CRISC Domain 3: Risk response and reporting

Module 3 covers ISACA CRISC Domain 3, including sections on risk response, control design and implementation and risk monitoring and reporting.


  • Domain 3: Risk response and reporting pre-reading materials File — 00:10:00
  • Domain 3: Risk response and reporting participant guide File — 00:10:00
  • Domain 3: Risk response and reporting activity book File — 00:10:00
  • Domain 3: Supplemental materials File — 00:10:00
  • ISACA overview of Domain 3: Risk response and reporting Video — 00:02:36
    • A brief overview of the ISACA CRISC coursework and exam for Domain 3: Risk Response and Reporting.

  • Introduction to Domain 3: Risk response and reporting Video — 00:07:23
    • This introduction to Domain 3 notes the weight of the domain on the exam (32%) and provides the outline for the coursework and learning objectives for Domain 3: Risk Response and Reporting.

  • Risk and control ownership Video — 00:11:34
    • This video starts with an overview of risk response, then details risk control and the ownership and accountability for various roles within an organization.

  • Risk treatment/risk response options Video — 00:26:15
    • This video describes how organizations must align their risk response to their business objectives and how to choose one or more of the four options for responding to risk: acceptance, mitigation, sharing and avoidance.

  • Managing risk from processes, third parties and emergent sources Video — 00:41:15
    • This video details how risk can be managed when third parties are involved, new processes are implemented or emerging technologies are utilized.

  • Control types, standards and frameworks Video — 00:26:34
    • This video describes various control types, as well as the standards and frameworks that are essential for the risk practitioner to know.

  • Control design, selection and analysis Video — 00:12:13
    • In this video, we discuss how to use control testing and incident management programs to assess the current state of risk and how to design, select and adjust to maintain the best risk controls.

  • Control testing, implementation and effectiveness evaluation Video — 00:31:19
    • This video begins with an overview of control testing, then delves into control implementation, review of implementation for lessons learned, control management procedures, various options for testing and best practices for testing.

  • Risk treatment plans Video — 00:16:02
    • Risk treatment plans for monitoring and reporting, the risk response process and risk mitigation are all covered in this course.

  • Data collection, aggregation, analysis and validation Video — 00:28:15
    • In this video, learn how to collect, aggregate, analyze and validate data by using a variety of tools and data logs.

  • Risk and control monitoring and reporting techniques Video — 00:30:37
    • This video details methods and sources to help the risk practitioner with monitoring and reporting risks and assessing the effectiveness of various controls, such as heatmaps, scorecards and dashboards.

  • Performance, risk and control metrics Video — 00:31:24
    • This video covers the metrics for determining risk controls effectiveness and provides details on metrics such as key performance indicators (KPIs), key risk indicators (KRIs) and key control indicators (KCIs).

  • Domain 3: Risk response and reporting course summary Video — 00:01:52
    • A short summary of Domain 3, reviewing the main areas covered in the preceding videos on IT risk response and reporting.


Course description

CRISC Domain 3 covers risk treatment and response options and dives into such topics as risk and control ownership, third-party risk management, emerging risk, control design and implementation, control types, standards and frameworks, control design, sel

Meet the author

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certification and skills training. We also empower all employees with security awareness training to stay cybersecure at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library