CRISC Domain 2: IT risk assessment Course

CRISC Module 2, which is weighted at 20% of the exam, covers ISACA CRISC Domain 2: IT Risk Assessment, including risk identification, analysis and evaluation.

4 hours, 4 minutes

Course description

CRISC Domain 2 covers risk identification and risk analysis and dives into such topics such as risk events; threat modeling and landscape; vulnerability and control deficiency analysis; risk scenario development; risk assessment concepts, standards and frameworks; risk register; risk analysis methodologies; business impact analysis; inherent and residual risk.


Domain 2: supplemental materials

File - 00:10:00

The Domain 2 supplemental files include interactive pdf files on risk analysis approaches, risk register sample and the business case and IT.
Domain 2: IT risk assessment activity book

File - 00:10:00

The activity book consolidates all of the activities discussed in Domain 2.
Domain 2: IT risk assessment participant guide

File - 00:10:00

This participant guide include the various slides that the instructor presented in the videos Domain 2 so that participants can review the main ideas, as well as relevant charts, graphics, questions and activities.
Domain 2: IT risk assessment pre-reading materials

File - 00:10:00

The pre-reading document provides notes and definitions for terms used in the videos for Domain 2, as well as sources for additional reading and study.
Domain 2: IT risk assessment course summary

Video - 00:02:00

A short summary of Domain 2, reviewing the main areas of discussion in the preceding videos.
Inherent, residual and current risk

Video - 00:13:00

This video focuses on inherent, residual and current risk.
Business impact analysis

Video - 00:22:00

This video focuses on the business impact analysis, including enabling and defining BIA outcomes, business continuity and organizational resiliency, BIA resources, analysis and assessment.
Risk analysis methodologies

Video - 00:13:00

This video discusses risk analysis methodologies, qualitative risk management and hybrid risk management.
Risk register

Video - 00:06:00

This video focuses on the risk register, a centralized list allowing tracking of risk, as well as processes and continuous monitoring.
Risk assessment concepts, standards and frameworks

Video - 00:26:00

In this video, we dive into risk assessments, covering concepts, standards and frameworks, and risk ranking, maps, owners and documentation, including reports.
Risk scenario development

Video - 00:15:00

This video delves into developing risk scenarios, the benefits of risk scenarios, and different approaches to risk scenarios and analyzing risk scenarios.
Vulnerability and control deficiency analysis

Video - 00:27:00

This video focuses on vulnerability and control deficiency analysis, diving into the sources of vulnerabilities, vulnerability assessment, government and organization websites that monitor vulnerabilities, working in the cloud, big data and gap and root cause analysis.
Threat modeling and threat landscape

Video - 00:35:00

This video discusses threat modeling and the threat landscape, which includes threat sources, threat actors, internal and external threats, threat scenarios and landscapes, threat modeling and the LINDDUN modeling framework.
Risk events

Video - 00:38:00

This video reviews risk identification, which includes determining identification of assets that might be at risk, potential vulnerabilities and frequency of risks and any possible consequences for specific threats.
Introduction to Domain 2: IT risk assessment

Video - 00:05:00

The introduction to Domain 2 notes the weight of the domain on the exam (20%) and provides the outline for the coursework and learning objectives for Domain 2: IT Risk Assessment.
ISACA overview of Domain 2: IT risk assessment

Video - 00:03:00

A brief overview of the ISACA CRISC coursework and exam for Domain 2: It Risk Assessment.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust