CRISC
Certified in Risk and Information Systems Control
This track is built to help you understand how ISACA frames risk — so you can think through scenarios the way the exam expects, not just recall definitions.
0 of 48 modules completed (0%)
What You'll Learn
- Understand how ISACA frames risk across governance, assessment, response, and monitoring
- Build decision frameworks for approaching IT risk scenarios under uncertainty
- Practice scenario-based questions that mirror ISACA's exam style
- Develop structured readiness self-assessments to know when you're exam-ready
Domain 1 — Governance
Organizational business and IT environments, strategy, goals and objectives, and the potential or realized impacts of IT risk to business objectives and operations.
Module A — Organizational Governance
- 1 Organizational Strategy, Goals, and Objectives Available
- 2 Organizational Structure, Roles and Responsibilities Available
- 3 Organizational Culture Available
- 4 Policies and Standards Available
- 5 Business Processes Available
- 6 Organizational Assets Available
- ✓ Section A Review: Organizational Governance Available
Module B — Risk Governance
- 7 Enterprise Risk Management and Risk Management Framework Available
- 8 Three Lines of Defense Available
- 9 Risk Profile Available
- 10 Risk Appetite and Risk Tolerance Available
- 11 Legal, Regulatory and Contractual Requirements Available
- 12 Professional Ethics of Risk Management Available
- ✓ Section B Review: Risk Governance Available
Domain 1 Review
Domain 2 — Risk Assessment
Threats and vulnerabilities to the organization's people, processes and technology, as well as the likelihood and impact of threats, vulnerabilities and risk scenarios.
Module A — IT Risk Identification
- 13 Risk Events Available
- 14 Threat Modelling and Threat Landscape Available
- 15 Vulnerability and Control Deficiency Analysis Available
- 16 Risk Scenario Development Available
- ✓ Section A Review: IT Risk Identification Available
Module B — IT Risk Analysis and Evaluation
- 17 Risk Assessment Concepts, Standards and Frameworks Available
- 18 Risk Register Available
- 19 Risk Analysis Methodologies Available
- 20 Business Impact Analysis Available
- 21 Inherent and Residual Risk Available
- ✓ Section B Review: IT Risk Analysis & Evaluation Available
Domain 2 Review
Domain 3 — Risk Response and Reporting
Development and management of risk treatment plans, evaluation of existing controls for IT risk mitigation, and assessment of relevant risk and control information to applicable stakeholders.
Module A — Risk Response
- 22 Risk Treatment / Risk Response Options Available
- 23 Risk and Control Ownership Available
- 24 Third-Party Risk Management Available
- 25 Issue, Finding and Exception Management Available
- 26 Management of Emerging Risk Available
- ✓ Section A Review: Risk Response Available
Module B — Control Design and Implementation
- 27 Control Types, Standards and Frameworks Available
- 28 Control Design, Selection and Analysis Available
- 29 Control Implementation Available
- 30 Control Testing and Effectiveness Evaluation Available
- ✓ Section B Review: Control Design & Implementation Available
Module C — Risk Monitoring and Reporting
- 31 Risk Treatment Plans Available
- 32 Data Collection, Aggregation, Analysis and Validation Available
- 33 Risk and Control Monitoring Techniques Available
- 34 Risk and Control Reporting Techniques Available
- 35 Key Performance Indicators Available
- 36 Key Risk Indicators (KRIs) Available
- 37 Key Control Indicators (KCIs) Available
- ✓ Section C Review: Risk Monitoring & Reporting Available
Domain 3 Review
Domain 4 — Technology and Security
Alignment of business practices with risk management and information security frameworks and standards, risk-aware culture, and security awareness training.
Module A — Information Technology Principles
- 38 Enterprise Architecture Available
- 39 IT Operations Management Available
- 40 Project Management Available
- 41 Disaster Recovery Management (DRM) Available
- 42 Data Lifecycle Management Available
- 43 System Development Life Cycle (SDLC) Available
- 44 Emerging Technologies Available
- ✓ Section A Review: Information Technology Principles Available
Module B — Information Security Principles
- 45 Information Security Concepts, Frameworks and Standards Available
- 46 Information Security Awareness Training Available
- 47 Business Continuity Management Available
- 48 Data Privacy and Data Protection Principles Available
- ✓ Section B Review: Information Security Principles Available