CRISC Domain 1: Governance

Module 1 covers ISACA CRISC Domain 1: Governance, which is weighted at 26% of the exam, and includes organizational governance and risk governance.


  • CRISC Domain 1: Governance pre-reading materials File — 00:10:00
  • Domain 1: Governance participant guide File — 00:10:00
  • Domain 1: Governance activity book File — 00:10:00
  • Domain 1: supplemental materials File — 00:10:00
  • Introduction to CRISC Domain 1: Governance Video — 00:09:57
    • This introduction details the outline for the entire learning path and Domain 1, noting the weight of Domain 1 on the exam (26%) and providing the course outline and learning objectives for Domain 1: Governance.

  • Key risk concepts Video — 00:15:27
    • This video discusses key risk terms and concepts, such as likelihood, event, and impact, setting the context for risk in an enterprise and quantifying risk.

  • Organizational strategy, goals and objectives Video — 01:07:50
    • This video introduces organizational strategy, goals and objectives; compares governance to management; discusses the benefits of IT management; outlines risk practitioner goals and the IT risk management life cycle; and explains various types of business

  • Organizational structure, roles and responsibilities Video — 00:25:33
    • This video describes organizational structure, defines the roles and responsibilities for risk management and details the RACI model that determines who is responsible for, accountable for, consulted about and informed of risks within an organization.

  • Organizational culture and assets Video — 01:08:37
    • This video describes the organizational culture as related to risk, including risk awareness programs and communication about risks, and explains how to determine, inventory and evaluate what assets may be affected by risk.

  • Policies, standards, and business process review Video — 00:35:38
    • This video delves into risk policies, standards, procedures and principles, as well as the purpose of and steps involved in business process review of risk.

  • Risk governance overview Video — 00:04:53
    • This video gives an overview of risk governance, including the four key objectives of risk governance.

  • Enterprise risk management, risk management frameworks and three lines of defense Video — 00:32:56
    • This video dives into enterprise risk management, including risk management standards and frameworks, as well as the three lines of defense: operational management, organizational compliance with the risk standards and auditing.

  • Risk profile, risk appetite and risk tolerance Video — 00:20:52
    • This video discusses the risk profile, appetite and tolerance of the organization, which is based on the IT risk management objectives and goals for the organization and its culture.

  • Professional ethics, laws, regulations and contracts Video — 00:13:25
    • This video discusses the the ethics of risk management, as well as the legal and organizational rules and regulations that define risk management.

  • Domain 1: Governance course summary Video — 00:01:34
    • A short summary of Domain 1, regarding the various angles of governance discussed in the preceding videos.

  • ISACA overview of Domain 1: Governance Video — 00:02:36
    • A brief overview of the ISACA CRISC coursework and exam for Domain 1: Governance.


Course description

CRISC Domain 1 covers both organizational governance and risk governance, and dives into such topics as such as organizational strategy, structure and culture, policies and standards, business processes, organizational assets, enterprise risk management a

Meet the author

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certification and skills training. We also empower all employees with security awareness training to stay cybersecure at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library