Write a Study Material Item
The CRISC Review Manual 2014 is a reference guide designed to assist individuals in preparing for the CRISC exam and individuals wishing to understand the roles and responsibilities of the risk management and IS control professionals. The manual has been developed and reviewed by SMEs actively involved in risk management and IS control.
The manual is divided into two distinct parts. Part I discusses risk management and IS control theory and concepts, and Part II follows up with risk management and IS control in practice. Sample practice questions and explanations of answers assist candidates in understanding the topic areas. Also included are references for further study.
This edition has been developed to help CRISC candidates understand essential concepts and is organized to facilitate study in the following domains:
- Risk Identification, Assessment and Evaluation
- Risk Response
- Risk Monitoring
- Information Systems Control Design and Implementation
- Information Systems Control Monitoring and Maintenance
The CRISC Review Questions, Answers & Explanations Manual 2013 is designed to provide CRISC candidates with an understanding of the type and structure of questions and content that will appear on the CRISC exam. The manual consists of 200 multiple-choice study questions. To help candidates maximize study efforts, questions are sorted by domain, allowing CRISC candidates to focus on particular topics, and are scrambled as a sample 200-question exam, enabling candidates to effectively determine their strengths and weaknesses and to simulate an actual exam.
The CRISC Review Questions, Answers & Explanations Manual 2013 Supplement features 100 new sample questions, answers and explanations to help candidates effectively prepare for the CRISC exam.
The CRISC Review Questions, Answers & Explanations Manual 2014 Supplement is designed to provide CRISC candidates with an understanding of the type and structure of questions and content that will appear on the CRISC exam. The new manual consists of 100 multiple-choice study questions. To help candidates maximize study efforts, questions are sorted by domain, allowing CRISC candidates to focus on particular topics, and are scrambled as a sample 100-question exam, enabling candidates to effectively determine their strengths and weaknesses and to simulate an actual exam.
The CRISC Practice Question Database — 12 Month Subscription is a comprehensive 400-question pool of items that combines the questions from the CRISC Review Questions, Answers & Explanations Manual 2013 with those from the 2013 and 2014 editions of the CRISC Review Questions, Answers & Explanations Manual Supplement.
The database is available via the web, allowing our CRISC Candidates to log in at home, at work or anywhere they have Internet connectivity.
Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally, questions generated during a study session are sorted based on previous scoring history, allowing CRISC candidates to identify their strengths and weaknesses and focus their study efforts accordingly.
Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs.
How do I best prepare for the exam:
Exam candidates should have a solid understanding of CRISC terminology and concepts. The CRISC exam will primarily align with the terminology and concepts described in The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 5. This will include applications in the evaluation and monitoring of Information Systems (IS)-based risk, as well as the design and implementation of IS controls. It is also critical that the CRISC candidate is familiar with the CRISC Job Practice, and is able to apply the concepts associated with each of the 5 domains.
It is important for a CRISC candidate to be able to distinguish functional terms and apply concepts associated with “risk,” “threats,” and “vulnerabilities. These terms should not be used interchangeably.
- “Risk” refers to the likelihood (or frequency) and magnitude of loss that exists from a combination of asset(s), threat(s) and control conditions. As a derived value, it cannot take a plural form (i.e., “risks”). Consequently, when referring to conditions that represent some amount of risk, terms such as “risk factors,” “risk scenarios” or “risk concerns” will be used.
- “Threat” refers to anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in loss or harm.”
- “Vulnerability” refers to control conditions that are deemed to be deficient relative to requirements or the threat levels being faced. It is a weakness in design, implementation, operation, or internal controls.
As much of the test focuses on practical application of terminology and concepts, simply reading The Risk IT Framework, The Risk IT Practitioner Guide, and COBIT 5. will not lend enough knowledge to pass the CRISC exam. Exam candidates will need to draw from their experience implementing the concepts illustrated.
ISACA has produced these study materials as an educational resource to assist individuals preparing to take the CRISC certification exam. They were produced independently from the CRISC Certification Board, which has no responsibility for their content.