ISACA CRISC Training Boot Camp

Transform your career in 3 days

A Certified in Risk and Information Systems Control (CRISC) certification is one of the most in-demand qualifications for risk professionals. Our CRISC training program prepares you to identify and evaluate entity-specific risk. Hone your skills and impress your organization by achieving business objectives through designing, implementing, monitoring and maintaining risk-based information systems controls. With our expert instructors and hands-on approach, you become an effective leader who understands and articulates business risk environments.


4.6 (738 ratings)

Affirm Financing available
Exam Pass Guarantee

Course essentials

Boot camp at a glance

  • Method

    Live online, in-person, onsite

  • Duration

    3 days

  • Experience

    3+ years of experience

  • Average salary


  • Meets 8570.1

    DoD information assurance requirements

What you'll learn

Training overview

This immersive CRISC Boot Camp prepares you to pass the ISACA CRISC exam, which covers four domain areas that reflect the work performed by IT risk professionals:

  • Governance: Focuses on the organizational groundwork needed to set up successful IS controls. It covers company strategy, goals and objectives; structure, roles and responsibilities; culture, policies and standards and more.
  • IT risk assessment: Focuses on the contributing conditions of risk events, threat modeling, root cause analysis and more.
  • Risk response and reporting: Focuses on risk treatment plans and risk management, giving you a solid foundation for monitoring, control and reporting techniques and knowing key performance, risk and control indicators.
  • Information technology and security: Focuses on IT operations, disaster recovery, project management, data lifecycle management, business continuity management and more.

Who should attend

Who Should Attend Image

This CRISC Boot Camp is designed for IT professionals building plans for identifying, assessing and evaluating organizational risk. Roles that can benefit from this training:

  • IT and risk professionals
  • Business analysts
  • Project managers
  • Compliance professionals
  • Anyone tasked with identifying, evaluating and mitigating organizational risk

CRISC certification showcases your expertise and commitment to effective IT risk and compliance management, demonstrates competency in the field and makes you invaluable to your organization.

Learn more about the pre-requirements for earning the ISACA CRISC.

ISACA Accredited Training Organization (ATO)

Infosec is one of a select number of ISACA accredited Elite+ Partners in the world. When you enroll in an Infosec CISM Boot Camp, you can rest assured you are receiving the most effective and up-to-date certification prep available, including official ISACA training materials and instruction that has been independently assessed to meet ISACA’s quality standards.

Award-winning training you can trust

Ready to discuss your training goals? We've got you covered.

Complete the form and book a meeting with a member of our team to explore your learning opportunities.

This is where the error message would go.

Step 1


Thanks! We look forward to meeting with you!

What's included

Everything you need to know

 Certification Logo
  • 90-day extended access to Boot Camp components, including class recordings
  • 12-Month subscription to the ISACA Official Question, Answer & Explanation (QAE) database
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts

What makes the Infosec CRISC prep course different?

You can rest assured that the CRISC training materials are fully updated and synced with the latest version of the exam. In addition, you’ll gain access to a CRISC prep course the moment you enroll, so you can prepare for and get the most out of your boot camp.


With 20 years of training experience, we stand by our CRISC training with an Exam Pass Guarantee. This means if you don’t pass the exam on the first attempt, we’ll pay for your second exam at no additional cost to you!

Before your boot camp


There are no prerequisites to take the CRISC certification exam. However, aspiring candidates must have:

  • Three cumulative years of work experience in IT risk management and information systems control to apply for certification

There are no substitutions or experience waivers for this particular ISACA credential. Learn more about the CRISC prerequisites and conditions set by ISACA.


Training schedule

Preparation (before the boot camp starts)
Infosec Skills 90 day subscription logo

CRISC prep course

Day 1
Morning session

Introduction to CRISC exam and preparation methodology

Afternoon session


Organizational Governance A

  • Organizational strategy, goals and objectives
  • Organizational structure, roles and responsibilities
  • Organizational culture
  • Policies and standards
  • Business processes
  • Organizational assets

Risk Governance B

  • Enterprise risk management and risk management framework
  • Three lines of defense
  • Risk profile
  • Risk appetite and risk tolerance
  • Legal, regulatory and contractual requirements
  • Professional ethics of risk management
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 2
Morning session

IT Risk Assessment

IT Risk Identification A

  • Risk events (e.g., contributing conditions, loss result)
  • Threat modeling and threat landscape
  • Vulnerability and control deficiency analysis (e.g., root cause analysis)
  • Risk scenario development

IT Risk Analysis and Evaluation B

  • Risk assessment concepts, standards and frameworks
  • Risk register
  • Risk analysis methodologies
  • Business impact analysis
  • Inherent and residual risk
Afternoon session

Risk Response and Reporting

Risk Response A

  • Risk treatment and risk response options
  • Risk and control ownership
  • Third-party risk management
  • Issue, finding and exception management
  • Management of emerging risk

Control Design and Implementation B

  • Control types, standards and frameworks
  • Control design, selection and analysis
  • Control implementation
  • Control testing and effectiveness evaluation

