Got a question? Call  0800 835 835    |   
Contact usCheckoutContact us
Certified in Risk and Information Systems Control (CRISC®) Online Review Course - Self-paced
Main menu
Got a question? Contact us
or call  +64 0800 835 835
Cyber Security Category

Certified in Risk and Information Systems Control (CRISC®) Online Review Course - Self-paced

  • Length 365 days access
  • Price  NZD 2230 exc GST
Course overview
Book your on demand course

Why study this course

Modern businesses face a diverse collection of obstacles, potential dangers and risk exposure. ISACA’s Certified in Risk and Information Systems Control (CRISC®) certification indicates expertise in identifying and managing enterprise IT risk, and implementing and maintaining information systems controls. This course and certification is designed for mid-career IT and business professionals who identify and manage risk through the development, implementation and maintenance of appropriate information systems (IS) controls. CRISC certification confirms an individual’s skills and knowledge to secure the modern enterprise against escalating threats.

The CRISC Online Review Course is an online preparation course that prepares learners to pass the CRISC certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CRISC domains, and each section corresponds directly to the CRISC job practice.

The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and practice exam. Learners will be able to navigate the course at their own pace, following a recommended structure, or target preferred job practice areas. Learners may also start and stop the course based on their study schedule, picking up exactly where they left off the next time, they access the course.

This course has a seat time of approximately 16 hours and is accessed via the Learning Access tab of your MyISACA dashboard. 

Please note: The exam is not included in the course fee but can be purchased separately. Please contact us for a quote.

Request Course Information

What you’ll learn

A Certified in Risk and Information Systems Control (CRISC) certification demonstrates your IT risk management expertise. By taking a proactive approach, you will learn how to enhance your organisation’s business resilience, deliver stakeholder value and optimise risk management across the enterprise. As a CRISC, you will be ready to address emerging technology, including AI risk assessment and general best practices for risk management and mitigation related to AI data governance and ethics.

ISACA Accredited Elite Partner Logo

ISACA at Lumify Work

ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide.

Lumify Work is an Accredited Elite Partner of ISACA.

View all ISACA at Lumify Work courses

Who is the course for?

This course is designed for mid-career IT and business professionals, including:

  • Security Directors, Managers, and Consultants

  • Compliance/Risk/Privacy Directors and Managers

  • IT Audit Directors, Managers, and Consultants

  • Compliance/Risk/Control Staff

Course subjects

Domain 1: Governance

The governance domain interrogates your knowledge of information about an organisation’s business and IT environments, organisational strategy, goals and objectives, and examines potential or realised impacts of IT risk to the organisation’s business objectives and operations, including Enterprise Risk Management and Risk Management Framework.

Topics:

  • Strategy, Goals and Objectives

  • Organisational Structure, Roles, and Responsibilities

  • Organisational Culture and Ethics

  • Policies and Standards

  • Business Processes and Resilience

  • Organisational Assets

  • Enterprise Risk Management

  • Lines of Defense

  • Risk Profile

  • Risk Appetite and Risk Tolerance

  • Risk Frameworks, Legal, Regulatory, and Contractual Requirements

Domain 2: IT Risk Assessment

This domain will certify your knowledge of threats and vulnerabilities to the organisation’s people, processes and technology as well as the likelihood and impact of threats, vulnerabilities and risk scenarios.

Topics:

  • Risk Events

  • Threat Modelling and Threat Landscape

  • Vulnerability Management

  • Risk Scenario Development

  • Risk Assessment Concepts and Standards

  • Business Impact Analysis

  • Risk Register

  • Risk Analysis Methodologies

  • Inherent and Residual Risk

Domain 3: Risk Response and Reporting

This domain deals with the development and management of risk treatment plans among key stakeholders, the evaluation of existing controls and improving effectiveness for IT risk mitigation, and the assessment of relevant risk and control information to applicable stakeholders.

Topics:

  • Risk Response Options

  • Risk and Control Ownership

  • Vendor/Supply Chain Risk Management

  • Issue, Finding, and Exception Management

  • Control Frameworks, Types, and Standards

  • Control Design, Selection, Implementation and Analysis

  • Control Testing Methodologies

  • Risk Action Plans

  • Data Collection, Aggregation, Analysis, and Validation

  • Risk and Control Metrics

  • Risk and Control Monitoring Techniques

  • Risk and Control Reporting Techniques

  • Monitoring and Reporting of Emerging Risks

Domain 4: Information Technology and Security

In this domain we interrogate the alignment of business practices with Risk Management and Information Security frameworks and standards, as well as the development of a risk-aware culture and implementation of security awareness training.

Topics:

  • Technology Roadmaps and Enterprise Architecture

  • Operations Management

  • System Development Life Cycle

  • Data Lifecycle Management

  • Portfolio and Project Management

  • Technology Resilience and Disaster Response/Recovery

  • Emerging Technologies

  • Security Concepts, Frameworks, and Standards

  • Security/Risk Awareness and Training

  • Data Privacy and Data Protection Principles

Prerequisites

There are no prerequisites for taking this course or the CRISC Exam. However, in order to apply for CRISC certification, the candidate must meet the necessary experience requirements as determined by ISACA.

To obtain the CRISC Certification, a candidate must pass the CRISC Exam and have the relevant full-time work experience in the CRISC exam content outline: three or more years of experience in IT risk management and IS control.

Lumify Work is proud to be Cyber Security Training Business of the Year

Australian Cyber Awards 2025 winner Cyber Security Training Business of the Year

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

Select and book a course

Options

Can't find a date you like?

Contact sales

Looking for more course options?

View all ISACA coursesView all Cyber Security courses