2-day CRISC Boot Camp (Foundation Training)
Accelerated prep training for the official ISACA CRISC Exam

Live, Virtual Instructor-Led, Online Training

2023 Dates: info@megamind.org

2023 Dates:
*OCTOBER 28-29, 2023*

Early bird: $350 until OCTOBER 13, 2023
Standard Tuition: $495 after early bird OCTOBER 13, 2023

More info/Secure Registration:


Taught by International Security Expert Practitioner, Krag Brotby CISM, CGEIT

Why Attend this 2-day CRISC Boot Camp?

This intensive boot camp provides an outstanding preparation for the official CRISC® exam, and is structured to follow the official CRISC Review Manual and examination flow. This boot camp covers each of the core competencies and associated task and knowledge statements, ensuring a detailed and thorough coverage of all of the areas that will be tested. This training is presented in an interactive manner to ensure the examination questions can be analyzed properly to achieve the best answer.

CRISC® (Certified in Risk and Information Systems Control)

The CRISC® certification prepares the IT professional for the challenges of IT and enterprise risk management. Earning a CRISC® helps enterprises to understand business risk, and to have the technical knowledge to implement appropriate IS controls.

The CRISC® focuses on:

  • Risk identification, assessment, and evaluation.
  • Risk response.
  • Risk monitoring.
  • IS control design and implementation.

CRISC®  Examination and Certification Requirements:

The CRISC® exam consists of 150 multi-choice questions taken over a 4-hour period.

ISACA uses and reports scores on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established by ISACA’s CRISC® Certification Committee.

A CRISC® candidate receiving a passing score may then apply for certification provided the following requirements are met:

  • CRISC® Certification Job Practice – Effective 2015
  • Prove at least three (3) years of cumulative work experience performing tasks of a CRISC® professional across at least two (2) of the four (4) new domains. Of these 2 required domains, one must be in either Domain 1 or 2.
  • Successful completion of the CRISC® examination.
  • Risk management and information systems control experience.
  • Adhere to the ISACA Code of Professional Ethics.
  • Agree to comply with the CRISC® Continuing Education Policy.

CRISC® Salary Ranking:

  • Certified in Risk and Information Systems (CRISC®) ensures an IT Professional is prepared for the unique challenges of IT and enterprise risk management. CRISC® ranked as the 4th highest-paying IT certification based on the 15 Top-Paying Certifications for 2021 IT Skills and Salary Survey conducted by Global Knowledge, with an average salary of US $151,995.
  • CRISC® ranked one of the top 6 most sought-after Governance, Risk and Compliance (GRC) certifications by CIO Magazine.

For a more detailed description regarding CRISC® qualifications and the ISACA CRISC® exam,
visit the ISACA.org website.


This class is taught by renowned security expert, practitioner, and author:
Krag Brotby CISM, CGEIT

Megamind’s comprehensive hands-on training for the official CRISC® Exam by ISACA is taught by Krag Brotby CISM, CGEIT — renowned security expert practitioner, trainer, and author of the CISM® Review Manual.  Mr. Brotby’s extensive CISM® knowledge brings a unique teaching perspective when preparing candidates for the complementary, CRISC® exam certification. Specifically focusing on IT professionals whose roles encompass security, operational and compliance considerations.

Krag is the ’go-to’ computer security expert for mastering CRISC and CISM exams. He has successfully trained thousands of exam candidates over the past 17 years.

  • Author of the official ISACA CISM Review Manual since 2005.
  • Author of the CISM Glossary Document and the CRISC Glossary Document.
  • Served on the ISACA Security Practice Development Committee responsible for exam question development.
  • Edited the entire 1200 CISM sample question database, creating approximately 800 questions for the ISACA 2016 CISM QAE Book.
  • Taught CISM courses globally during the past decade including the US Pentagon, US Marine Corp, Navy, and the Army.
  • Frequent security expert practitioner/instructor at conferences globally and lectures on information security governance, metrics, information security management, GRC, and CISM exam preparation throughout Oceana, Asia, Europe, the Middle East and North America.

Read Full Bio


(6 hours per day)

IT Risk Identification

  • Risk Management Good Practice
  • Methods to Identify Risk
  • Risk Culture and Communications
  • The Business IT Risk Strategy
  • Information Security Risk Concepts and Principles
  • Threats and Vulnerabilities Related to Assets
  • Risk Related to Organizational Assets and Business Processes
  • IT Risk Scenarios
  • Ownership and Accountability
  • Risk Capacity, Appetite and Tolerance
  • Risk Awareness

IT Risk Assessment

  • Risk Identification vs. Risk Assessment
  • Analyzing Risk Scenarios
  • Current State of Controls
  • Risk and Control Analysis
  • Risk Analysis Methodologies
  • Documenting Incident Response
  • Business-related Risk
  • Risk Associated with Enterprise Architecture
  • Data Management
  • New Threats and Vulnerabilities
  • Emerging Technologies
  • Industry Trends
  • Third Party Management
  • Project and Program Management
  • Business Continuity and Disaster Recovery Management
  • Exception Management Practices
  • IT Risk Assessment Report
  • Risk Ownership and Accountability
  • Communication IT Risk Assessment Results

IT Risk Response and Mitigation

  • Aligning Risk Response with Business Objectives
  • Risk Response Options
  • Analysis Techniques
  • Vulnerabilities Associated with New Controls
  • Developing a Risk Action Plan
  • Business Process Review Tools and Techniques
  • Control Design and Implementation
  • Control Monitoring and Effectiveness
  • Characteristics of Inherent and Residual Risk
  • Control Activities, Objectives, Practices and Metrics
  • System Control Design and Implementation
  • Impact of Emerging Technologies on Design and Implementation of Controls
  • Control Ownership
  • Risk Management Procedures and Documentation
  • Risk Responses and the Risk Action Plan

IT Risk Control Monitoring and Reporting

  • Key Risk Indicators
  • Key Performance Indicators
  • Data Collection and Extraction Tools and Techniques
  • Changes to the IT Risk Profile



All attendees will receive an electronic copy of the instructor’s actual presentation. Plus, the additional materials as noted below.


