Professional Documents
Culture Documents
How to Become
Certified in Risk and Information
Systems Control
1-800-COURSES www.globalknowledge.com
How to Become Certified in Risk and Information Systems Control
This Certification Prep Guide provides an overview of ISACA’s Certified in Risk and
Information Systems Control (CRISC) certification and offers helpful tips that you can
use when preparing for your CRISC certification exam.
Table of Contents
• Why get certified in risk and information systems control?
• What is the CRISC certification?
• Who should take the CRISC exam?
• How will becoming certified in risk and information systems control impact
your job and career?
• CRISC exam guide
• How to prepare for the CRISC certification
• CRISC exam: Tips & tricks
• How to maintain your CRISC certification
• Next steps after you obtain your CRISC certification
Understanding and applying the risk matrix, proper formulas, and liability spectrum
are essential to mitigating and recovering from disruptions, as well as determining
appropriate and responsible financial measures.
Organizations cannot afford to take risk lightly—there is far too much at stake.
ISACA’s Certified in Risk and Information Systems Control (CRISC) certification
1
IDC MaturityScape: Enterprise Risk Management 1.0
Standard IT professionals often lack the skills to conduct a valid risk analysis. Having a
CRISC-certified individual on staff is vital to ensure risk is properly scrutinized and
business objectives are met.
To achieve this certification, an individual must take and pass the CRISC certification
exam, consisting of 150 questions and four job practice domains:
1. IT Risk Identification
2. IT Risk Assessment
3. Risk Response and Mitigation
4. Risk Control, Monitoring and Reporting
The exam assesses knowledge, as well as abilities that a risk and information systems
control specialist would be expected to demonstrate on the job.
CRISC is one of the most popular cybersecurity certifications—it’s fifth among the
most held and sixth among the most pursued according to 2019 data.
At least three years of relevant work experience in two of the four CRISC domains are
also required for certification, though the work can be completed after taking the
exam.
How will becoming certified in risk and information systems control impact your job and
career?
Aside from establishing themselves as a risk and information systems control expert,
CRISC-certified professionals are paid extraordinarily well. CRISC is associated with
the eighth highest IT salary in North America, with an annual average of $128,556. It’s
the second highest-paying cybersecurity certification in the 2019 IT Skills and Salary
Report and one of the top cybersecurity credentials to enhance your career.
In general, certified personnel are more productive and close skills gaps better than
non-certified peers. This is vitally important for cybersecurity, as skill shortages
continue to grow. According to ISACA’s State of Cybersecurity: 2019 report, 69% of
cyber professionals say their teams are understaffed and only 34% have a high degree
of confidence in their team’s ability to detect and respond to cyber threats.
The questions on the CRISC exam cover the following job practice domains:
On the day of the exam, mobile phones, smart watches, computers, reference
materials and bags are prohibited in the testing center. Plan to store personal items in
a locker or designated area.
If you miss your test appointment, you may reschedule without forfeiting your
registration fee. Make sure you contact PSI no later than 72 hours following the test
time and provide documentation to confirm your reason for absence.
View the ISACA Certification Exam Candidate Guide for more information about
registration, scheduling and exam-day rules.
Instructor-led training
Live, classroom training is the most immersive learning environment and the best way
to prepare for the CRISC certification exam. In a Global Knowledge training course,
students interact directly with a subject matter expert and collaborate with peers who
may share similar work challenges.
Recommended courses:
• CRISC Prep Course
o An in-depth examination all four domains of the CRISC certification
exam is covered in this instructor-led course. There’s also a module
specifically for exam review that examines key risk indicators and covers
test preparation.
• The following course is recommended prior to enrolling in the CRISC prep
course:
o Cybersecurity Specialization: Governance, Risk, and Compliance
▪ Gain the skills to design a system of governance to enforce
compliance with laws, regulations, and company policies.
Study guides
ISACA offers a number of study guides to prepare for the CRISC exam.
• CRISC Review Manual, 6th Edition eBook. This comprehensive manual is a
terrific prep resource and can be useful as a reference manual for risk
management professionals throughout their career.
• CRISC Review Questions, Answers & Explanations Manual, 5th Edition. This
study guide includes 550 practice questions for the CRISC exam.
• Exam prep community. ISACA hosts forums for all of its certification exams
Practice exam
ISACA offers a free CRISC practice quiz to test risk and information systems control
knowledge. This quiz is a reliable evaluator of CRISC skills as the questions are the
same level of difficulty as can be expected on the certification exam.
Additionally, there are published works of practice exams available via commercial
outlets (such as Amazon.com) with a multitude of helpful practice questions and
tests. For a properly qualified candidate, there is no substitute for the time and energy
spent going through practice exams and gauging the progress before undergoing the
official exam.
Properly preparing for the exam includes detailed note-taking and attention to
nuance in the anecdotes and guidance offered by the classroom instructor, as well as
vigilance to the keywords and meanings offered up in each domain of preparation.
Continuous practice questions can help prepare your mind for the question format
and expectations. Learning the interoperabilities and correct practice between the
business units and the security teams are key to having an overall comprehension for
many of the questions needed to pass.
When taking the exam, make sure you answer all of the questions. You will not be
penalized for an incorrect answer so it’s not in your best interest to leave any
questions unanswered. Also, you have four hours to complete the exam, so make sure
to pace yourself and don’t rush through the questions. Read each question carefully
and make sure you select the most correct answer.
ISACA scores are based on a scale of 200 to 800, with 800 representing a perfect
score. Candidates must record a score of 450 or higher to pass.
To renew the CRISC certification, an annual maintenance fee must be paid ($45 for
ISACA members, $85 for non-members) and reporting of CPE hours must be
submitted.
Professionals who have their CRISC certification may generally pursue cybersecurity
specialties like ISACA’s Certified Information Security Manager (CISM) certification, as
well as the Certified Information Systems Security Professional (CISSP) certification
from (ISC)2. Each credential supports a new level of confidence in the industry
regarding your proven skill and competence level as a cybersecurity professional.
Once you pass the certification, to get maximum exposure, you’ll want to immediately
load your certificate into your LinkedIn Profile (don’t forget to include your actual
certificate number—LinkedIn refers to this as a “License Number”).
Brad Puckett
Brad Puckett, ITIL® and PMC II, is the Global Product Director for Cybersecurity and
Emerging Technologies at Global Knowledge, the worldwide leader in IT and
professional training. Brad has over 20 years of experience in information technology
and cybersecurity in applied practice, education, thought leadership, evangelism, and
business direction. He lives near Raleigh, N.C.