CRISC Domain 2: IT risk assessment

A brief overview of the ISACA CRISC coursework and exam for Domain 2: It Risk Assessment.

The introduction to Domain 2 notes the weight of the domain on the exam (20%) and provides the outline for the coursework and learning objectives for Domain 2: IT Risk Assessment.

This video reviews risk identification, which includes determining identification of assets that might be at risk, potential vulnerabilities and frequency of risks and any possible consequences for specific threats.

This video discusses threat modeling and the threat landscape, which includes threat sources, threat actors, internal and external threats, threat scenarios and landscapes, threat modeling and the LINDDUN modeling framework.

This video focuses on vulnerability and control deficiency analysis, diving into the sources of vulnerabilities, vulnerability assessment, government and organization websites that monitor vulnerabilities, working in the cloud, big data and gap and root c

This video delves into developing risk scenarios, the benefits of risk scenarios, and different approaches to risk scenarios and analyzing risk scenarios.

In this video, we dive into risk assessments, covering concepts, standards and frameworks, and risk ranking, maps, owners and documentation, including reports.

This video focuses on the risk register, a centralized list allowing tracking of risk, as well as processes and continuous monitoring.

This video discusses risk analysis methodologies, qualitative risk management and hybrid risk management.

This video focuses on the business impact analysis, including enabling and defining BIA outcomes, business continuity and organizational resiliency, BIA resources, analysis and assessment.

This video focuses on inherent, residual and current risk.

A short summary of Domain 2, reviewing the main areas of discussion in the preceding videos.