CRISC® – Certified in Risk and Information Systems Control

  • Vendor: ISACA Authorized
  • Class: 3 Days
  • Voucher: Yes
  • Certification: CRISC Certified
  • Exam Method: Virtual or Live Exam
  • 4 Days
  • Stafford VA or Zoom

Class Is Recorded with Unlimited Access for 90-Days

We Coach Until You Pass

100 % Exam Pass Guarantee

12-Additional Hours of Exam Review at No Charge

CCAK Overview

Welcome to ISACA’s Certified in Risk and Information Systems Control® (CRISC®) training and certification course. Are you considering CRISC certification? This course prepares students to pass the certification exam and be recognized among the world’s most qualified Risk Management professionals. The CRISC program at 327 Solutions is an ISACA Authorized Event. 327 Solutions is an ISACA Authorized Training Organization (ATO). Our training utilizes the latest courseware and exam prep material in the market, delivered by ISACA Authorized Trainers, and uses 327 Solutions Persistent Training Environment. When you take a training program with 327, we will record your event, and after class, you’ll have access to your training for 3-months after we turn your event into eLearning, along with live exam review and mentoring.

The course covers all four CRISC domains. BONUS!


  1. Pass your exam, guaranteed (if you don’t pass, you’ll be coached until you do)
  2. Intensive Authorized Virtual-Live & Live Training (online live sessions on Zoom)
  3. YOUR live class is recorded and turned into eLearning with 3-months access via the student portal
  4. Access mock exams, exam prep, and assessments to ensure you are ready to test


Domain 1 - Governance

The governance domain interrogates your knowledge of information about an organization’s business and IT environments, organizational strategy, goals, and objectives. It examines the potential or realized impacts of IT risk on the organization’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework.


  1. Organizational Strategy, Goals, and Objectives
  2. Organizational Structure, Roles and Responsibilities
  3. Organizational Culture
  4. Policies and Standards
  5. Business Processes
  6. Organizational Assets


  1. Enterprise Risk Management and Risk Management Framework
  2. Three Lines of Defense
  3. Risk Profile
  4. Risk Appetite and Risk Tolerance
  5. Legal, Regulatory, and Contractual Requirements
  6. Professional Ethics of Risk Management

Domain 2 - IT Risk Assessment

This domain will certify your knowledge of threats and vulnerabilities to the organization’s people, processes, and technology, as well as the likelihood and impact of threats, vulnerabilities, and risk scenarios.


  1. Risk Events (e.g., contributing conditions, loss result)
  2. Threat Modelling and Threat Landscape
  3. Vulnerability and Control Deficiency Analysis (e.g., root cause analysis)
  4. Risk Scenario Development


  1. Risk Assessment Concepts, Standards, and Frameworks
  2. Risk Register
  3. Risk Analysis Methodologies
  4. Business Impact Analysis
  5. Inherent and Residual Risk

Domain 3 - Risk Response and Reporting

This domain deals with developing and managing risk treatment plans among key stakeholders, evaluating existing controls and improving effectiveness for IT risk mitigation, and assessing relevant risk and control information to applicable stakeholders.


  1. Risk Treatment / Risk Response Options
  2. Risk and Control Ownership
  3. Third-Party Risk Management
  4. Issue, Finding, and Exception Management
  5. Management of Emerging Risk


  1. Control Types, Standards, and Frameworks
  2. Control Design, Selection, and Analysis
  3. Control Implementation
  4. Control Testing and Effectiveness Evaluation

Domain 4 - Information Technology and Security

In this domain, we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, the development of a risk-aware culture, and the implementation of security awareness training.


  1. Enterprise Architecture
  2. IT Operations Management (e.g., change management, IT assets, problems, incidents)
  3. Project Management
  4. Disaster Recovery Management (DRM)
  5. Data Lifecycle Management
  6. System Development Life Cycle (SDLC)
  7. Emerging Technologies


  1. Information Security Concepts, Frameworks, and Standards
  2. Information Security Awareness Training
  3. Business Continuity Management
  4. Data Privacy and Data Protection Principles

Ted Dziekanowski (ISACA Authorized Trainer)

Upcoming Public Training

Upcoming Classes

Do not sell my info