All Episodes
Displaying 31 - 60 of 93 in total
Episode 31: The IT Risk Register: Creation and Management
The risk register is the heart of risk tracking and reporting, and CRISC candidates must understand how to build and maintain one effectively. This episode explains ho...
Episode 32: Risk Analysis Methodologies and Tools
Choosing the right methodology is crucial for valid risk assessments. This episode explores the different approaches to risk analysis—qualitative, quantitative, and hy...
Episode 33: Conducting Business Impact Analysis (BIA)
Business impact analysis helps prioritize what matters most during risk assessments. In this episode, you’ll learn how to conduct a BIA, identify critical processes, e...
Episode 34: Inherent Risk vs. Residual Risk
A clear understanding of inherent and residual risk is critical for exam success. This episode explains how to define and compare these two key risk states, and why bo...
Episode 35: Domain 2 Review: Key Takeaways and Exam Tips
Wrap up Domain 2 with a focused review of the essential concepts, models, and vocabulary covered throughout your risk assessment study. This episode reinforces how all...
Episode 36: CRISC Domain 3 Overview: Risk Response and Reporting Essentials
Domain 3 shifts the focus from identifying risk to acting on it. In this overview, we explain how CRISC candidates are expected to understand treatment planning, contr...
Episode 37: Understanding Risk Treatment Options (Accept, Mitigate, Transfer, Avoid)
Risk treatment is a core function of CRISC professionals. This episode covers the four primary risk response strategies and explains how to apply them in different sce...
Episode 38: Implementing and Documenting Risk Response Decisions
Once a risk response has been selected, execution is key. This episode explains how to turn response strategies into action plans, how to document decisions for accoun...
Episode 39: Assigning Risk and Control Ownership
Risk management is a team effort, and assigning ownership ensures accountability. This episode dives into the process of identifying the right owners for risk and cont...
Episode 40: Third-Party Risk Identification and Evaluation
Many IT risks arise from third-party relationships, and this episode explores how to evaluate them properly. You’ll learn how to assess vendors, cloud providers, and o...
Episode 41: Managing and Monitoring Third-Party Risks
Identifying third-party risks is only the first step—effective risk professionals must also manage and monitor them throughout the vendor lifecycle. In this episode, y...
Episode 42: Issue, Finding, and Exception Management
Every organization faces control gaps and compliance issues—what matters is how they’re addressed. This episode explains the difference between issues, findings, and e...
Episode 43: Managing Emerging Risks
CRISC candidates must be able to anticipate and respond to new threats as technologies and environments evolve. In this episode, we explore how to define and identify ...
Episode 44: Control Types, Standards, and Frameworks
Understanding the full landscape of control types is critical for treatment planning. This episode introduces preventive, detective, corrective, and compensating contr...
Episode 45: Control Design, Selection, and Analysis
A poorly chosen or badly designed control can create more risk than it mitigates. This episode focuses on selecting controls that align with business objectives and de...
Episode 46: Control Implementation Best Practices
A well-designed control must be implemented carefully to succeed. This episode outlines how to roll out controls across people, processes, and technology with minimal ...
Episode 47: Control Testing and Effectiveness Evaluation
Testing is how we know a control works. In this episode, you’ll learn the methodologies used to validate control effectiveness—from walkthroughs and testing procedures...
Episode 48: Developing and Executing Risk Treatment Plans
Once risk response decisions are made, treatment plans bring them to life. This episode shows you how to create actionable plans that assign ownership, define timeline...
Episode 49: Data Collection, Aggregation, Analysis, and Validation
Effective risk reporting begins with the right data. In this episode, we explain how to collect, organize, and validate risk and control data from across the enterpris...
Episode 50: Techniques for Risk Monitoring and Validation
Monitoring keeps risk management alive and responsive. This episode walks you through key techniques for tracking risk levels, validating changes in threat exposure, a...
Episode 51: Techniques for Control Monitoring and Continuous Improvement
Effective risk professionals don’t just implement controls—they monitor and refine them continuously. This episode explores how organizations use control monitoring te...
Episode 52: Risk and Control Reporting Techniques: Heatmaps, Scorecards, and Dashboards
Visual reporting tools turn data into decisions. This episode explains how heatmaps, scorecards, and dashboards are used to present risk and control information to sta...
Episode 53: Understanding Key Performance Indicators (KPIs)
Key Performance Indicators help organizations measure the success of their processes, including risk and control functions. This episode dives into KPI design, interpr...
Episode 54: Defining and Utilizing Key Risk Indicators (KRIs) and Key Control Indicators (KCIs)
KRIs and KCIs are essential tools for proactive risk and control management. In this episode, we examine how to define, track, and apply these indicators to detect ris...
Episode 55: Domain 3 Review: Key Takeaways and Exam Tips
Domain 3 brings together risk response, control management, and stakeholder reporting—and this review episode reinforces the most tested concepts across all those topi...
Episode 56: CRISC Domain 4 Overview: Information Technology and Security Alignment
Domain 4 focuses on the integration of IT and security into enterprise risk management. This episode introduces you to the key topics within this domain, from enterpri...
Episode 57: Enterprise Architecture Principles
A strong enterprise architecture provides structure and clarity for risk-informed IT decisions. This episode explores the foundational components of enterprise archite...
Episode 58: IT Operations: Change and Asset Management
Change and asset management processes are central to minimizing IT risk. In this episode, we examine how structured change control reduces service disruption, and how ...
Episode 59: IT Operations: Problem and Incident Management
Problem and incident management are essential components of operational resilience. This episode explains how organizations detect, document, and resolve IT issues whi...
Episode 60: Project Management in the IT Environment
Every IT project introduces risk—and every CRISC candidate must be prepared to assess it. This episode covers how project management methodologies like Agile and Water...
