CRISC Study Materials 

 

Passing the CRISC exam can be achieved through an organized plan of study. ISACA recommends numerous materials to assist you in studying for the CRISC certification exam.

Study Materials


Write a Study Material Item


Bookstore CRISC Review Manual 2015

The CRISC Review Manual 2015 is a reference guide designed to assist individuals in preparing for the CRISC exam and individuals wishing to understand the roles and responsibilities of the risk management and IS control professionals. The manual has been developed and reviewed by SMEs actively involved in risk management and IS control.

This edition has been developed to reflect the new Job Practice for 2015.

Bookstore  CRISC Review Questions, Answers & Explanations Manual 2015

The CRISC Review Questions, Answers & Explanations Manual 2015 is designed to provide CRISC candidates with an understanding of the type and structure of questions and content that will appear on the CRISC exam. The manual consists of 400 multiple-choice study questions. To help candidates maximize study efforts, questions are sorted by domain, allowing CRISC candidates to focus on particular topics, and are scrambled as a sample 150-question exam, enabling candidates to effectively determine their strengths and weaknesses and to simulate an actual exam. This edition has been updated to reflect the new Job Practice for 2015.


Bookstore  CRISC Review Questions, Answers & Explanations Manual 2015 Supplement

The CRISC Review Questions, Answers & Explanations Manual 2015 Supplement is designed to provide CRISC candidates with an understanding of the type and structure of questions and content that will appear on the CRISC exam. The new manual consists of 100 multiple-choice study questions. To help candidates maximize study efforts, questions are sorted by domain, allowing CRISC candidates to focus on particular topics, and are scrambled as a sample 100-question exam, enabling candidates to effectively determine their strengths and weaknesses and to simulate an actual exam. This edition has been updated to reflect the new Job Practice for 2015.


Bookstore CRISC Review Questions, Answers & Explanations Database – 12 Month Subscription

The CRISC Review Questions, Answers & Explanations Database – 12 Month Subscription is a comprehensive 500-question pool of items that combines the questions from the CRISC Review Questions, Answers & Explanations Manual 2015 with those from the CRISC Review Questions, Answers & Explanations Manual 2015 Supplement.

The database is available via the web, allowing our CRISC Candidates to log in at home, at work or anywhere they have Internet connectivity.

Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally, questions generated during a study session are sorted based on previous scoring history, allowing CRISC candidates to identify their strengths and weaknesses and focus their study efforts accordingly.

Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs.

 

How do I best prepare for the exam:

Exam candidates should have a solid understanding of CRISC terminology and concepts. The CRISC exam will primarily align with the terminology and concepts described in The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 5. This will include applications in the evaluation and monitoring of IT-based risk, as well as the design and implementation of IS controls. It is also critical that the CRISC candidate is familiar with the CRISC Job Practice, and is able to apply the concepts associated with each of the 5 domains.

It is important for a CRISC candidate to be able to distinguish functional terms and apply concepts associated with “risk,” “threats” and “vulnerabilities. These terms should not be used interchangeably.

  • “Risk” refers to the likelihood (or frequency) and magnitude of loss that exists from a combination of asset(s), threat(s) and control conditions. As a derived value, it cannot take a plural form (i.e., “risks”). Consequently, when referring to conditions that represent some amount of risk, terms such as “risk factors,” “risk scenarios” or “risk concerns” will be used.
  • “Threat” refers to anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in loss or harm.
  • Vulnerability” refers to control conditions that are deemed to be deficient relative to requirements or the threat levels being faced. It is a weakness in design, implementation, operation or internal controls.

As much of the test focuses on practical application of terminology and concepts, reading The Risk IT Framework, The Risk IT Practitioner Guide and COBIT 5 will not lend enough knowledge to pass the CRISC exam. Exam candidates will need to draw from their experience implementing the concepts illustrated.

 

Statement

ISACA has produced these study materials as an educational resource to assist individuals preparing to take the CRISC certification exam. They were produced independently from the CRISC Certification Board, which has no responsibility for their content.