ISACA Risk and Information Systems Control (CRISC) Exam Syllabus

CRISC PDF, CRISC Dumps, CRISC VCE, ISACA Risk and Information Systems Control Questions PDF, ISACA Risk and Information Systems Control VCE, , ISACA Risk and Information Systems Control Dumps, ISACA Risk and Information Systems Control PDFUse this quick start guide to collect all the information about ISACA CRISC Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the ISACA Risk and Information Systems Control (CRISC) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual ISACA Certified in Risk and Information Systems Control (CRISC) certification exam.

The ISACA CRISC certification is mainly targeted to those candidates who want to build their career in IT Risk management domain. The ISACA Certified in Risk and Information Systems Control (CRISC) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of ISACA Risk and Information Systems Control.

ISACA CRISC Exam Summary:

Exam Name ISACA Certified in Risk and Information Systems Control (CRISC)
Exam Code CRISC
Exam Price ISACA Member $575 (USD)
Exam Price ISACA Nonmember $760 (USD)
Duration 240 mins
Number of Questions 150
Passing Score 450 / 800
Books / Training Conferences
In-person training
Online training
Careers
Accredited partner training
Customized training
Schedule Exam Exam Registration
Sample Questions ISACA CRISC Sample Questions
Practice Exam ISACA CRISC Certification Practice Exam

ISACA Risk and Information Systems Control Exam Syllabus Topics:

Topic Details Weights
Governance - The governance domain interrogates your knowledge of information about an organization’s business and IT environments, organizational strategy, goals and objectives, and examines potential or realized impacts of IT risk to the organization’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework.

A. Organizational Governance
  • Strategy, Goals, and Objectives
  • Organizational Structure, Roles, and Responsibilities
  • Organizational Culture and Ethics
  • Policies and Standards
  • Business Processes and Resilience (e.g., DRP, BCP)
  • Organizational Asset Management

B. Risk Governance

  • Enterprise Risk Management (ERM)
  • Lines of Defense
  • Risk Profile
  • Risk Appetite and Risk Tolerance
  • Risk Frameworks, Legal, Regulatory, and Contractual Requirements
 26%
Risk Assessment - This domain will certify your knowledge of threats and vulnerabilities to the organization’s people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios.

A. Risk Identification
  • Risk Events
  • Threat Modeling and Threat Landscape
  • Vulnerability Management
  • Risk Scenario Development and Evaluation

B. IT Risk Analysis

  • Risk Assessment Concepts and Standards
  • Business Impact Analysis (BIA)
  • Risk Register
  • Risk Analysis Methodologies
  • Inherent and Residual Risk
 22%
Risk Response and Reporting - This domain deals with the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders.

A. Risk Response
  • Risk Response Options
  • Risk and Control Ownership
  • Vendor/Supply Chain Risk Management
  • Issues, Findings, Exceptions and Exemptions Management

B. Control Design and Implementation

  • Control Frameworks, Types, and Standards
  • Control Design, Selection, Implementation, and Analysis
  • Control Testing Methodologies

C. Risk Monitoring and Reporting

  • Risk action Plans
  • Data Collection, Aggregation, Analysis, and Validation
  • Risk and Control Metrics (e.g., KRIs, KCIs, KPIs)
  • Risk and Control Monitoring Techniques
  • Risk and Control Reporting Techniques (e.g., heatmap, scorecards, dashboards)
  • Monitoring and Reporting of Emerging Risks
 32%
Technology and Security - In this domain we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training.

A. Technology and Security
  • Technology Principles
  • Technology Roadmaps and Enterprise Architecture (EA)
  • Operations Management (e.g., change management, assets, DevOps, problems, incidents)
  • System Development Life Cycle (SDLC)
  • Data Lifecycle Management
  • Portfolio and Project Management (e.g. Agile)
  • Technology Resilience and Disaster Response/Recovery
  • Emerging Technologies

B. Information Security Principles

  • Security Concepts, Frameworks, and Standards
  • Security/Risk Awareness and Training
  • Data Privacy and Data Protection Principles
 20%

To ensure success in ISACA Risk and Information Systems Control certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for ISACA Risk and Information Systems Control (CRISC) exam.

Rating: 4.9 / 5 (78 votes)