Management Training

(CRISC) Certified In Risk and Information System Control

This 3-Day training prepares the professionals who want to pass the ISACA’s Certified in Risk and Information System Control CRISC® exam. The program covers the four key areas covered in the exam: Governance, IT Risk Assessment, Risk Response and Reporting, Information Technology and Security The program is aligned on the latest Edition (7th) of the CBK (Common Body of Knowledge) from the ISACA®CRISC® certification is recognised around the world.

Voor wie is deze cursus?
  • Job roles that can benefit from CRISC® training include, but are not limited to: CISO, Information Security consultants, Governance Consultants, Cybersecurity Consultants, IT professionals, Risk professionals, Control professionals, Project managers, Business analysts, Compliance professionals, Auditors
  • CRISC® exam candidates and anyone keen to improve their knowledge in the field of risk management and IS control.
  • Participants who have completed an ISO 27005 or ISO 31000 course
  • People working with an ERM (Enterprise Risk Management) framework
  • There is no prerequisite to take the CRISC® exam; however, in order to apply for CRISC® certification, you must meet the necessary experience requirements as determined by ISACA.
  • Participants should have a basic knowledge of the areas to be covered. The course consists of intense preparation for the certification exam.
  • English is required for the exam.


  • Master the risk management approach according to the CRISC®
  • Apply the best responses strategies to the risks weighing on the information system
  • Use best risk monitoring practices
  • Define information system controls
  • Use best practices to monitor and maintain these controls


  • Candidates must apply for certification within 5 years of having passed the exam.
  • A minimum of 3-year experience of cumulative work experience performing the tasks of a CRISC® professional across at least two of the four CRISC® domains is required for the certification. Of these two domains, one must be in either domain 1 or 2.
  • Adhere to the ISACA® code of Professional Ethics
  • Agree to comply with the CRISC® continuing education policy.

Day One: Introduction & Chapter 1: Governance

  • Organizational Strategy, Goals and Objectives
  • Organization structure, Roles and Responsibilities
  • Organizational Structure
  • Policies and Standards
  • Business Process Review
  • Organization assets
  • Enterprise Risk Management and Risk Management Frameworks
  • Three Lines of Defence
  • Risk Profile
  • Risk Appetite, Tolerance and Capacity
  • Legal, Regulatory and Contractual Requirements
  • Exercises – Multiple Choice questions in between chapters and at the end of each chapter

Day Two: Chapter 2: IT Risk Assessment

  • Risk Events
  • Threat Modelling and Threat landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • Risk Assessment Concepts, Standards and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current risk
  • Exercises – Multiple Choice questions in between chapters and at the end of each chapter

Day Three: Chapter 3: Risk Response and Reporting 

  • Risk and Control Ownership
  • Risk Treatment/Risk Response Options
  • Third-party Risk Management
  • Issues, Finding and Exception Management
  • Management of Emerging risk
  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques
  • Key Performances Indicators
  • Key Risk Indicators
  • Key Control Indicators
  • Exercises – Multiple Choice questions in between chapters and at the end of each chapter

Day Four: Chapter 4: Information Technology and Security

  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Enterprise Resiliency
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Trends in Technology
  • Information Security Concepts, Frameworks and Standards
  • Information Security Awareness Training
  • Data Privacy and Principles of Data Protection
  • Exercises – Multiple Choice questions in between chapters and at the end of each chapter

Preparation for the exam

  • Multiple Choice Questions (MCQ) like the exam and correction performed together
  • Discussion and exchanges, hints, and tips to pass the exam.
  • Blank Exam 150 MCQs
  • Registration is to be made on the site
  • The exam consists of 150 MCQs that cover the CRISC® job practice domains.

Praktische informatie






€ 2760 + 21% VAT


Classroom Course


Guaranteed to run

Engelstalige sessies
26 - 29/2/2024Boek
03 - 06/6/2024Boek
01 - 04/10/2024Boek
02 - 05/12/2024Boek

Deel deze cursus op

Boek je training

Vul uw gegevens in om uw boeking te bevestigen.


    Op zoek naar een oplossing op maat?