All Episodes
Displaying 61 - 80 of 93 in total
Episode 61: Disaster Recovery Management (DRM)
Disaster Recovery Management is critical to ensuring operational continuity during and after unexpected events. This episode explores the components of a DRM strategy,...
Episode 62: Data Lifecycle Management Principles
Data carries risk throughout its entire lifecycle—from creation to deletion. This episode explains the stages of data lifecycle management, how retention and disposal ...
Episode 63: System Development Life Cycle (SDLC) Essentials
CRISC candidates must understand how security and risk controls integrate with the SDLC. In this episode, we walk through the major phases of system development—planni...
Episode 64: Emerging Technologies and Associated Risks
New technologies can bring competitive advantage—but also new risk. This episode discusses emerging trends such as cloud computing, AI, blockchain, and IoT, and how ea...
Episode 65: Information Security Concepts, Frameworks, and Standards
A solid grasp of security frameworks is essential for risk alignment. This episode introduces key information security concepts—confidentiality, integrity, availabilit...
Episode 66: Information Security Awareness Training
People are often the weakest link in risk management. In this episode, we cover how security awareness training programs reduce human error and increase risk resilienc...
Episode 67: Business Continuity Management Concepts and Practices
Business Continuity Management (BCM) ensures critical operations continue under adverse conditions. This episode breaks down BCM elements such as continuity planning, ...
Episode 68: Data Privacy and Protection Principles
Privacy is no longer optional—it’s a regulatory and reputational imperative. This episode explores core privacy concepts, including data subject rights, lawful process...
Episode 69: Domain 4 Review: Key Takeaways and Exam Tips
Domain 4 brings together technical and organizational elements of risk—this review episode ties them all together. We recap core topics including IT operations, system...
Episode 70: Collecting and Reviewing Organization’s Business and IT Information
This supporting task is foundational: you can’t manage risk without understanding your environment. In this episode, you’ll learn how to gather and evaluate informatio...
Episode 71: Identifying Potential or Realized Impacts of IT Risk
Understanding how IT risks impact business objectives is central to the CRISC exam. In this episode, we explore how to recognize both potential and actual consequences...
Episode 72: Identifying Threats and Vulnerabilities to People, Processes, and Technology
Threats and vulnerabilities are the building blocks of risk—and CRISC candidates must assess all three layers: people, processes, and technology. This episode walks th...
Episode 73: Evaluating Threats, Vulnerabilities, and Risks to Develop IT Risk Scenarios
Risk scenarios make risks measurable and actionable. This episode explains how to build effective scenarios using threat and vulnerability information, asset dependenc...
Episode 74: Establishing Accountability Through Risk and Control Ownership
Without clear ownership, risk management breaks down. This episode shows you how to assign responsibility for risks and controls within the organization, ensuring acco...
Episode 75: Establishing and Maintaining the IT Risk Register
The risk register is a living document that tracks an organization’s risk exposure. In this episode, we explore how to build and maintain a complete, dynamic risk regi...
Episode 76: Facilitating Identification of Risk Appetite and Tolerance
This episode focuses on helping stakeholders define and document risk appetite and tolerance—core elements of strategic alignment. You’ll learn how to facilitate discu...
Episode 77: Promoting a Risk-Aware Culture through Security Awareness Training
Culture shapes risk behavior. In this episode, we look at how CRISC professionals help promote a risk-aware culture by supporting training programs and awareness campa...
Episode 78: Conducting a Comprehensive IT Risk Assessment
Risk assessments must be structured, repeatable, and aligned with business needs. This episode walks through how to conduct a comprehensive assessment, including risk ...
Episode 79: Identifying and Evaluating Effectiveness of Existing Controls
Controls are only valuable if they work. In this episode, we explain how to identify current controls across systems and processes and how to evaluate their design and...
Episode 80: Reviewing Risk and Control Analysis for Gaps Assessment
After controls and risks have been analyzed, gaps become clear. This episode focuses on reviewing results to identify missing safeguards, ineffective responses, and mi...