Certified: The CRISC Audio Course

Risk scenarios make risks measurable and actionable. This episode explains how to build effective scenarios using threat and vulnerability information, asset dependencies, and business objectives. Yo…

Threats and vulnerabilities are the building blocks of risk—and CRISC candidates must assess all three layers: people, processes, and technology. This episode walks through methods to identify common…

Understanding how IT risks impact business objectives is central to the CRISC exam. In this episode, we explore how to recognize both potential and actual consequences of risk events. You’ll learn to…

This supporting task is foundational: you can’t manage risk without understanding your environment. In this episode, you’ll learn how to gather and evaluate information about business processes, IT s…

Domain 4 brings together technical and organizational elements of risk—this review episode ties them all together. We recap core topics including IT operations, system development, security, continui…

Privacy is no longer optional—it’s a regulatory and reputational imperative. This episode explores core privacy concepts, including data subject rights, lawful processing, and protection controls. Yo…

Business Continuity Management (BCM) ensures critical operations continue under adverse conditions. This episode breaks down BCM elements such as continuity planning, recovery strategies, and busines…

People are often the weakest link in risk management. In this episode, we cover how security awareness training programs reduce human error and increase risk resilience. You’ll learn how CRISC profes…

A solid grasp of security frameworks is essential for risk alignment. This episode introduces key information security concepts—confidentiality, integrity, availability—and reviews common frameworks …

New technologies can bring competitive advantage—but also new risk. This episode discusses emerging trends such as cloud computing, AI, blockchain, and IoT, and how each introduces unique threats and…

CRISC candidates must understand how security and risk controls integrate with the SDLC. In this episode, we walk through the major phases of system development—planning, design, testing, deployment,…

Data carries risk throughout its entire lifecycle—from creation to deletion. This episode explains the stages of data lifecycle management, how retention and disposal policies mitigate risk, and the …

Disaster Recovery Management is critical to ensuring operational continuity during and after unexpected events. This episode explores the components of a DRM strategy, including recovery time objecti…

Every IT project introduces risk—and every CRISC candidate must be prepared to assess it. This episode covers how project management methodologies like Agile and Waterfall affect risk posture, and ho…

Problem and incident management are essential components of operational resilience. This episode explains how organizations detect, document, and resolve IT issues while minimizing business impact. Y…

Change and asset management processes are central to minimizing IT risk. In this episode, we examine how structured change control reduces service disruption, and how asset inventories support effect…

A strong enterprise architecture provides structure and clarity for risk-informed IT decisions. This episode explores the foundational components of enterprise architecture, how it aligns with busine…

Domain 4 focuses on the integration of IT and security into enterprise risk management. This episode introduces you to the key topics within this domain, from enterprise architecture to information s…

Domain 3 brings together risk response, control management, and stakeholder reporting—and this review episode reinforces the most tested concepts across all those topics. We recap treatment options, …

KRIs and KCIs are essential tools for proactive risk and control management. In this episode, we examine how to define, track, and apply these indicators to detect rising threats or control degradati…