CRISC resources and tips?

za3bour · February 2013

I've noticed there are not many threads related to CRISC so I wanted to share my experience with this certificate.

I've recently taken the exam but failed

first fail since 2004... My score was 380. I did find the exam quite hard, especially if i want to compare it to other exams i've taken.

This is what i used to study for the exam

CRISC review manual 2011
CRISC questions and answers 2012

I have to admit that i only studied for one month, and i can tell that i didn't study enough because i did very well in the first three domains and I did really bad in the last two domains (information security). I think i put around 40-50 hours of study which is not enough.

I appreciate if we can share tips, study notes .etc (without violating NDA of course) so that we can all benefit knowing that this is a relatively new exam and its not as popular as (CISM&CISA)

Thanks,

paul78 · February 2013

I do think that because the CRISC is so new, a lot of the material has not had a chance to mature so consequently the questions on the exams seem repeatative with just minor nuances.

My own preparation is the same as yours. I mostly procrastinated and started about 4 weeks before the exam. It consisted of reading the 2011 review manual. About 3 days before the exam, I did the Q&A. I find that doing the Q&A after I have reviewed the manual gives me a chance to see if any of the material stuck with me.

One difference is that 2 days before the exam, I happened to notice that ISACA released a question DB so the day before the exam, I subscribed to the DB and went through the questions in the online DB. Although most of the questions in the DB were the same as in the Q&A - there were about 100 new questions.

Assuming that a candidate truly has the minimum 3 year requirement to be CRISC certified, preparation time for the exam of at least 40-50 hours should be fine. I think the key - at least for me - was that I did 20 hours of that study as a 4 day self-review during the week of the exam.

I saw your other post about the stress you face in your part of the world. I'm sure that type of stress doesn't help. I cannot even imagine it. I hope you stay safe.

Good luck in your next attempt.

GoodBishop · February 2013

za3bour wrote: »

I've noticed there are not many threads related to CRISC so I wanted to share my experience with this certificate.

I've recently taken the exam but failed first fail since 2004... My score was 380. I did find the exam quite hard, especially if i want to compare it to other exams i've taken.

This is what i used to study for the exam
CRISC review manual 2011

CRISC questions and answers 2012

I have to admit that i only studied for one month, and i can tell that i didn't study enough because i did very well in the first three domains and I did really bad in the last two domains (information security). I think i put around 40-50 hours of study which is not enough.

I appreciate if we can share tips, study notes .etc (without violating NDA of course) so that we can all benefit knowing that this is a relatively new exam and its not as popular as (CISM&CISA)

Thanks,

I took the exam in 2011, and I used the 2011 review manual and Q&A to pass. It was not difficult - but by that point in time I had the CISSP, CISA, and CISM, plus I was doing risk registers at work, so I wasn't too concerned. Probably took me about 40 hours to study.

I haven't seen the new material - I wonder what updates they've made to the manual.

za3bour · February 2013

GoodBishop wrote: »

I took the exam in 2011, and I used the 2011 review manual and Q&A to pass. It was not difficult - but by that point in time I had the CISSP, CISA, and CISM, plus I was doing risk registers at work, so I wasn't too concerned. Probably took me about 40 hours to study.

I haven't seen the new material - I wonder what updates they've made to the manual.

Yea having an expertise in Information Security will certainly help, I did not have a good experience in that field before the exam except having Security+. I had plans in the past to take CISSP but I was overwhelmed last year and I couldnt take any exam or even study for it. I squeezed CRISC in Dec but I still did not give it the time it needed to pass.

I do have a couple of CISSP books do you think reading them will improve my chances to pass CRISC in June?

za3bour · February 2013

paul78 wrote: »

I do think that because the CRISC is so new, a lot of the material has not had a chance to mature so consequently the questions on the exams seem repeatative with just minor nuances.

