Certified: The CRISC Audio Course

Business impact analysis helps prioritize what matters most during risk assessments. In this episode, you’ll learn how to conduct a BIA, identify critical processes, estimate financial and operationa…

Choosing the right methodology is crucial for valid risk assessments. This episode explores the different approaches to risk analysis—qualitative, quantitative, and hybrid—and introduces common tools…

The risk register is the heart of risk tracking and reporting, and CRISC candidates must understand how to build and maintain one effectively. This episode explains how to document risk scenarios, as…

ISACA expects CRISC candidates to understand key risk assessment standards and apply them in context. In this episode, we explore qualitative vs. quantitative methods, the role of standards like ISO …

Risk scenarios bring all elements of risk together—threats, assets, vulnerabilities, and business impact. This episode walks you through the process of constructing risk scenarios that are measurable…

Risk is driven not just by threats, but also by internal weaknesses. In this episode, we cover how to analyze vulnerabilities and control deficiencies using techniques like root cause analysis. You’l…

Effective risk assessment starts with a clear picture of your threat environment. This episode teaches you how to conduct threat modeling, understand adversary types, and anticipate threat behaviors.…

Once a risk event is identified, you must understand its potential consequences. In this episode, we explore how to estimate loss results—including operational, financial, reputational, and complianc…

To assess risk, you must first identify what risk events could occur. This episode focuses on how to recognize risk events, contributing conditions, and triggering factors within business and IT envi…

Domain 2 focuses on one of the most critical skills in CRISC: assessing IT risk accurately and effectively. This episode introduces the domain’s structure and explores the relationship between threat…

This episode recaps the core lessons from Domain 1—Governance—and helps you consolidate key terms, relationships, and frameworks for the exam. From strategy alignment to ethics, this is your opportun…

Ethical decision-making is a foundational principle for CRISC-certified professionals. This episode reviews ISACA’s Code of Professional Ethics and how ethical standards apply to governance, risk rep…

CRISC professionals must understand how external obligations impact IT risk decisions. In this episode, we explore legal mandates, industry regulations, and contractual terms that shape organizationa…

Understanding risk appetite and tolerance is vital for ensuring alignment between risk responses and business strategy. This episode clarifies these concepts, highlights the differences, and explores…

Every organization must maintain a clear picture of its risk exposure—and that picture is the risk profile. In this episode, we explain how risk profiles are developed, what they contain, and how the…

One of the most tested models in CRISC, the Three Lines of Defense framework is essential to understand clearly. This episode walks through each line—operational management, risk and compliance funct…

To pass CRISC, you must be fluent in Enterprise Risk Management (ERM) concepts and how formal risk frameworks guide decision-making. This episode covers key frameworks like COSO and ISO 31000 and exp…

Assets are the objects of risk, and this episode gives you the tools to identify, classify, and prioritize them. From information and infrastructure to personnel and facilities, we discuss the types …

Risk doesn’t exist in a vacuum—it exists within processes. In this episode, you'll learn how to identify and evaluate business processes in relation to risk scenarios. We discuss process mapping, own…

Policies and standards form the foundation of governance and are key enablers of risk control. This episode breaks down the difference between policies, standards, procedures, and guidelines—terms yo…