASSESSMENT

This domain will certify your knowledge of threats and vulnerabilities to the organization’s people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios.

IT RISK IDENTIFICATION

  1. Risk Events (e.g., contributing conditions, loss result)
  2. Threat Modelling and Threat Landscape
  3. Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  4. Risk Scenario Development

IT RISK ANALYSIS AND EVALUATION

  1. Risk Assessment Concepts, Standards and Frameworks
  2. Risk Register
  3. Risk Analysis Methodologies
  4. Business Impact Analysis
  5. Inherent and Residual Risk

DOMAIN 3 – RISK RESPONSE AND REPORTING

This domain deals with the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders.

RISK RESPONSE

  1. Risk Treatment / Risk Response Options
  2. Risk and Control Ownership
  3. Third-Party Risk Management
  4. Issue, Finding and Exception Management
  5. Management of Emerging Risk

CONTROL DESIGN AND IMPLEMENTATION

  1. Control Types, Standards and Frameworks
  2. Control Design, Selection and Analysis
  3. Control Implementation
  4. Control Testing and Effectiveness Evaluation

RISK MONITORING AND REPORTING

  1. Risk Treatment Plans
  2. Data Collection, Aggregation, Analysis and Validation
  3. Risk and Control Monitoring Techniques
  4. Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  5. Key Performance Indicators
  6. Key Risk Indicators (KRIs)
  7. Key Control Indicators (KCIs)

DOMAIN 4 – INFORMATION TECHNOLOGY AND SECURITY

In this domain we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training.

INFORMATION TECHNOLOGY PRINCIPLES

  1. Enterprise Architecture
  2. IT Operations Management (e.g., change management, IT assets, problems, incidents)
  3. Project Management
  4. Disaster Recovery Management (DRM)
  5. Data Lifecycle Management
  6. System Development Life Cycle (SDLC)
  7. Emerging Technologies

INFORMATION SECURITY PRINCIPLES

  1. Information Security Concepts, Frameworks and Standards
  2. Information Security Awareness Training
  3. Business Continuity Management
  4. Data Privacy and Data Protection Principles

SUPPORTING TASKS

  1. Collect and review existing information regarding the organization’s business and IT environments.
  2. Identify potential or realized impacts of IT risk to the organization’s business objectives and operations.
  3. Identify threats and vulnerabilities to the organization’s people, processes and technology.
  4. Evaluate threats, vulnerabilities and risk to identify IT risk scenarios.
  5. Establish accountability by assigning and validating appropriate levels of risk and control ownership.
  6. Establish and maintain the IT risk register and incorporate it into the enterprise-wide risk profile.
  7. Facilitate the identification of risk appetite and risk tolerance by key stakeholders.
  8. Promote a risk-aware culture by contributing to the development and implementation of security awareness training.
  9. Conduct a risk assessment by analyzing IT risk scenarios and determining their likelihood and impact.
  10. Identify the current state of existing controls and evaluate their effectiveness for IT risk mitigation.
  11. Review the results of risk analysis and control analysis to assess any gaps between current and desired states of the IT risk environment.
  12. Facilitate the selection of recommended risk responses by key stakeholders.
  13. Collaborate with risk owners on the development of risk treatment plans.
  14. Collaborate with control owners on the selection, design, implementation and maintenance of controls.
  15. Validate that risk responses have been executed according to risk treatment plans.
  16. Define and establish key risk indicators (KRIs).
  17. Monitor and analyze key risk indicators (KRIs).
  18. Collaborate with control owners on the identification of key performance indicators (KPIs) and key control indicators (KCIs).
  19. Monitor and analyze key performance indicators (KPIs) and key control indicators (KCIs).
  20. Review the results of control assessments to determine the effectiveness and maturity of the control environment.
  21. Report relevant risk and control information to applicable stakeholders to facilitate risk-based decision-making.
  22. Evaluate alignment of business practices with risk management and information security frameworks and standards.
CRISC Exam Content Outline will be updated effective 3 November 2025. Starting on that date the CRISC Exam will reflect the new Exam Content Outline

