All Episodes
Displaying 21 - 40 of 93 in total
Episode 21: Legal, Regulatory, and Contractual Requirements
CRISC professionals must understand how external obligations impact IT risk decisions. In this episode, we explore legal mandates, industry regulations, and contractua...
Episode 22: Professional Ethics of Risk Management
Ethical decision-making is a foundational principle for CRISC-certified professionals. This episode reviews ISACA’s Code of Professional Ethics and how ethical standar...
Episode 23: Domain 1 Review: Key Takeaways and Exam Tips
This episode recaps the core lessons from Domain 1—Governance—and helps you consolidate key terms, relationships, and frameworks for the exam. From strategy alignment ...
Episode 24: CRISC Domain 2 Overview: Understanding IT Risk Assessment
Domain 2 focuses on one of the most critical skills in CRISC: assessing IT risk accurately and effectively. This episode introduces the domain’s structure and explores...
Episode 25: Risk Events: Identification and Contributing Conditions
To assess risk, you must first identify what risk events could occur. This episode focuses on how to recognize risk events, contributing conditions, and triggering fac...
Episode 26: Analyzing Loss Results and Business Impacts of Risk Events
Once a risk event is identified, you must understand its potential consequences. In this episode, we explore how to estimate loss results—including operational, financ...
Episode 27: Threat Modelling and the Threat Landscape
Effective risk assessment starts with a clear picture of your threat environment. This episode teaches you how to conduct threat modeling, understand adversary types, ...
Episode 28: Vulnerability and Control Deficiency Analysis (Root Cause Analysis)
Risk is driven not just by threats, but also by internal weaknesses. In this episode, we cover how to analyze vulnerabilities and control deficiencies using techniques...
Episode 29: Risk Scenario Development
Risk scenarios bring all elements of risk together—threats, assets, vulnerabilities, and business impact. This episode walks you through the process of constructing ri...
Episode 30: Risk Assessment Concepts, Standards, and Frameworks
ISACA expects CRISC candidates to understand key risk assessment standards and apply them in context. In this episode, we explore qualitative vs. quantitative methods,...
Episode 31: The IT Risk Register: Creation and Management
The risk register is the heart of risk tracking and reporting, and CRISC candidates must understand how to build and maintain one effectively. This episode explains ho...
Episode 32: Risk Analysis Methodologies and Tools
Choosing the right methodology is crucial for valid risk assessments. This episode explores the different approaches to risk analysis—qualitative, quantitative, and hy...
Episode 33: Conducting Business Impact Analysis (BIA)
Business impact analysis helps prioritize what matters most during risk assessments. In this episode, you’ll learn how to conduct a BIA, identify critical processes, e...
Episode 34: Inherent Risk vs. Residual Risk
A clear understanding of inherent and residual risk is critical for exam success. This episode explains how to define and compare these two key risk states, and why bo...
Episode 35: Domain 2 Review: Key Takeaways and Exam Tips
Wrap up Domain 2 with a focused review of the essential concepts, models, and vocabulary covered throughout your risk assessment study. This episode reinforces how all...
Episode 36: CRISC Domain 3 Overview: Risk Response and Reporting Essentials
Domain 3 shifts the focus from identifying risk to acting on it. In this overview, we explain how CRISC candidates are expected to understand treatment planning, contr...
Episode 37: Understanding Risk Treatment Options (Accept, Mitigate, Transfer, Avoid)
Risk treatment is a core function of CRISC professionals. This episode covers the four primary risk response strategies and explains how to apply them in different sce...
Episode 38: Implementing and Documenting Risk Response Decisions
Once a risk response has been selected, execution is key. This episode explains how to turn response strategies into action plans, how to document decisions for accoun...
Episode 39: Assigning Risk and Control Ownership
Risk management is a team effort, and assigning ownership ensures accountability. This episode dives into the process of identifying the right owners for risk and cont...
Episode 40: Third-Party Risk Identification and Evaluation
Many IT risks arise from third-party relationships, and this episode explores how to evaluate them properly. You’ll learn how to assess vendors, cloud providers, and o...