Certified in Risk and Information Systems Control (CRISC)

This four-day official ISACA course equips learners with the knowledge and practical skills needed to prepare for and pass the CRISC exam. CRISC is the only globally recognised certification focused on IT and enterprise risk management, enabling professionals to bridge the gap between risk, business goals, and technology. Participants will explore the four CRISC domains: governance, risk assessment, risk response and reporting, and technology and security. Through real-world scenarios and exam-focused exercises, learners will gain the ability to identify, assess, and manage IT risks while supporting enterprise objectives.

Key takeaways

By the end of this course, learners will be able to:

  • Explain the governance structures, frameworks, and cultural factors that shape IT risk management.
  • Identify, evaluate, and prioritise IT risks using established assessment methodologies.
  • Develop and implement risk response strategies aligned with enterprise objectives.
  • Design, monitor, and assess IT controls for effectiveness and maturity.
  • Report relevant risk and control information to stakeholders to support decision making.
  • Recognise the impact of emerging technologies, regulations, and security practices on enterprise risk.
  • Apply exam strategies and practice techniques to prepare for the CRISC exam.

Prerequisites

Learners should have:

  • At least three years of professional experience in IT risk management or control, covering a minimum of two CRISC domains (including governance or risk assessment).
  • Familiarity with risk frameworks, organisational governance, and control processes.

Target audience

This course is designed for:

  • IT risk and compliance professionals seeking CRISC certification

Introduction to the CRISC exam

  • About the CRISC certification
  • Exam structure, scoring, and preparation strategies

Domain 1 – Governance

  • Strategy, goals, and objectives
  • Organisational structure, culture, ethics, and accountability
  • Risk appetite, tolerance, and enterprise risk frameworks
  • Policies, standards, legal and regulatory requirements
  • Maintaining risk registers and profiles
  • Stakeholder communication and reporting

Domain 2 – Risk assessment

  • Risk event identification and threat modelling
  • Vulnerability management and scenario development
  • Business impact analysis and residual risk evaluation
  • Risk analysis methodologies and risk register updates
  • Promoting a risk-aware culture through awareness and training

Domain 3 – Risk response and reporting

  • Risk response options and treatment planning
  • Control design, selection, and implementation
  • Issue, finding, and exception management
  • Vendor and supply chain risk management
  • Monitoring and analysing KPIs, KRIs, and KCIs
  • Reporting emerging risks to stakeholders

Domain 4 – Technology and security

  • Technology roadmaps and enterprise architecture
  • IT operations, lifecycle management, and disaster recovery
  • Security frameworks, standards, and awareness training
  • Data lifecycle management, privacy, and protection
  • Emerging technologies and their risk implications

Exam readiness

  • Mock exam review
  • Time management and test-taking strategies

This course prepares learners for the CRISC exam. The exam is booked separately via ISACA and delivered online. It consists of 150 multiple-choice questions over four hours. A passing score of 450 (out of 800) is required. Practice questions and mock tests are included during the course.

CRSIC exam changes from 3rd Nov 2025, the four CRISC domains remain the same, but the distribution of the exam content will slightly change to the following:

Domain 1: Governance (26 percent)

Domain 2: Risk Assessment (22 percent, compared to 20 percent previously)

Domain 3: Risk Response and Reporting (32 percent)

Domain 4: Technology and Security (20 percent, compared to 22 percent previous

 

FAQ – CRISC: Certified in Risk and Information Systems Control

Hva koster kurset?
Prisen er 35 000 NOK. Kurset inkluderer eksamensvoucher til CRISC-sertifiseringen samt eksamensforberedende materiell og oppgaver.

Hvor lenge varer kurset?
Kurset går over 4 dager og gjennomføres enten som virtuelt kurs eller klasseromskurs.

Hvordan gjennomføres kurset?
Kurset gjennomføres som et instruktørledet kurs med fokus på praktiske øvelser, case-studier og eksamensforberedelse. Deltakerne jobber med realistiske scenarioer innen risikostyring, governance og kontroll for å bygge kompetanse som kan brukes direkte i virksomheten.

Hvem passer kurset for?
Kurset er utviklet for fagpersoner som arbeider med risikostyring, compliance og IT-governance:

  • IT risk and compliance professionals
  • Business analysts og project managers
  • Auditors og governance specialists
  • IT managers og informasjonssikkerhetsansvarlige

Hva lærer jeg i løpet av kurset?
Kurset gir deg kompetanse til å identifisere, analysere og håndtere IT-risiko i tråd med virksomhetens mål. Etter kurset vil du kunne:

  • Forstå governance-strukturer og rammeverk for IT-risiko
  • Identifisere og vurdere risikoer ved hjelp av etablerte metoder
  • Utforme og implementere risikoreduserende tiltak
  • Designe og evaluere IT-kontroller
  • Rapportere risiko og kontrollstatus til beslutningstakere
  • Forstå hvordan teknologi og sikkerhet påvirker virksomhetsrisiko

Hvilke temaer dekkes i kurset?
Kurset dekker de fire offisielle CRISC-domenene:

  • Governance
  • Risk Assessment
  • Risk Response and Reporting
  • Technology and Security

Får jeg sertifisering etter kurset?
Kurset forbereder deg til CRISC-sertifiseringen fra ISACA. Eksamen gjennomføres online og bestilles via ISACA ved bruk av eksamensvoucher som er inkludert i kurset.

Hvordan foregår eksamen?
Eksamen består av:

  • 150 flervalgsspørsmål
  • 4 timers varighet
  • Beståttgrense på 450 av 800 poeng

Hvilke forkunnskaper anbefales?
Det anbefales at deltakerne har minst 3 års erfaring innen IT-risikostyring eller kontroll, samt kjennskap til governance-rammeverk og risikoprosesser.

Hva gjør dette kurset unikt?
CRISC er en av få sertifiseringer som kombinerer IT, risiko og forretningsmål. Kurset gir en helhetlig forståelse av hvordan risiko kan styres strategisk og operasjonelt i moderne organisasjoner.

 

Cybersecurity Governance & Risk

Security Architecture & Compliance

Security Operations & Risk Handling

Other relevant courses

AWS Security Essentials
19. May
1 days
Classroom Virtual
Security Engineering on AWS
20. May
3 days
Classroom Virtual