ISACA CRISC Exam Prep Schedule:

COURSECLASS DATESLOCATIONPRICEREQUEST QUOTE OR REGISTER
ISACA CRISC CertificationOctober 27 - 29, 2025Live Online$2,995REGISTERQUOTE
ISACA CRISC CertificationNovember 17 - 19, 2025Fort Bragg, NC$2,995REGISTERQUOTE
ISACA CRISC CertificationDecember 1 - 3, 2025Live Online$2,995REGISTERQUOTE
ISACA CRISC CertificationDecember 1 - 3, 2025Omaha, NE$2,995REGISTERQUOTE
ISACA CRISC CertificationDecember 15 - 17, 2025San Diego, CA$2,995REGISTERQUOTE
ISACA CRISC CertificationDecember 15 - 17, 2025Eglin AFB, FL$2,995REGISTERQUOTE
ISACA CRISC CertificationJanuary 12 - 14, 2026Live Online$2,995REGISTERQUOTE
ISACA CRISC CertificationJanuary 12 - 14, 2026Las Vegas, NV$2,995REGISTERQUOTE
ISACA CRISC CertificationJanuary 26 - 28,2026San Diego, CA$2,995REGISTERQUOTE
ISACA CRISC CertificationFebruary 9 - 11, 2026Live Online$2,995REGISTERQUOTE
ISACA CRISC CertificationFebruary 9 - 11, 2026Jacksonville, FL$2,995REGISTERQUOTE
ISACA CRISC CertificationFebruary 23 - 25, 2026CO Springs, CO$2,995REGISTERQUOTE
ISACA CRISC CertificationMarch 9 - 11, 2026Live Online$2,995REGISTERQUOTE
ISACA CRISC CertificationMarch 9 - 11, 2026Norfolk, VA$2,995REGISTERQUOTE
ISACA CRISC CertificationMarch 16 - 18, 2026Sacramento, CA$2,995REGISTERQUOTE


CRISC Requirements & Prerequisites:

CRISC candidates are required to meet the following requirements prior to attending the CRISC Bootcamp and CRISC Exam:

ISACA requires that all individuals attempting to earn the certification have at least 3 or more years of cumulative work experience performing the tasks of a CRISC professional across at least 2 CRISC domains, of which one must be in Domain 1 or 2, is required for certification. There are no substitutions or experience waivers.

Certifications Earned During This Bootcamp: CRISC

Updated: September 23, 2025

Certification Image

Why choose Test Pass Academy?

Your Instructor Has Vast Experience in the Field

Quotation MarkThe class went great. Michael was an excellent teacher. He has vast experience in the field and used great real world examples to help understand concepts. Thank you for the opportunity to take this bootcamp with such a qualified teacher.Quotation Mark

Thanks again, Robert
Booz Allen Hamilton

Experience and High Energy Teaching Style

Quotation MarkFred is a fantastic instructor, with his background, experience and high energy teaching style I definitely have a great deal of confidence in passing the test first time through. I definitely will recommend your class for any future CISSP candidates.Quotation Mark

V/R, Chuck US Navy

Instructor for the Course Was Outstanding

Quotation MarkI had a great experience and thought that the test center was top notch. The material that has to be covered for an exam like these is very extensive. The instructor for the course was outstanding, and knew the Windows platform in and out.Quotation Mark

Sean
DoD Contractor

I Learned a lot and Passed the Test

Quotation MarkThe Security Plus class went very well!! I learned a lot, passed the test, and Tracy was an excellent instructor. I felt it was very valuable training for my job and was very satisfied with my experience with Test Pass Academy. Thank you for everything.Quotation Mark

V/R,
Addy - US Air Force

For more information on our Training, call us at 1-888-418-7051 or via email at info@testpassacademy.com