2-day CRISC Prep Training (Live, Online) 
An accelerated prep training for the official
® Exam


2023 DATES:
*OCTOBER 28-29, 2023*

$350 Register by October 13, 2023
$495 Register after October 13, 2023



This class is taught by renowned security expert, practitioner, and author:
Krag Brotby CISM, CGEIT

Megamind’s comprehensive hands-on training for the official CRISC® Exam by ISACA is taught by Krag Brotby CISM, CGEIT — renowned security expert practitioner, trainer, and author of the CISM® Review Manual.  Mr. Brotby’s extensive CISM® knowledge brings a unique teaching perspective when preparing candidates for the complementary, CRISC® exam certification. Specifically focusing on IT professionals whose roles encompass security, operational, and compliance considerations.

Krag is the ’go-to’ computer security expert for mastering CRISC and CISM exams. He has successfully trained thousands of exam candidates over the past 17 years.

  • Author of the official ISACA CISM Review Manual since its inception in 2005.
  • Author of the CISM Glossary Document and the CRISC Glossary Document.
  • Served on the ISACA Security Practice Development Committee responsible for exam question development.
  • Edited the entire 1200 CISM sample question database, creating approximately 800 questions for the ISACA 2016 CISM QAE Book.
  • Taught CISM courses globally during the past decade including the US Pentagon, US Marine Corps, Navy, and the Army.
  • Frequent security expert practitioner/instructor at conferences globally and lectures on information security governance, metrics, information security management, GRC and CISM exam preparation throughout Oceana, Asia, Europe, the Middle East, and North America.

Read Full Bio


For maximum benefit, it is recommended that each student purchase and review study materials prior to attending the workshop:

  • ISACA CRISC® Review Manual – (latest edition)
  • ISACA CRISC® QAE (Questions, Answers & Explanations) Manual (latest edition)
  • ISACA CRISC® Practice Questions DB Download
  • ISACA Glossary Document

The official ISACA study materials can be purchased directly thru the ISACA bookstore (www.isaca.org).

While the critical concepts are explored during the workshop, the focus is on developing the skills and understanding essential to mastering this unique examination, there is insufficient time to study in depth the manual content during the 2-day class. These topics will, however, be covered in the context of sample exam questions.


(6 hours per day)

Pre-review Sample Exam

Exam Question review and analysis

  • Question types and structure
  • Question analysis
  • Judgment and synthesis


IT Risk Identification

  • Risk Management Good Practice
  • Methods to Identify Risk
  • Risk Culture and Communications
  • The Business IT Risk Strategy
  • Information Security Risk Concepts and Principles
  • Threats and Vulnerabilities Related to Assets
  • Risk Related to Organizational Assets and Business Processes
  • IT Risk Scenarios
  • Ownership and Accountability
  • Risk Capacity, Appetite and Tolerance
  • Risk Awareness

IT Risk Assessment

  • Risk Identification vs Risk Assessment
  • Analyzing Risk Scenarios
  • Current State of Controls
  • Risk and Control Analysis
  • Risk Analysis Methodologies
  • Documenting Incident Response
  • Business-related Risk
  • Risk Associated with Enterprise Architecture
  • Data Management
  • New Threats and Vulnerabilities
  • Emerging Technologies
  • Industry Trends
  • Third Party Management
  • Project and Program Management
  • Business Continuity and Disaster Recovery Management
  • Exception Management Practices
  • IT Risk Assessment Report
  • Risk Ownership and Accountability
  • Communication IT Risk Assessment Results



Risk Response and Mitigation

  • Aligning Risk Response with Business Objectives
  • Risk Response Options
  • Analysis Techniques
  • Vulnerabilities Associated with New Controls
  • Developing a Risk Action Plan
  • Business Process Review Tools and Techniques
  • Control Design and Implementation
  • Control Monitoring and Effectiveness
  • Characteristics of Inherent and Residual Risk
  • Control Activities, Objectives, Practices and Metrics
  • System Control Design and Implementation
  • Impact of Emerging Technologies on Design and Implementation of Controls
  • Control Ownership
  • Risk Management Procedures and Documentation
  • Risk Responses and the Risk Action Plan

Risk Control Monitoring and Reporting

  • Key Risk Indicators
  • Key Performance Indicators
  • Data Collection and Extraction Tools and Techniques
  • Changes to the IT Risk Profile

Exam Prep Tips & Techniques



Attendees receive a copy of Krag Brotby’s CRISC Glossary Document.
The CRISC Glossary is an important study tool for must-know terms and definitions, and serves as a handy reference after the CRISC exam, too!
Request a free copy of Krag’s CRISC Glossary: info@megamind.org.