Risk Monitoring and Reporting C

  • Risk treatment plans
  • Data collection, aggregation, analysis and validation
  • Risk and control monitoring techniques
  • Risk and control reporting techniques (heatmap, scorecards and dashboards)
  • Key performance indicators
  • Key risk indicators (KRIs)
  • Key control indicators (KCIs)
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 3
Morning session

Risk Response and Reporting continued

Afternoon session

Information Technology and Security

Information Technology Principles A

  • Enterprise architecture
  • IT operations management (e.g., change management, IT assets, problems and incidents)
  • Project management
  • Disaster recovery management (DRM)
  • Data lifecycle management
  • System development life cycle (SDLC)
  • Emerging technologies

Information Security Principles B

  • Information security concepts, frameworks and standards
  • Information security awareness training
  • Business continuity management
  • Data privacy and data protection principles
Evening session

Optional group & individual study

Schedule may vary from class to class

What's next?

After you finish the ISACA CRISC Training Boot Camp

What's Next Image

Completing the CRISC Boot Camp is a valuable step on the IT risk management and security professional path. Infosec offers free 90-day access to Infosec Skills, our comprehensive library of cybersecurity courses, including additional training on risk identity and assessment and other relevant domains.

You can continue learning, earn Continuing Professional Education (CPE) credits, and stay up to date on the latest trends and developments in risk and information systems control.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Exam Prep

What are some tips for preparing for the CRISC exam?

Our #1 tip is to enroll in an exam training course, like the one offered here. Other resources to help you study include ISACA’s certified Review Manual and Test Exam, and reading up on the CRISC exam.

Exam Process

How does the CRISC examination process work?

The CRISC exam is a 150-question multiple-choice test that must be completed in four hours. It is scored on a scale of 200 to 800, with 450 points being the minimum passing score.

The exam consists of questions from the four CRISC Job Practice Area domains. These are as follows: governance (26%), IT risk assessment (20%), risk response and reporting (32%), and information technology and security (22%).

Career Opportunities

What are the career opportunities like for CRISC certified professionals?

CRISC certification applies to many roles, but CRISC professionals typically hold job titles related to IT risk management and governance. Common job titles that individuals with CRISC certification may have:

  • IT consultant
  • Compliance director
  • IT project manager
  • Security analyst

Responsibilities and job titles associated with CRISC training and certification vary depending on organization size, industry and your specific role within IT and risk management.

What job titles are most common for people with ISACA's CRISC certification?

Some common positions that this certification can help you land include:

  • Chief information officer icon

    Chief information officer

  • IT risk manager icon

    IT risk manager

  • IT analyst icon

    IT analyst

Average Salary

ISACA CRISC certification salary expectations

The CRISC is regularly rated among the top credentials for salary potential. While exact salaries vary widely based on experience, location and industry, CRISC professionals earn an average of $151,000. Visit our CRISC salary information page to learn about more about earning potential.

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.


Frequently asked questions

Why is certification important to an IT risk and control career?
IT risk and control professionals often seek certification to hone their skills and prove their legitimacy among peers. Professional development is a key motivator for CRISC candidates who wish to implement effective and risk-based information system controls for their organizations.
What qualifies as IT risk and control experience?
ISACA states that work experience must be related to at least two of the four domains to qualify for the certification. At least one of these domains must be either domain 1 or domain 2. Read our article to learn more about the CRISC experience requirements.
How is the CRISC certification different from other comparable security certifications?
The CRISC is for IT professionals — specifically individuals that perform risk management and implement internal controls. The closest certification to the CRISC is probably IIA’s CRMA certification, which is more oriented towards internal auditors, specifically those assessing risk management processes.
How does the CRISC examination process work?
The CRISC exam is a 150 question, multiple choice test that must be completed in a timeframe of four hours. It is scored on a scale of 200 to 800, with 450 points being the minimum passing score. Click here for more exam information.
How long is the CRISC certification valid after you pass the test, and what are the renewal requirements?
Like other ISACA certifications, the CRISC is valid for three years after you pass the exam. However, certain terms must be met. An annual maintenance fee must be paid, and CRISC holders must participate in ISACA’s CPE (Continuing Professional Education) program, reporting 20 CPE hours annually and 120 CPE hours across the three-year period. For more renewal information, read our article on CRISC renewal requirements.

You're in good company


The instructor was able to take material that prior to the class had made no sense, and explained it in real world scenarios that were able to be understood.

Erik Heiss, United States Air Force

I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.

Michelle Jemmott, Pentagon

The course was extremely helpful and provided exactly what we needed to know in order to successfully navigate the exam. Without this I am not confident I would have passed.

Robert Caldwell, Salient Federal Solutions

Enroll in a boot camp

July 1, 2024 - July 3, 2024

Online only | Start time: 8:30 AM (CST)

September 4, 2024 - September 6, 2024

Online only | Start time: 8:30 AM (CST)

December 16, 2024 - December 18, 2024

Online only | Start time: 8:30 AM (CST)

March 25, 2025 - March 27, 2025

Online only | Start time: 8:30 AM (CST)

May 28, 2025 - May 30, 2025

Online only | Start time: 8:30 AM (CST)