ISACA’s expert guidance gives professionals and enterprises the tools, techniques and understanding to manage IT Risk.

The Promise and Peril of the AI Revolution

The Promise and Peril of the AI Revolution

AI is rapidly sweeping through our businesses and our world. The need for CISOs, IT risk managers, executives and IT senior management to keep pace with the rapidly evolving risk landscape is urgent.

Using Risk Tolerance to Support Enterprise Strategy

Using Risk Tolerance to Support Enterprise Strategy

Effective enterprise risk management requires all stakeholders to understand and communicate risk terminology consistently.

Risk Scenarios Toolkit

Risk Scenarios Toolkit

The use of risk scenarios can enhance the risk management effort by helping the risk team understand and explain risk to business process owners and other stakeholders.

Risk Scenarios Starter Pack

Risk Scenarios Starter Pack

This toolkit, free to ISACA members, includes 10 sample risk scenarios that practitioners can use and tailor to their specific context within their enterprises. Risk scenarios facilitate communication in risk management by constructing a narrative that can inspire people to take action.

Risk Starter Kit

Risk Starter Kit

ISACA created the IT Risk Starter Kit to help users develop an IT Risk Program at their organization. Through detailed templates and guides you’ll be able to:

  • Establish a consistent, disciplined, and integrated approach to risk management.
  • Formalize a governance structure for risk oversight which includes the policies, processes, and control systems that support risk-related decision making.
  • And More...

Digital Operational Resilience in the EU Financial Sector: A Risk-Based

The 2008 financial crisis was one of the most devastating and far-reaching global recessions in modern history. While the reforms that followed strengthened the resilience of the financial sector, they only indirectly addressed information and communications technology (ICT) and did not fully address digital operational resilience.


Optimizing Risk Response

Risk is a part of everyday life, from transportation and travel to business and financial decisions. The digital world is no exception. While information and technology have driven innovation and created new opportunities for businesses worldwide, they are not without peril.


IT Risk Fundamentals Study Guide

A comprehensive study aid that will help to prepare learners for the IT Risk Fundamentals Certificate exam. The course offers foundational knowledge of IT- related risk management and the methodology that includes risk identification, evaluation, and response.


Risk IT Framework

The Risk IT Framework fills the gap between generic risk management concepts and detailed IT risk management. It provides an end-to-end, comprehensive view of risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage significant IT risk types, building upon the existing risk related components within the current ISACA frameworks.


Risk IT Practitioner Guide

The Risk IT Practitioner Guide provides practical guidance for risk professionals. The guide includes a large variety of practical risk management techniques that can be implemented immediately.

Advance your expertise and add to your career potential or enterprise skillset with training developed and delivered by the experts in IT Risk.


IT Risk Fundamentals Certificate

Ideal for professionals who wish to learn about risk and information and technology (I&T)-related risk, whom currently interact with risk professionals, or are new to risk and interested in working as a risk or IT Risk profession. Affirm your foundational knowledge of risk that is related to I&T.

CPE on Demand: Risk Essentials Bundle

IT Risk Videos

The IT Risk Management Essentials Video enables you to gain critical foundational knowledge of IT risk concepts, practices and impacts on IT and business. This essential primer for IS/IT and business managers, practitioners and anyone interested in a risk management career is accessible on-demand, anywhere. IT Risk Assessment Video will help you further your IT Risk learning with the IT Risk Assessment Video. This learning enhancement for IS/IT and business managers, practitioners and anyone interested in a risk management career is accessible on-demand, anywhere.



(CRISC) Certified in Risk and Information Systems Control

ISACA’s Certified in Risk and Information Systems Control (CRISC)® certification indicates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls. Gain instant recognition and credibility with CRISC and boost your career.

CPE on Demand: Risk Essentials Bundle

CPE on Demand: Risk Management

The CPE on Demand: Risk Management collection provides timely, valuable insights for IT Audit, Security, and Risk professionals, and enables you to learn on your schedule while earning up to 5.5 ISACA CPEs. Access to the entire collection of recordings - each recorded at ISACA’s North America CACS 2020 Conference - is unlimited for a 90-day period and includes downloadable presentation decks.

When you want guidance, insight, tools and more, you’ll find them in the resources ISACA offers.


COBIT Focus Area: Information & Technology Risk

COBIT Focus Area: Information & Technology Risk provides guidance related to information and technology (I&T) risk and how to apply COBIT to I&T risk practices.


Getting Started With Risk Management

Our FREE white paper, Getting Started With Risk Management, explores the careful balance that must be achieved while addressing any unique factors that may exist in your organization. In formulating a business strategy, the enterprise may decide to accept some level of risk in exchange for pursuing business goals and objectives. This paper discusses various options and considerations.


Bridging the Digital Risk Gap

To help improve communication and effectiveness between Risk management and IT professionals, ISACA and RIMS have partnered on a FREE white paper, Bridging the Digital Risk Gap, which outlines best practices for integrating these professionals into an overall digital strategy team to create value and counterbalance unwanted risks and outcomes.

Supply Chain Resilience and Continuity

Supply Chain Resilience and Continuity

With each major disaster we confront—including the current pandemic—business continuity management must continue to evolve. Learn how in the new free white paper: Supply Chain Resilience and Continuity: Closing Gaps Exposed in a Global Pandemic.

dots in a circle - ISACA's CMMI Cybermaturity Platform

The CMMI Cybermaturity Platform

The CMMI Cybermaturity Platform features custom risk profiling, assessments, gap analyses, and roadmap functions, and is in use across multiple sectors including financial services, healthcare and manufacturing. It addresses industry concerns and organizational challenges, including confidence in cybersecurity initiatives and prioritizing security programs. The platform gives businesses real-time knowledge of best cybersecurity practices, so organizations can make evidence-based decisions on how to improve cybersecurity programs.

View Risk Management Publications and Resources

Gain additional insight and guidance on leveraging the IT Risk framework to create and maintain the most effective techniques and understanding to manage IT Risk.