Certified in Risk and Information Systems Control (CRISC)

Validate your expertise in identifying and managing enterprise IT risk and implementing information systems controls with ISACA’s globally recognized CRISC certification.

ISACA’s CRISC certification validates expertise in identifying and managing enterprise IT risk and implementing information systems controls, helping professionals strengthen their ability to assess risk, support business resilience, and improve risk management across the enterprise. Designed for mid- to high-level professionals with three or more years of experience in IT risk management and information systems control, CRISC supports those who want to deepen their capabilities in governance, risk assessment, risk response and reporting, and technology and security, while growing as trusted strategic risk professionals within their organizations.

CRISC: Certified in Risk and Information Systems Control

20-23 July 2026  | 1-4 Sep 2026 | 10-13 Nov 2026

RM9000

Benefits

  • Demonstrate expertise in identifying and managing enterprise IT risk and implementing effective information systems controls.

  • Build confidence to assess threats, evaluate controls, and support risk response and reporting that strengthen business resilience.

  • Enhance your credibility with stakeholders while supporting risk-based decision-making across the organization.

Audience

  • Mid-to senior-level professionals with at least three years of experience in IT risk management and information systems controls.

  • IT managers, risk and compliance professionals, consultants, and security or risk specialists responsible for managing enterprise IT risk.

  • Professionals seeking a globally recognized credential to grow as trusted strategic IT risk leaders.

Learning Domains

Governance

IT Risk Assessment

Risk Response and Reporting

Information Technology and Security

Industry Trends

11 Governance:

Cyber governance is becoming increasingly critical as 11 national critical sectors have been identified as essential to national security, economic stability, public safety, and government operations. At the same time, stronger legal and governance structures are being put in place to improve accountability, coordination, and resilience in managing cyber threats and incidents.

6,209 IT Risk Assessment:

The need for stronger risk assessment continues to grow. In 2024, a total of 6,209 incidents were reported, including 4,219 fraud cases, 427 malicious code incidents, and 408 intrusion attempts which highlighting the scale of threats organizations must identify, assess, and prioritize on an ongoing basis.

7% Risk Response and Reporting:

The importance of effective response and reporting is increasing. In Q1 2025, 1,657 incidents were recorded, reflecting a 7% increase from 1,550 incidents in Q4 2024. During the same period, 73 security advisories and 1 alert were issued, reinforcing the need for timely risk response, continuous monitoring, and clear stakeholder reporting.

Cybersecurity Malaysia (2025)

44.2% Digital Growth and Security Readiness:

As digital adoption accelerates, technology and security capabilities become even more important. 5G subscriptions grew by 44.2% from Q4 2023 to Q1 2024, while internet users are spending an average of eight hours online each day. This reflects the growing demand for stronger security, more resilient infrastructure, and better protection against evolving digital threats.

Open up new possibilities for your career!