Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

ISACA® CRISC™ study guide mind map by Mind Map: ISACA® CRISC™ study guide mind map
5.0 stars - 62 reviews range from 0 to 5

ISACA® CRISC™ study guide mind map

ISACA® is a registered trademark of Information Systems Audit and Control Association. CISA®, Certified Information Systems Auditor®, CISM®, CGEIT®, Certified in the Governance of Enterprise IT/CGEIT® (and design)®, COBIT® are registered trademarks of ISACA®. CRISC™, Certified in Risk and Information Systems Control™, Certified Information Security Manager™, Risk IT™, Val IT™ are trademarks of ISACA®. Trademarks are properties of the holders, who are not affiliated with mind map author.

CRISC Exam Passing Principles

The job profile of the CRISC™ (Certified in Risk and Information Systems Control) published at the beginning of 2010 is the combination of considerable enterprise and IT risk management, in two modules, for implementing and monitoring internal information technology controls has met with significant global interest.



The first CRISC™ examinations took place in June 2011.

Domain 1 - Risk Identification, Assessment and Evaluation

Domain 1 - CRISC® Exam Relevance

Risk Management Process

Risk Governance

Guiding Principles for Effective Risk Management

Risk Evaluation Process

Risk Assessment Process

Risk Identification Process

The Business Impact of IT Risk

Applicable Guidelines for Risk Appetite and Risk Tolerance

Risk Hierarchy - 4 Levels of Risk

IT Risk in the Risk Hierarchy (from ISACA® Risk IT™ perspective)

Three IT Risk Categories (from ISACA® Risk IT™ perspective)

Risk Scenario

Risk Factors

Risk Analysis Process

Risk Analysis methods

Identifying and assessing IT Risk

Adverse Impact of Risk Event

Business Impact Analysis / Assessment (BIA)

Ways of describing IT Risk in business terms (methods, frameworks, standards) (from ISACA® Risk IT™ perspective)

Domain 2 - Risk Response

Domain 2 - CRISC™ Exam Relevance

Risk Response Process

High level Risk Response Process

Risk Response Process phases & tasks.

Risk Response Options

Risk Response Process parameters

Risk Response Prioritization

Risk Response Prioritization Options

Risk Response Prioritization Factors

Risk Mitigation Control Types

Risk Response programs

Domain 3 - Risk Monitoring

Domain 3 - CRISC™ Exam Relevance

Risk Monitoring Process

Risk Indicators

Key Performance Indicators (KPIs)

Key Risk Indicators (KRIs)

Gathering KRI information / data

Maturity Level Assessment

Changing Threat Levels

Changes in Asset Value

Risk Reporting

Domain 4 - Information Systems Control Design and Implementation

Domain 4 - CRISC™ Exam Relevance


Control Categories

Control Types

Control Types and Effects

Control Strength

Control Costs and Benefits

Total Cost of Ownership (TCO) for controls

Software Development Life Cycle (SDLC) Process

HR Practices

Domain 5 - Information Systems Control Monitoring and Maintenance

Domain 5 - CRISC™ Exam Relevance

IS Control Monitoring Process

IS Control Monitoring and Maintenance Process phases

Gathering Monitoring Data

Key Control Indicators (KCIs)

Select & Implement Automated Monitoring Tools

Monitoring Tools

Transaction Data Monitoring

Compliance Monitoring

Process Monitoring

Continuous Monitoring

Cause and Effect Diagram

Overview of the CRISC™ certification

About the CRISC™ exam

Basic risk related definitions (from ISACA® CRISC™ perspective)


Asset (ISACA®)

Business Impact Analysis / Assessment (BIA)

Business risk

Business case (ISACA®)

Compensating control


Data custodian (ISACA®)

Data owner (ISACA®)


Impact (Business impact)



Preventive control (ISACA®)


Project risk

Reputation risk (ISACA®)

Residual risk



Risk appetite

Risk attitude

Risk awareness

Risk communication

Risk culture

Risk impact

Risk indicators (ISACA®)

Risk Management Process

Risk subcultures

Risk tolerance

Risk tolerance vs Risk appetite

Risk factors (ISACA®)


Threat (ISACA®)

Vulnerability (ISACA®)

CRISC™ Official website

Official Recommended exam study materials


Development Guides

ISACA® CRISC™ Review Manual 2015

ISACA® Risk IT™ Framework

ISACA® Risk IT™ Practitioner Guide

ISACA® CRISC™ Review Questions, Answers & Explanations Manual 2015 Supplement

ISACA® CRISC™ Review Questions, Answers & Explanations Manual 2015

ISACA® CRISC™ Practice Question Database

Domains relationships

Interactive Glossary

Interactive CRISC™ Glossary

This freeware mind map (aligned with the newest version of CRISC™ exam) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the CRISC™ qualification and as a learning tool for candidates wanting to gain CRISC™ qualification. (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Please don't hesitate to contact me for :-) Mirosław Dąbrowski, Poland/Warsaw.