Any good free resources for CRISC?

UnixGuyUnixGuy Mod Posts: 4,564 Mod
Preferably video material for CRISC. I'm doing the QA database from ISACA, but i'm wondering if there is something free I can watch for certain topics?
Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


Tagged:

Comments

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    edited September 2020
    What are the major topics of the CRISC?

    O'Reilly Online only has the MGH CRISC All-In-One book from December 2015. Pluralsight has a learning path for CRISC which contains 7 hours of videos by Kevin Henry based on the 2015 CRISC Job Practice Areas. I assume these material can be access in the free trial period for both sites.

    It looks like a lot of the commercial study materials are for the 2015 CRISC Job Practice Areas. Is there a more recent one?
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Four main areas:
    - IT Risk Identification
    - IT Risk Assessment
    - Risk Response and Mitigation
    - Risk and Control Monitoring and Reporting


    My score is averaging 65%-70%. I didn't do any studying, just relying on my experience with Risk assessment. Some questions (and answers) in the QAE are strange to say the least, making big claims that I can challenge ISACA to but I honestly can't be bothered.

    My lowest score seem to be in the IT Risk Identification area, so I thought perhaps I can watch some videos that are ISACA related. Cybrary seem to have videos but they're not free.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Most for-cost training sites have a "free trial period" that you can access using a burner email account and without a credit card. I'm thinking the only videos that will have the depth and detail you need are those created specifically for the CRISC. 

    Are there any other risk management certs? 
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    JDMurray said:

    Are there any other risk management certs? 
    Not that I know off. I'm doing this one because it's a requirement for something obscure I need to do at work.

    The majority of Risk professionals (non IT) don't have any certs, just experience. Some come from law backgrounds some come from accounting, and other random professions. A huge chunk of risk professionals have worked at (or closely with) consulting firms that specialise in this area. I did risk assessment and enterprise risk management and had to learn on the job. The work can be tedious but you get interact with many interesting stakeholders at all levels and you get exposure to boards and risk committees.

    I'm not a fan of ISACA for a multitude of reasons, I have strong opinions that I'll keep for myself. I'll get this done.

    I'll see how I go with the Q&A database questions, if I need further help I'll check more resources if necessary. For now, I think I can manage

    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    To me, Risk Management = Insurance/Assurance

    What can happen, how likely is it to happen in a given time period, and what will it cost us to recover each time it happens.

    Fun stuff!  :expressionless:
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Pretty much!

    It's an important agenda item for boards and cyber security is now a popular risk that needs to be managed and stirred by a risk steering committee. It created a lot of jobs and endless meetings/consulting work to talk about cyber risks, document risks, follow up on risks, report on risks, generate graphs, power points, spreadsheets, more reports....etc .etc .etc.

    This is where my career's at at the moment
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Well, you can always space-out during a long risk management meeting and dream of your next career pivot!
  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Risk management is my livelihood - albeit in different walks of life. I wouldn’t change for the world lolzz. Sarcasm aside, in all honesty I only used the Q&A. Talking of risk, my own interests lie within risk quantification - using FAIR. Sounds pretty interesting.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    @scasc: I'm a member of my local FAIR chapter! I argued to death with them about the validity of trying to quantify breaches :D

    Jokes aside, I think I'll just rely on Q&A. I'm getting 70%+ consistently. The Q&A recommends that I get 80%+ consistently, not sure how realistic is this. We'll see
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    @UnixGuy - the issue I have found is that when presenting or working with risk, management are so ingrained in viewing heat maps still. Culturally not ready to truly quantify the problem. Funny story, I once presented results the typical heat map fashion to a techie as it was such a project and he demanded actual quantification saying this is all "fluff" lol. So I guess it depends. But what is your take on Fair? I am interested in perhaps exploring this further to add quantification to my results? 

    In respect to CRISC - I am sure that the Q&A will be suffice for you to pass. Just go over a couple times, understand the concepts and the way ISACA answer the question. Even with 70% it still is a reasonable shot. But keep at it to see if this can be improved. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    I'm improving my score so will probably take the exam some time in the coming weeks.

    FAIR is fine, I'm just wary of putting dollar values on the cost of hypothetical breaches and different risks before they occur; there are just so many variables that no matter what benchmark is being used, the data will never be accurate (or even close to being accurate) so I'm wary of those 'quantitative' measures. Some breaches cost nothing and the company moves on, others can get the company out of business so i'm just not comfortable throwing a number around. Other than that, they seem to be doing good work and it's an ok network of risk professionals
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Ok I finished all the 550 questions, with a score of exactly 80%. I'm going to book the exam soon and hope for the best....
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Best of luck, let us know how you get on. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Exam in 3 days...Im going through the QA DB but I'm afraid I memorised the questions/answers somehow (I still understand the logic behind the answers)  so it's pointless doing more now. I think I'm ready.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Best of luck. I'm sure it will be fine. Keep us posted.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    I passed just now. They will email the score results within 10 business days. I'll share my experience in a new thread when i get the results
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    edited September 2020
    Well done, look forward to it.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    It's been a week, still haven't received any acknowledgment that I passed.....waiting for those 10 business days


    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    My results came exactly on 10th day, like all my isaca results. Sit tight :)
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    @scasc it's weird because ISACA send me DAILY emails about all the amazing services I should be paying for and all the event I should attend. They also send 'renewal' reminders 4 months before the expire date...
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    UnixGuy said:
    @scasc it's weird because ISACA send me DAILY emails about all the amazing services I should be paying for and all the event I should attend. They also send 'renewal' reminders 4 months before the expire date...
    haha - Yep, pretty much a money making machine that wants to prioritize this. I guess they all are to some degree. Be patient my friend, all will come through.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.