My own preparation is the same as yours. I mostly procrastinated and started about 4 weeks before the exam. It consisted of reading the 2011 review manual. About 3 days before the exam, I did the Q&A. I find that doing the Q&A after I have reviewed the manual gives me a chance to see if any of the material stuck with me.

One difference is that 2 days before the exam, I happened to notice that ISACA released a question DB so the day before the exam, I subscribed to the DB and went through the questions in the online DB. Although most of the questions in the DB were the same as in the Q&A - there were about 100 new questions.

Assuming that a candidate truly has the minimum 3 year requirement to be CRISC certified, preparation time for the exam of at least 40-50 hours should be fine. I think the key - at least for me - was that I did 20 hours of that study as a 4 day self-review during the week of the exam.

I saw your other post about the stress you face in your part of the world. I'm sure that type of stress doesn't help. I cannot even imagine it. I hope you stay safe.

Good luck in your next attempt.

Thanks for your reply, I did not know about the questions DB I will certainly look into it. Stress has been and still is really high, I can't really focus on studying i spend most of my time when i am back home watching news which is not healthy at all....

I do have 3 years experience in Risk Management and Business Continuity (were i scored high in the exam) but not as much in IS.

JDMurray · February 2013

For future reference, check out the Study Materials section of the Prepare for the CRISC Exam page at isaca.org. I don't see a CRISC pre-assessment exam like they have for CISA and CISM.

za3bour · February 2013

JDMurray wrote: »

For future reference, check out the Study Materials section of the Prepare for the CRISC Exam page at isaca.org. I don't see a CRISC pre-assessment exam like they have for CISA and CISM.

Yea I do have the review manual 2011, it seems they have the 2013 now so I am not sure whether i need to buy it, i do have the Q&A 2012 edition as well.

What I did not focus on though is the extra resources they mentioned (COBIT, Risk IT Framework and the Risk IT Practitioner Guide). I did not have enough time to go through them but this time I will do for sure.

apps · April 2013

Hi Paul,

What version of the test did you take? (2011, 2012, 2013) I have the 2011 study manual and review questions manual and wondering if the test has changed enough to make it worth while for me to get the updated 2013 versions.

Regards,

Apps

paul78 · April 2013

Hello apps - welcome to the TE forums. I took the 2012 version and I read the 2011 review manual. I think that there was no 2012 review manual if my memory is correct.

Perhaps the 2013 Q&A manual will be worth the investment but I doubt the manual changed much. Try calling ISACA, they are very helpful and may be willing to suggest. Or try asking your local ISACA chapter.

Good luck.

Qwayt · November 2013

Paul,

CRISC related question - were there any questions from DB in exam? Worth to get DB to look through?

aniket21 · May 2015

Hi All,

I am new to the field of the IS. and want to continue with it.
Currently I am preparing for the CompTIA Security+, and want to go ahead with CRISC.

Have few queries though.
What are the growth opportunities in the field of the IS when you clear the CRISC or CISSP?
And what is the difference between CRISC and CISSP?

Remedymp · May 2015

aniket21 wrote: »

Hi All,

I am new to the field of the IS. and want to continue with it.
Currently I am preparing for the CompTIA Security+, and want to go ahead with CRISC.

Have few queries though.
What are the growth opportunities in the field of the IS when you clear the CRISC or CISSP?
And what is the difference between CRISC and CISSP?

You must have experience in atleast 2 of the domains in the job practices area for CRISC. Check the requirements here.

colemic · May 2015

I would suggest rethinking your strategy - Sec+ is considered by most to be introductory-level security certification, and CRISC is almost at the opposite end of the spectrum. In no way does the CRISC prepare you for Sec+; in fact, I would go so far as to say that it's the other way around.

aniket21 wrote: »

Hi All,

I am new to the field of the IS. and want to continue with it.
Currently I am preparing for the CompTIA Security+, and want to go ahead with CRISC.

Have few queries though.
What are the growth opportunities in the field of the IS when you clear the CRISC or CISSP?
And what is the difference between CRISC and CISSP?

CRISC resources and tips?

Comments