Certified in risk and information systems control (c.r.i.s.c.)- issaca

Certified in risk and information systems control (c.r.i.s.c.)- issaca
hoverplay

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

 

CRISC Certification:   

  • Denotes a prestigious, lifelong symbol of knowledge and expertise as a risk professional
  • Increases your value to your organization as it seeks to manage IT risk 
  • Gives you a competitive advantage over peers when seeking job growth
  • Gives you access to ISACA's global community of knowledge and the most up-to-date thinking on IT risk management
  • Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct

CRISC Impacts Your Career and Your Organization

 

CRISC is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.

Those who earn CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls.


  • Domain 1: Risk Identification
  • Domain 2: Risk Assessment
  • Domain 3: Risk Response and Mitigation
  • Domain 4: Risk and Control Monitoring and Reporting

The American National Standards Institute (ANSI) has accredited the CRISC certification program under ISO/IEC 17024:2012, General Requirements for Bodies Operating Certification Systems of Persons. ANSI, a private, nonprofit organization, accredits other organizations to serve as third-party product, system and personnel certifiers. ISACA is proud to be recognized with this international standard of performance.

In accordance with the ISO standard, ISACA understands the importance of impartiality and commits to act impartially in carrying out its certification activities, managing conflicts of interest and ensuring the objectivity of its certification activities.

It is important for a CRISC candidate to be able to distinguish functional terms and apply concepts associated with “risk,” “threats” and “vulnerabilities. These terms should not be used interchangeably.

  • “Risk” refers to the likelihood (or frequency) and magnitude of loss that exists from a combination of asset(s), threat(s) and control conditions. As a derived value, it cannot take a plural form (i.e., “risks”). Consequently, when referring to conditions that represent some amount of risk, terms such as “risk factors,” “risk scenarios” or “risk concerns” will be used.
  • “Threat” refers to anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in loss or harm.
  • Vulnerability” refers to control conditions that are deemed to be deficient relative to requirements or the threat levels being faced. It is a weakness in design, implementation, operation or internal controls..

PREREQUISITES

The Certified in Risk and Information Systems Control (CRISC) certification is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institution.

Achieving CRISC certification validates that you have the knowledge and expertise to help companies understand business risk. It also confirms that you have the technical knowledge to implement appropriate information system (IS) controls.

 

Why Employers Hire CRISCs 

CRISCs bring additional professionalism to any organization by demonstrating a quantifiable standard of knowledge, pursuing continuing education, and adhering to a standard of ethical conduct established by ISACA.

CRISC employees:

  • Build greater understanding about the impact of IT risk and how it relates to the overall organization
  • Assure development of more effective plans to mitigate risk
  • Establish a common perspective and language about IT risk that can set the standard for the enterprise

ISACA draws on a global network of leading professionals to develop its certification programs. With access to experts around the world, ISACA is defining how IT risk is managed in current and future business environments.

What are the requirements for the CRISC qualification?

The Certified in Risk and Information Systems Control (CRISC) qualification is awarded to candidates with at least three years of relevant work experience who pass a rigorous written examination.

ISACA defines four CRISC domains on which you will be examined:

  • Domain 1—IT Risk Identification (27% of exam)
  • Domain 2—IT Risk Assessment (28% of exam)
  • Domain 3—Risk Response and Mitigation (23% of exam)
  • Domain 4—Risk and Control Monitoring and Reporting (22% of exam)

For more information, please see the official ISACA ‘How to Become CRISC Certified’ web page.


How do you pass the CRISC exam at the first attempt?

We recommend the following actions:

  1. Check that you have the relevant three years of work experience to qualify.
  2. Register and schedule your exam direct with ISACA.
  3. Purchase the official ISACA study guides and textbooks.
  4. Plan a self-study programme that covers all the key knowledge domains.
  5. Attend an exam preparation training course a few days before you sit the exam.