All attendees must purchase and study the official ISACA CRISC REVIEW MANUAL (latest edition) PRIOR to ATTENDING the workshop.

  • Krag Brotby’s CRISC Glossary Document (very important to know the terms & definitions)

The CRISC Review Manual can be purchased directly thru the ISACA bookstore (www.isaca.org).


*All attendees receive a copy of the CRISC Glossary Document, authored by renowned international computer security expert, Krag Brotby CISM, CGEIT.


After the class is held, Megamind provides attendees with:
* All attendees receive a copy of the instructor’s actual slides to be used for the class.
* Access to the online CRISC training class recording after the class is held.
* Krag’s 100 Sample CRISC Practice Questions & Answers.
* Krag’s Guidance on Your Final Prep Steps for the CRISC exam.
* Megamind Certificate of Completion for the CRISC Boot Camp Training (12 hours).


CRISC Boot Camp is recommended for IT and business professionals who identify and manage risks, including (but not limited to):

  • IT professionals
  • Risk professionals
  • Business analysts
  • Project managers
  • Compliance professionals
  • Control professionals


“I passed the CRISC exam! Big thanks to Krag Brotby and Deb M. for the support provided. I would highly recommend Megamind’s training for the CRISC, taught by Krag Brotby. I liked the content of the course. The material really helped me focus on what is important and there is no doubt that Krag is a subject matter expert. I was really getting too comfortable with the DB Q&A’s since I was doing over 90% on every test. On the first day of the training I realized that I still needed some more preparation. The two last weeks are crucial for a successful outcome, trust me.”
–Dennis L., President & CIO
“A HUGE thank you to Krag Brotby and Deb M. for their excellent training! The Megamind  Training for the CRISC was invaluable to my preparation. Krag is very knowledgeable and shares a wealth of information in this class. I would highly recommend Megamind for certification training. You can’t beat the value!
Thanks again.”
–Chris M., Senior Security Analyst
“As the Chief Operating Officer for a small business, I struggled with balancing the time it took to pursue the latest and most relevant certifications in my field, while running company operations and supporting a family. Megamind proved more than a solution to my problems. The Program of Instruction and the patient step-by-step teaching allowed me to prep for and pass both the CISM and CRISC exam on my time and my pace. The Return on Investment, the quality of administrative support and the study guide material far exceeded other more expensive programs. Megamind is clearly the preferred choice for exam prep for anyone (regardless of their technical background) pursuing certification in the major Information Assurance domains: CISM, CRISC, CGET, etc. Megamind’s support continues to be the crown jewel in the Megamind outreach efforts. In short, Megamind can be summed up in six words: “take the prep – pass the exam”
–Darryl D., Chief Operating Officer


150 Questions: 4 hours
Megamind does not provide the CRISC EXAM with this training, and it is NOT included in the Megamind course fees.

CRISC Candidates must register directly with ISACA (www.isaca.org) for the CRISC Exam.


  • ISACA now offers continuous testing. Beginning on the date that you register/pay, you will have 365 days to schedule and to take the exam. Proctored, online exam testing is now available as well.

To register for the CRISC exam, visit: ISACA.org


Early registration is recommended as this course fills up quickly.
To ensure admission, fees must be paid in advance.




Attend this live, instructor-led online training from your own personal working environment — from your home or your office via the internet.


This training is 2 full days (7:00am-2:00pm Pacific Time), except where noted.

There are four sessions per day.
Generally there are two morning sessions & two afternoon sessions each day.
Each session is about 90 minutes long with a 15 minute break per session, and a 30 minute lunch break daily.


Pacific Time Zone:              7:00AM – 2:00PM
Mountain Time Zone:       8:00AM – 3:00PM
Central Time Zone:            9:00AM – 4:00PM
Eastern Time Zone:         10:00AM – 5:00PM
International Time Zones Vary According to Country

Refer to the World Time Zone Converter for your time zone:


Cancellations will be accepted up to 10 working days before the scheduled course. After that time, no refunds will be given but substitutions may be sent at any time or tuition may be applied to a future training class.

Megamind reserves the right to cancel or postpone
any scheduled training class.


This class is available for group training:
private onsite -or- live, online training

For scheduling and pricing, email: info@megamind.org.

Megamind reserves the right to reschedule or cancel any planned training class.
CRISC® is a Registered Trade Mark of  ISACA.
CRISC® is an ISACA certification.



2. PAY your TUITION using PayPal “Buy Now” below.

Class Dates:

You will receive a confirmation email after completing the registration form and payment.

Want to pay using a purchase order?
Then fill out our online Registration form and we will contact you.

Want to request onsite training or learn more about IT training?
Then drop us a note using our Contact form.