According to ISACA, the Certified in Risk and Information Systems Control CRISC designation aims to certify those professionals who have knowledge and experience in identifying and evaluating risk and in administering risk-based IS controls. This is a relatively new certification, with these domains covered: - Risk Identification, Assessment and Evaluation - Risk Response - Risk Monitoring - Information Systems Control Design and Implementation - Information Systems Control Monitoring and Maintenance You dont have to be a CISA in order to go for this certification. However, knowledge covered by the CISA certification will be VERY USEFUL. In fact, this is an advanced level exam. If you do not have real world experience, you will not be able to pick the right answers for the corresponding scenarios. When we develop our material we do not classify topics the BOK way. In fact, we follow our own flow of instructions which we think is more logical for the overall learning process. Dont worry, it does not hurt to do so, as long as you truly comprehend the material. To succeed in the exam, you need to read as many reference books as possible. There is no single book that can cover everything! This ExamFOCUS book focuses on the more difficult topics that will likely make a difference in exam results. The book is NOT intended to guide you through every single official topic. You should therefore use this book together with other reference books for the best possible preparation outcome.