CRISC Domain 4: Information technology and security

CRISC Module 4 covers ISACA CRISC Domain 4, including principles of both information technology and information security.


  • Domain 4: Information technology and security pre-reading materials File — 00:10:00
  • Domain 4: Information technology and security participant guide File — 00:10:00
    • This participant guide includes the various slides that the instructor presented in the videos for Domain 4 so that participants can review the main ideas, as well as relevant charts, graphics, questions and activities.

  • Domain 4: Information technology and security activity book File — 00:10:00
    • The activity book consolidates all of the activities discussed in Domain 4.

  • ISACA overview of Domain 4: Information technology and security Video — 00:02:06
    • A brief overview of the ISACA CRISC coursework and exam for Domain 4: Information Technology and Security

  • Introduction to Domain 4: Information technology and security Video — 00:04:53
    • This introduction to Domain 4 notes the weight of the domain on the exam (22%), provides the outline for the coursework and details the learning objectives for Domain 4: Information Technology and Security.

  • Enterprise architecture Video — 00:19:25
    • This video introduces the concept of enterprise architecture, a process that includes examination, evaluation and adjustment, as well as maturity models and alternatives and the guidance components for a framework: organization, documentation, notation an

  • IT operations management Video — 01:11:34
    • In this video, the instructor explores IT operations management, including supply chain management, IT and networking components, TCP/IP stacks, various network topologies, configuration management, software hardening, virtualization, updating the risk re

  • Project management Video — 00:25:56
    • In this video on project management in the information technology and security fields, the focus is on the 4 steps of project management: initiation, planning, execution and closeout. It also discusses PM methodologies, project failure and response, syste

  • Enterprise resiliency Video — 00:24:33
    • With threats being a constant in the IT and IS fields, this video discusses resiliency within the enterprise; the creation of a business continuity plan (BCP), beginning with the business Impact Assessment (BIA); and disaster recovery if an unplanned even

  • Data life cycle management Video — 00:18:15
    • This video explores the management of the data life cycle, which includes the creation, storage, use, sharing, archiving and destruction of data. It also covers how to determine the level of protection needed and data loss prevention.

  • System development life cycle Video — 00:11:09
    • In this video, the focus is on the system development life cycle (SDLC) for risk management, which includes initiation, development, implementation, maintenance and disposal. The video discusses management tasks within the SDLC and what happens when the p

  • Emerging trends in technology Video — 00:18:20
    • Emerging technologies may help an enterprise with a variety of tasks, but this video focuses on the need to balance the use of new technologies with the potential risks of new technologies.

  • Information security concepts, frameworks and standards Video — 01:10:51
    • This video does a deep dive into the principles, frameworks and standards that govern information security and following the CIA Triad (confidentiality, integrity and availability). Topics include system ownership, strategy, legacy systems, segregation of

  • Information security awareness training Video — 00:08:36
    • In this video, the discussion includes the benefits and risks of user familiarity with technology and creating effective information security awareness training.

  • Data privacy and data protection principles Video — 00:11:09
    • This video introduces the legislation and rules that apply to data privacy and protection in various countries, how to stay current on the latest regulations and key concepts of data privacy.

  • Domain 4: Information technology and security course summary Video — 00:02:12
    • A short summary of Domain 4, reviewing the main areas of focus related to information technology and security discussed in the preceding videos.


Course description

CRISC Domain 4 covers information technology and security and dives into such topics as enterprise architecture; IT operations management; project management; disaster recovery management (DRM); data life cycle management; system development life cycle (SDLC); emerging technologies and more.

Meet the author

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certification and skills training. We also empower all employees with security awareness training to stay cybersecure at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library