CRISC Cert Masterclass - 2026 (+16 CPE)

Name: CRISC Cert Masterclass - 2026 (+16 CPE)
Rating: 4.8 (30 reviews)

Complete CRISC certification prep: IT risk governance, assessment, response, and security across all 4 domains

Hot & New

New

Created byJacob Bushong

Last updated 5/2026

English

What you'll learn

Apply ISACA's IT risk governance framework including risk ownership, appetite, and the Three Lines Model
Build and evaluate risk scenarios using qualitative and quantitative assessment methods
Translate technical IT risks into business impact terms for executive decision-making
Select and implement risk response strategies aligned to organizational risk appetite
Design and test controls using preventive, detective, and corrective frameworks
Monitor risk with KRIs, KCIs, and reporting dashboards tailored to different audiences
Govern technology risk across SDLC, DevOps, cloud, and emerging technologies
Take the CRISC certification exam with confidence using structured domain-by-domain preparation

Course content

6 sections • 115 lectures • 16h 26m total length

Introduction7:24

Strategy, Goals, and Risk Context7:25
Quick Check-In1:39
Ownership and the Objective-to-Risk Chain8:39
Roles, Authority, and Decision Tiers7:52
Quiz 1: Business Strategy and Value Alignment
Segregation of Duties and Accountability8:53
Risk Culture and Tone from the Top8:55
Reinforcing Ethical Behavior7:58
Quiz 2: Accountability, Ownership, and Segregation of Duties
The Policy Hierarchy and Lifecycle7:21
Effectiveness, Enforcement, and Exceptions7:30
Process Ownership and Criticality7:33
Quiz 3: Purpose, Hierarchy, and Governance Role
BC, DR, and Governance Thresholds8:48
Asset Identification and Value7:29
Integrating Assets into Governance5:57
Quiz 4: Governance of Business Continuity and Disaster Recovery
Section A Review — Organizational Governance6:56
What ERM Is and Why It Matters9:10
CRISC's Role Within the ERM Ecosystem7:32
The Three Lines Model7:35
Quiz 5: ERM Purpose, Scope, and Governance
Operating the Lines in Practice7:52
What the Risk Profile Is7:58
Maintaining and Using the Profile8:39
Quiz 6: Operating the Lines of Defense in Practice
Defining Risk Appetite7:33
Risk Tolerance in Practice7:24
Risk-Based Decision-Making7:46
Quiz 7: Defining Risk Appetite
Frameworks as Governance Enablers7:30
Legal, Regulatory, and Compliance8:12
Domain 1 Integration — How It All Connects7:01
Exam Strategy and Key Terms6:29
Quiz 8: The Role of Risk Frameworks

Domain 2 Introduction2:41
Understanding Risk Events as Outcomes8:59
Common Categories of IT Risk Events and Loss Types9:58
Threat Sources, Actors, and Motivations9:13
The Evolving Threat Landscape and Risk Context9:44
Quiz 9: Common Categories of IT Risk Events and Loss
Vulnerabilities as Conditions and Weaknesses7:51
Governance Perspective on Vulnerability Identification9:55
Building Effective Risk Scenarios8:03
Quiz 10: Vulnerabilities as Conditions and Weaknesses
Evaluating Risk Scenarios for Completeness and Clarity8:38
Common Risk Scenario Failures and Exam Patterns9:38
Qualitative and Quantitative Risk Assessment Concepts8:15
Quiz 11: Evaluating Risk Scenarios for Completeness and Clarity
Consistency, Repeatability, and Assessment Standards10:52
Translating Technical Loss into Business Impact7:41
Using BIA Results to Prioritize Risk10:11
Quiz 12: Consistency, Repeatability, and Assessment Standards
Purpose and Structure of the Risk Register7:53
Using the Risk Register for Governance and Decision-Making10:02
Comparing Risk Analysis Approaches7:49
Quiz 13: Purpose and Structure of the Risk Register
Quick Check-In1:27
Selecting Appropriate Methodologies for the Organization9:04
Understanding Inherent Risk7:44
Residual Risk and Governance Implications8:57
Quiz 14: Selecting Appropriate Methodologies for the Organization
Domain 2 Wrap-Up4:01

