ISACA's risk management certification makes its entry


ISACA's risk management certification makes its entry

Dhwani Pandya, Principal Correspondent
ISACA, the global association of IT audit, risk, governance, and security professionals has recently announced its new risk management certification. The certified in risk and information systems control (CRISC) certification is designed for IT professionals who identify

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

and manage risks through the development, implementation and maintenance of information system (IS) controls.

ISACA has established CRISC (pronounced "see risk") to recognize IT professionals with skills and abilities related to risk identification, assessment and evaluation, risk response, risk monitoring, IS control design and implementation, IS control monitoring and maintenance. The first CRISC risk management certification exam will be administered in 2011.
More security certification related resources
Security certifications: Are they worth the trouble?

How can I get my CISSP certification?

What is the GISP certification and how does it compare to the CISSP certification?

Benefits of ISO 27001 and ISO 27002 certification for your enterprise

A grandfathering program, through which experienced professionals can earn the risk management certification without passing an exam, will open in April 2010. Anand Shenoy, the president of ISACA's Mumbai Chapter informs that risk professionals with extensive experience in the field need not go through the exam. "They will have to submit documentary proof of experience in specified areas to get this certification," says Shenoy. "Also, risk management professionals can learn more about CRISC, the new Risk IT framework, and the latest risk management best practices at Asia-Pacific CACS in Mumbai," he adds.

The ISACA press release mentions that CRISC risk management certification complements ISACA's three existing certifications: certified information systems auditor (CISA), certified information security manager (CISM), and the newer certified in the governance of enterprise IT (CGEIT). It explains the correlation between the CRISC risk management certification and existing ISACA certifications in the following manner.

•   CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC risk management certification is for IT and business professionals who design, implement and maintain IS controls.

•   CISM is for individuals who manage, design, oversee and/or assess an enterprise's information security, including the identification and management of information security risks; CRISC risk management certification is for IT professionals whose roles also encompass operational and compliance considerations.

•   CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC risk management certification is for IT and business professionals who are engaged at an operational level to mitigate risk.

Additional information about the CRISC risk management certification is available at ISACA's official CRISC page.