Gain instant recognition and credibility in risk management with the Certified in Risk and Information Systems Control credential.

  • Why you should get CRISC certified: Prepares IT professionals like you for real-world threats with relevant tools to assess, govern and mitigate risk.
  • Why CRISC matters: The global risk management market size was valued at $7.39 billion in 2019 and is projected to reach $28.87 billion by 2027, growing at a CAGR of 18.7% from 2020 to 2027.
  • Who should get CRISC certified: Mid- to high-level professionals with three or more years of experience in the management of IT risk, as well as the design, implementation, monitoring and maintenance of IS controls.

The ISACA CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

HRDC Claimable and Malaysian Bumiputeras are eligible for Yayasan Peneraju Financing Scheme. T&C applies.

Overview

The only globally accepted IT risk management certification for professionals with three or more years of experience.

This credential demonstrates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls. CRISC can enhance your IT team’s credibility with stakeholders and clients.

The artificial intelligence revolution is rewriting the rules of cybersecurity, and the financial stakes are massive. AI-powered cybersecurity will skyrocket from $15 billion in 2021 to a staggering $135 billion by the end of the decade – Artificial Intelligence in Cybersecurity Market Analysis

In this course, you’ll cover all four domains of the Certified in Risk and Information Systems Control (CRISC) exam and gain the knowledge and concepts required to obtain CRISC certification. Since its inception in 2010, the CRISC certification is for IT and business professionals who identify and manage risks through the development, implementation, and maintenance of appropriate information systems (IS) controls.

Here are five insightful blog posts about ISACA and its cybersecurity certifications. Each one focuses on a different aspect of how ISACA’s training can enhance your cybersecurity career, take a read: 

Explore more about cybersecurity certifications with our cybersecurity training and certifications guide.

Skills Covered

Students will master the four CRISC domains:

  • Governance
  • IT Risk Assessment
  • Risk Response and Reporting
  • Information Technology and Security

Prerequisites

IT risk management professionals with at least 3 years of relevant professional work experience in IT risk and information systems control.

Target Audience

The CRISC certification is designed for:

  • IT Managers
  • IT Risk Analysts
  • IT Consultants
  • IT Risk/Security Advisory Managers
  • IT Compliance Managers
  • IT Risk Assessment Specialists

Course Curriculum

Module 1: Governance

  • Risk Assessment Concepts, Standards and Frameworks
  • Organizational Strategy, Goals and Objectives
  • Organizational Structure, Roles and Responsibilities
  • Organizational Culture and Assets
  • Policies, Standards and Business Processes
  • Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
  • Risk Profile, Risk Appetite and Risk Tolerance
  • Navigating Professional Ethics of Risk Management and Requirements in Laws, Regulations and Controls

Module 2: IT Risk Assessment

  • Risk Events, Threat Modeling and Threat Landscape
  • Vulnerability and Control Deficiency Analysis
  • Risk Scenario Development
  • Risk Register
  • Risk Analysis Methodologies
  • Business Impact Analysis
  • Inherent, Residual and Current Risk

Module 3: Risk Response and Reporting

  • Risk Treatment/Risk Response Options
  • Risk and Control Ownership
  • Managing Risk from Processes, Third Parties and Emerging Sources
  • Control Types, Standards and Frameworks
  • Control Design, Selection and Analysis
  • Control Implementation, Testing and Effectiveness
  • Risk Treatment Plans
  • Data Collection, Aggregation, Analysis and Validation
  • Risk and Control Monitoring and Reporting Techniques
  • Performance, Risk and Control Metrics

Module 4: Information Technology and Security

  • Enterprise Architecture
  • IT Operations Management
  • Project Management
  • Disaster Recovery Management
  • Data Life Cycle Management
  • System Development Life Cycle
  • Emerging Technologies
  • Information Security Concepts, Frameworks, Standards and Awareness Training
  • Business Continuity Management
  • Data Privacy and Protection Principles

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections

July 20, 2026 - July 23, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 9000 RM 8550
PROMO

July 20, 2026 - July 23, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 9000 RM 8550
PROMO

September 1, 2026 - September 4, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 9000 RM 8550
PROMO

September 1, 2026 - September 4, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 9000 RM 8550
PROMO

November 10, 2026 - November 13, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
Included
RM 9000

November 10, 2026 - November 13, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
Included
RM 9000
Trainocate exam and cert

Exam & Certification

CRISC: Certified in Risk and Information Systems Control

Get CRISC certified and join an elite group of IT professionals recognized and sought after for their expertise. This is a designation that will get you instant credibility with peers, stakeholders and regulators.

Training & Certification Guide

ISACA’s Certified in Risk and Information Systems Control (CRISC) reflects the latest work practices and knowledge used by CRISC practitioners, changes in the business landscape and the heightened focus on corporate governance and enhanced business resilience. Employers can rest assured that armed with CRISC, their IT team is following governance best practices and taking a proactive, agile approach to ITRM that mitigates risks and threats and optimizes resources and ROI.

The final step to becoming CRISC certified is to submit your CRISC Certification Application. Prior to doing so, you must meet the following requirements:

  • Pass the CRISC Exam within the last 5 years.
  • Have the relevant full-time work experience in the CRISC exam content outline.
  • Submit the CRISC Certification Application including the application processing fee.

Certified Information Security Manager (CISM)
  • The CISM certification, also from ISACA, targets advanced IT security managers.
  • Focusing on high-level IT security management, it enhances the perception of IT security teams and demands a deep understanding of business.
  • With four key areas of focus, CISM holders communicate vulnerabilities effectively and balance priorities.

Certified Information Systems Auditor (CISA)

  • The CISA certification from ISACA is for IT professionals auditing, monitoring, and assessing information technology and business systems.
  • With five key domains and at least five years of relevant experience, CISAs ensure compliance and minimize risks.
  • Recognized globally, CISA holders advance to senior roles like IT auditor or chief information security officer.

Certified in the Governance of Enterprise IT (CGEIT)

  • The CGEIT certification, also from ISACA, sets IT governance professionals apart. Focusing on assessing, designing, and managing IT governance systems aligned with organizational goals, CGEIT maximizes business value through effective governance.
  • With five key areas of focus, CGEIT holders lead strategic decision-making within the IT governance landscape.

Certified Data Privacy Solutions Engineer (CDPSE)

  • The CDPSE: Certified Data Privacy Solutions Engineer certification provides a valid and reliable means for enterprises to identify technologists who are competent in incorporating privacy by design into technology platforms, products and processes, communicating with legal professionals, and keeping the organization compliant efficiently and cost effectively.

Advanced in AI Audit (AAIA)

  • The ISACA Advanced in AI Audit (AAIA) certification empowers audit professionals to recognize, assess and respond to AI risks, opportunities and impacts—while also using AI to enhance audit workflows and deliver deeper insights.

Advanced in AI Security Management (AAISM)

  • ISACA Advanced in AI Security Management (AAISM) validates security management professionals’ ability to demonstrate their expertise in AI. This credential builds upon existing security best practices to enhance expertise and adapt to the evolving AI-driven landscape, ensuring robust protection and a strategic edge.

Frequently Asked Questions

ISACA’s Certified in Risk and Information Systems Control (CRISC) certification is ideal for mid-career IT/IS audit, risk and security professionals. Register now for the updated CRISC exam―prove your skills and knowledge in using governance best practices and continuous risk monitoring and reporting. enhance business resilience and stakeholder value and gain increased credibility with peers, stakeholders and regulators.

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes