Skip to content

ISACA Certification Study Cubelets — CISA, CISM, CRISC, CDPSE

10 ISACA cubelets — CISA, CISM, CRISC. WHAT, WHY, and HOW faces free. WHERE, WHEN, and APPLY unlock at Grid42 Professional.

42/60 minimum quality gate · v0.1.0

Browse free — then practice with simulations at app.cubelet.ai →

CISAGovernance and Management of IT

IT Governance Frameworks

IT governance frameworks are structured bodies of guidance, processes, and practices that define how an organization …

CISAIS Acquisition, Development & Implementation

Postimplementation Review

A postimplementation review (PIR) is a formal evaluation conducted after a system or project has gone live to determi…

CISAIS Acquisition, Development & Implementation

Systems Development Lifecycle

The Systems Development Lifecycle (SDLC) is a structured framework that defines the phases, activities, roles, and co…

CISAProtection of Information Assets

Access Control Concepts

Access control is the set of policies, mechanisms, and procedures that regulate which subjects — users, processes, or…

CISMInformation Security Governance

Security Governance Framework

An information security governance framework is the collection of leadership structures, policies, accountabilities, …

CISMIncident Management

Incident Classification

Incident classification is the process of categorizing a detected security event by its type, severity, affected asse…

CISMInformation Security Program

Security Program Development

An information security program is the comprehensive, coordinated set of policies, standards, procedures, controls, a…

CISMInformation Security Risk Management

Risk Appetite and Tolerance

Risk appetite is the aggregate level and type of information security risk that an organization is willing to accept …

CRISCGovernance

IT Risk Governance

IT risk governance is the set of organizational structures, policies, and accountability mechanisms through which an …

CRISCIT Risk Assessment

Risk Identification

Risk identification is the systematic process of discovering, categorizing, and documenting potential threats and vul…

Looking for CMMC practice? Run the CMMC Tabletop Exercise →

What is a cubelet?
A cubelet is the smallest granular unit of compliance knowledge — a single practice or control explored from six angles (WHAT, WHY, HOW, WHERE, WHEN, APPLY) across five mastery levels. Three faces (WHAT, WHY, HOW) are free. WHERE, WHEN, and APPLY unlock with GRID42 Professional.
Which ISACA certifications do the cubelets cover?
The catalog includes cubelets for CISA (ISACA Certified Information Systems Auditor), CISM (Certified Information Security Manager), and CRISC (Certified in Risk and Information Systems Control). Additional CDPSE cubelets are in development.
How are cubelets different from flashcards or study guides?
Flashcards test recall. Cubelets develop judgment. Each cubelet progresses from definition (WHAT) to reasoning (WHY) to implementation (HOW) to contextual application (WHERE, WHEN, APPLY). The APPLY face requires demonstrating the skill under scenario conditions — not just recognizing the answer.
Can cubelets be used for CMMC preparation?
Yes. CMMC cubelets map each of the 110 CMMC Level 2 practices to the cubelet format. They integrate with the Scaffold diagnostic — so after your gap profile is generated, Pursuit routes you to the specific cubelets your gaps require.