ISACA Risk and Information Systems Control (CRISC) Exam Syllabus

CRISC PDF, CRISC Dumps, CRISC VCE, ISACA Risk and Information Systems Control Questions PDF, ISACA Risk and Information Systems Control VCE, , ISACA Risk and Information Systems Control Dumps, ISACA Risk and Information Systems Control PDFUse this quick start guide to collect all the information about ISACA CRISC Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the ISACA Risk and Information Systems Control (CRISC) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual ISACA Certified in Risk and Information Systems Control (CRISC) certification exam.

The ISACA CRISC certification is mainly targeted to those candidates who want to build their career in IT Risk management domain. The ISACA Certified in Risk and Information Systems Control (CRISC) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of ISACA Risk and Information Systems Control.

ISACA CRISC Exam Summary:

Exam Name ISACA Certified in Risk and Information Systems Control (CRISC)
Exam Code CRISC
Exam Price ISACA Member $575 (USD)
Exam Price ISACA Nonmember $760 (USD)
Duration 240 mins
Number of Questions 150
Passing Score 450/800
Books / Training Virtual Instructor-Led Training
In-Person Training & Conferences
Customized, On-Site Corporate Training
CRISC Planning Guide
Schedule Exam Exam Registration
Sample Questions ISACA CRISC Sample Questions
Practice Exam ISACA CRISC Certification Practice Exam

ISACA Risk and Information Systems Control Exam Syllabus Topics:

Topic Details Weights
Governance A. Organizational Governance
  • Organizational Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture
  • Policies and Standards
  • Business Processes
  • Organizational Assets

B. Risk Governance

  • Enterprise Risk Management and Risk Management Framework
  • Three Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Legal, Regulatory, and Contractual Requirements
  • Professional Ethics of Risk Management
26%
IT Risk Assessment A. IT Risk Identification
  • Risk Events (e.g., contributing conditions, loss result)
  • Threat Modelling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  • Risk Scenario Development

B. IT Risk Analysis and Evaluation

  • Risk Assessment Concepts, Standards, and Frameworks
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent and Residual Risk
20%
Risk Response and Reporting A. Risk Response
  • Risk Treatment / Risk Response Options
  • Risk and Control Ownership
  • Third-Party Risk Management
  • Issue, Finding, and Exception Management
  • Management of Emerging Risk

B. Control Design and Implementation

  • Control Types, Standards, and Frameworks
  • Control Design, Selection, and Analysis
  • Control Implementation
  • Control Testing and Effectiveness Evaluation

C. Risk Monitoring and Reporting

  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (heatmap, scorecards, dashboards)
  • Key Performance Indicators
  • Key Risk Indicators (KRIs)
  • Key Control Indicators (KCIs)
32%
Information Technology and Security A. Information Technology Principles
  • Enterprise Architecture
  • IT Operations Management (e.g., change management, IT assets, problems, incidents)
  • Project Management
  • Disaster Recovery Management (DRM)
  • Data Lifecycle Management
  • System Development Life Cycle (SDLC)
  • Emerging Technologies

B. Information Security Principles

  • Information Security Concepts, Frameworks, and Standards
  • Information Security Awareness Training
  • Business Continuity Management
  • Data Privacy and Data Protection Principles
22%

To ensure success in ISACA Risk and Information Systems Control certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for ISACA Risk and Information Systems Control (CRISC) exam.

Rating: 4.8 / 5 (63 votes)