☁️ CRISC: Certified in Risk and Information Systems Control - Exam-Prep
Free exam-prep for CRISC: Certified in Risk and Information Systems Control (ISACA CRISC) with a signed certificate. Learn the modules, pass the 10-question exam, EN/FR/AR, no account.
Last updated: June 2026
For IT risk, control, and security professionals preparing for ISACA's CRISC exam — master IT risk identification, assessment, response, and control monitoring to pass with confidence. The course is organized into 14 modules, ending with a final exam (pass mark 70%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- Organizational Governance: Aligning Risk with Strategy, Structure & Culture
- Risk Governance: ERM, Three Lines of Defense, Appetite & Frameworks
- IT Risk Identification: Threat Modeling, Vulnerability and Control Deficiency Analysis
- Risk Scenario Development & the IT Risk Register
- Risk Analysis: Likelihood, Impact & Methods
- Domain 2: Business Impact Analysis (BIA) & Risk Ranking
- Risk Response Options & Treatment Plans
- Domain 3: Risk Response & Reporting — Control Design, Implementation & Ownership
- Control Testing & Effectiveness Evaluation
- Risk & Control Monitoring: KRIs, KCIs, Heatmaps & Dashboards
- Risk Reporting & Communication to Stakeholders
- Domain 4: Technology Principles, SDLC & Data Lifecycle Management
- Information Security Concepts, Frameworks, Standards & Privacy Principles
- Exam Strategy & Practice: Mastering the CRISC Format, Timing and Mock Questions
Learning objectives
- Explain organizational and risk governance, including strategy, culture, policies, the three lines of defense, and risk appetite/tolerance.
- Apply enterprise risk management (ERM) frameworks, standards, and the IT risk register to real-world scenarios.
- Identify IT risk through threat modeling, vulnerability management, and risk scenario development.
- Analyze risk likelihood and impact using qualitative and quantitative methods, business impact analysis (BIA), and risk-ranking.
- Select and manage risk response options and design, implement, and test information systems controls.
- Build and report key risk indicators (KRIs), key control indicators (KCIs), heatmaps, scorecards, and dashboards to stakeholders.
- Evaluate technology principles, SDLC, and data lifecycle alongside security frameworks, standards, and privacy principles.
- Practice exam-style questions across all four domains and apply a proven test-taking strategy for the 150-question CRISC exam.