Domain 3 Intro3:09
Risk Response Strategy Overview7:40
Aligning Responses to Risk Appetite7:20
Cost, Tradeoffs, and Decision Bias8:19
Quiz 15: Risk Response Strategy Overview
Risk Ownership vs Control Ownership6:59
Accountability, RACI, and Escalation10:47
Vendor Risk Governance Fundamentals7:25
Quiz 16: Risk Ownership vs Control Ownership
Third-Party Due Diligence and Contracts7:14
Ongoing Monitoring and Exit Risk10:02
Issues, Findings, and Deviations7:56
Quiz 17: Third-Party Due Diligence and Contracts
Exceptions, Exemptions, and Acceptance10:39
Control Framework Purpose and Use7:27
Control Types and Classifications10:35
Quiz 18: Exceptions, Exemptions, and Acceptance
Designing Controls for Risk Outcomes7:20
Control Selection Tradeoffs7:39
Control Implementation Failure Patterns8:34
Evaluating Control Effectiveness7:12
Quiz 19: Designing Controls for Risk Outcomes
Control Testing Objectives7:57
Evidence, Frequency, and Interpretation10:16
Risk Action Plan Structure7:24
Quiz 20: Control Testing Objectives
Tracking Progress and Ownership9:14
Risk Data Sources and Quality7:27
Aggregation and Normalization6:59
Quiz 21: Tracking Progress and Ownership
Validation and Consistency9:51
KRIs, KCIs, and KPIs7:35
Metrics Aligned to Risk Appetite7:41
Quiz 22: Validation and Consistency
Metric Pitfalls and Misuse10:06
Continuous and Periodic Monitoring7:08
Thresholds and Escalation12:31
Quiz 23: Metric Pitfalls and Misuse
Reporting Objectives and Audiences8:02
Heatmaps, Dashboards, Scorecards8:08
Reporting Bias and Misinterpretation10:24
Quiz 24: Reporting Objectives and Audiences
Identifying Emerging Risks7:50
Integrating Emerging Risk Reporting10:05
Domain 3 Wrap-Up4:05
Quiz 25: Identifying Emerging Risks

Domain 4 Introduction3:47
Enterprise Architecture and Risk10:28
Roadmaps and Architectural Governance13:19
Change Management and Risk10:48
Asset and Configuration Governance11:03
Quiz 26: Roadmaps and Architectural Governance
Incident and Problem Oversight15:57
Secure SDLC Governance13:24
DevOps Risk and Control12:53
Quiz 27: Incident and Problem Oversight
Testing, Release, and Residual Risk14:28
Data Classification and Ownership13:05
Data Retention and Disposal12:23
Quiz 28: Testing, Release, and Residual Risk
Data Integrity and Lifecycle Risk15:06
Project Governance and Risk10:34
Agile Delivery and Risk Control13:39
Quiz 29: Data Integrity and Lifecycle Risk
Business Continuity Governance12:22
Disaster Recovery Risk Oversight10:55
Resilience Testing and Assurance12:59
Quiz 30: Business Continuity Governance
Emerging Technology Risk Governance9:54
Innovation Boundaries and Appetite13:22
Security Framework Alignment10:02
Quiz 31: Emerging Technology Risk Governance
Control Standards and Enforcement11:48
Quick Check-In1:19
Security Culture and Behavior8:50
Training Effectiveness and Risk Reduction11:28
Privacy Governance and Risk9:34
Data Protection Control Strategy11:46
Quiz 32: Control Standards and Enforcement
Domain 4 Wrap-Up5:15

Requirements

No specific prerequisites required. Some familiarity with IT operations, governance, or risk concepts is helpful but not mandatory — this course teaches everything from the ground up.

Description

This course contains the use of artificial intelligence.

Efficiently prepare for the CRISC certification exam. This complete CRISC exam prep course covers every concept across all four ISACA CRISC domains — updated and aligned to the current exam outline — with structured lessons, real-world examples, and ISACA-style practice questions designed to build genuine exam-day confidence.

**What makes this CRISC course different?** You get domain-by-domain preparation that mirrors how ISACA actually tests, not just a textbook summary. Every lesson connects IT risk concepts to the decision-based questions you will face on exam day, so you learn to think the way ISACA expects.

**Domain 1 — IT Risk Governance (26%):** Risk ownership, enterprise risk management, the Three Lines Model, risk appetite vs. tolerance, and regulatory frameworks. **Domain 2 — IT Risk Assessment (20%):** Threat identification, vulnerability analysis, risk scenarios, qualitative and quantitative methods, business impact analysis, and the risk register. **Domain 3 — Risk Response and Reporting (32%):** The largest exam domain — risk response strategies, third-party and vendor risk, control design and testing, KRIs, monitoring, reporting to executives, and emerging risk. **Domain 4 — Information Technology and Security (22%):** Enterprise architecture, SDLC security, DevOps governance, data classification, business continuity and disaster recovery, cloud risk, NIST, ISO 27001, and privacy.

Each domain ends with CRISC-style practice questions so you can test your understanding immediately and identify weak areas before exam day. You also get 2 full-length practice exams with detailed answer explanations covering all four domains.

Whether you are an IT risk analyst, security professional, compliance manager, auditor, or governance specialist — this course gives you the structured CRISC exam preparation path you need. Stop studying without direction and start preparing with a proven, domain-by-domain system.

Who this course is for:

IT professionals preparing to take the ISACA CRISC certification exam and advance their career in IT risk management and governance.

CRISC Cert Masterclass - 2026 (+16 CPE)

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 7min

Domain 1: Governance27 lectures • 3hr 24min

Domain 2: IT Risk Assessment22 lectures • 2hr 59min

Domain 3: Risk Response and Reporting35 lectures • 4hr 49min

Domain 4: Information Technology and Security27 lectures • 5hr

Practice Exams3 lectures • 8min

Requirements

Description

Who this course is for: