CRISC Study Materials 

 

Passing the CRISC exam can be achieved through an organized plan of study. ISACA recommends numerous materials to assist you in studying for the CRISC certification exam.

Study Materials


Write a Study Material Item


English

CRISC Review Manual 2015

CRISC Review Questions, Answers & Explanations Manual 2015

CRISC Review Questions, Answers & Explanations Manual 2015 Supplement

CRISC Practice Question Database – 12 Month Subscription


Spanish

Spanish: El Manual de preparación al examen CRISC 2015

Spanish: Manual de Preguntas, Respuestas & Explicaciones de Preparación al Examen CRISC 2015

Spanish: Manual de Preguntas, Respuestas & Explicaciones de Preparación al Examen CRISC Suplemento 2015

 

How do I best prepare for the exam:

Exam candidates should have a solid understanding of CRISC terminology and concepts. The CRISC exam will primarily align with the terminology and concepts described in The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 5. This will include applications in the evaluation and monitoring of IT-based risk, as well as the design and implementation of IS controls. It is also critical that the CRISC candidate is familiar with the CRISC Job Practice, and is able to apply the concepts associated with each of the 5 domains.

It is important for a CRISC candidate to be able to distinguish functional terms and apply concepts associated with “risk,” “threats” and “vulnerabilities. These terms should not be used interchangeably.

  • “Risk” refers to the likelihood (or frequency) and magnitude of loss that exists from a combination of asset(s), threat(s) and control conditions. As a derived value, it cannot take a plural form (i.e., “risks”). Consequently, when referring to conditions that represent some amount of risk, terms such as “risk factors,” “risk scenarios” or “risk concerns” will be used.
  • “Threat” refers to anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in loss or harm.
  • Vulnerability” refers to control conditions that are deemed to be deficient relative to requirements or the threat levels being faced. It is a weakness in design, implementation, operation or internal controls.

As much of the test focuses on practical application of terminology and concepts, reading The Risk IT Framework, The Risk IT Practitioner Guide and COBIT 5 will not lend enough knowledge to pass the CRISC exam. Exam candidates will need to draw from their experience implementing the concepts illustrated.

 

Statement

ISACA has produced these study materials as an educational resource to assist individuals preparing to take the CRISC certification exam. They were produced independently from the CRISC Certification Board, which has no responsibility for their content.