After the class is held, Megamind provides attendees with:

  • All attendees receive a copy of the instructor’s actual slides used for the class.
  • Access to the online CRISC training class recording after the class is held.
  • Krag’s 100 Sample CRISC Practice Questions & Answers.
  • Krag’s Guidance on Your Final Prep Steps for the CRISC exam.
  • Megamind Certificate of Completion:
    2-Day CRISC Prep Exam Training (12 hours).


CRISC® Prep Exam Training is recommended for IT and business professionals who identify and manage risks, including (but not limited to):

  • IT professionals
  • Risk professionals
  • Business analysts
  • Project managers
  • Compliance professionals
  • Control professionals

ABOUT CRISC® (Certified in Risk and Information Systems Control)

The CRISC® certification prepares the IT professional for the challenges of IT and enterprise risk management. Earning a CRISC® helps enterprises to understand business risk, and to have the technical knowledge to implement appropriate IS controls.

The CRISC® focuses on:

  • Risk identification, assessment and evaluation.
  • Risk response.
  • Risk monitoring.
  • IS control design and implementation.

CRISC®  Examination and Certification Requirements:

The CRISC® exam consists of 150 multiple-choice questions taken over a 4-hour period.

ISACA uses and reports scores on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established by ISACA’s CRISC® Certification Committee.

A CRISC® candidate receiving a passing score may then apply for CRISC® certification provided the following requirements are met:

  • CRISC® Certification Job Practice – Effective 2015
  • Prove at least three (3) years of cumulative work experience performing tasks of a CRISC® professional across at least two (2) of the four (4) new domains. Of these 2 required domains, one must be in either Domain 1 or 2.
  • Successful completion of the CRISC® examination.
  • Risk management and information systems control experience.
  • Adhere to the ISACA Code of Professional Ethics.
  • Agree to comply with the CRISC® Continuing Education Policy.

CRISC® Salary Ranking:

  • Certified in Risk and Information Systems (CRISC®) ensures an IT Professional is prepared for the unique challenges of IT and enterprise risk management. CRISC® ranked as the 4th highest-paying IT certification based on the 15 Top-Paying Certifications for 2021 IT Skills and Salary Survey conducted by Global Knowledge, with an average salary of US $151,995.
  • CRISC® ranked one of the top 6 most sought-after Governance, Risk and Compliance (GRC) certifications by CIO Magazine.

For a more detailed description regarding CRISC® qualifications and the ISACA CRISC® exam,
visit the ISACA.org website.


150 Questions: 4 hours

Megamind does not provide the CRISC EXAM with this training, and it is NOT included in the Megamind course fees.

You must register directly with ISACA (www.isaca.org) for the CRISC Exam.


  • ISACA is now offering a new 365-day exam eligibility period (Continuous Testing). Beginning on the date that you register, you will have 365 days to schedule and to take the exam. Proctored on-line exam testing is now available as well.

CRISC candidates must register directly for the CRISC exam with ISACA.org.


Early registration is recommended as this course fills up quickly. To ensure admission, fees must be paid in advance.




Attend this live, instructor-led online training from your own personal working environment — from your home or your office via the internet.


Most classes run 2 full days from 7:00AM-2:00PM (PT) except where noted.

There are four sessions per day.
Generally there are two morning sessions & two afternoon sessions each day.

Each session is about 90 minutes long with a 15 minute break per session, and a 30 minute lunch break daily.


Pacific Time Zone:              7:00AM – 2:00PM
Mountain Time Zone:       8:00AM – 3:00PM
Central Time Zone:            9:00AM – 4:00PM
Eastern Time Zone:         10:00AM – 5:00PM
International Time Zones Vary According to Country

Refer to the World Time Zone Converter for your time zone:


Cancellations will be accepted up to 10 working days before the scheduled course. After that time, no refunds will be given but substitutions may be sent at any time or tuition may be applied to a future training class.

Megamind reserves the right to cancel or postpone any scheduled training class.


This class is available for group training:
private onsite -or- live, online training class

For scheduling and pricing, email: info@megamind.org.

Note: Megamind reserves the right to reschedule or cancel any scheduled training class.

CRISC® is a Registered Trade Mark of ISACA.
CRISC® is an ISACA certification.




2. PAY your TUITION using PayPal “Buy Now” below.

Class Dates:

You will receive a confirmation email after completing the registration form and payment.

Want to pay using a purchase order?
Then fill out our online Registration form and we will contact you.

Want to request onsite training or learn more about IT training?
Then drop us a note using our Contact form.