FR | NL | EN
   About us     Contact     Glossary index     Sitemap   
 
   HOME     AUDIT     ADVISORY     REFERENCES     NEWS     KNOWLEDGE   





   Home > Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC)     Print

ISACACertified in Risk and Information Systems Control (CRISC)
Certified in Risk and Information Systems Control (CRISC)
is an advanced certification introduced in 2010 by ISACA, and designed for IT and business professionals who identify and manage risks through the development, implementation and maintenance of appropriate information systems (IS) controls.

Objective

CRISC is designed for experienced professionals, who can demonstrate 5 or more years of IT or business experience, and at least 3 years of experience in the CRISC focus areas. It also requires passing a 4-hour test, designed to evaluate an applicant's understanding of risk and information systems controls.

Focus areas

The professional experience and knowlegde requirements are grouped into 5 job practice domains:

  • Domain 1 — Risk identification, assesment and evaluation
  • Domain 2 — Risk response
  • Domain 3 — Risk monitoring
  • Domain 4 — IS control design and implementation
  • Domain 5 — IS control monitoring and maintenance

Relationship with other ISACA certifications

CRISC is intended to complement ISACA’s three existing certifications.

  • CRISC is for IT and business professionals who are engaged at an operational level to mitigate risk while Certified in the Governance of Enterprise IT (CGEIT) is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management;
     
  • CRISC is for IT and business professionals who design, implement and maintain IS controls while CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness;
     
  • CRISC is for IT professionals whose roles encompass security, operational and compliance considerations, while CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks.

Website: http://www.isaca.org/crisc

Information from the international ISACA web site:

<<<
QAP © 2010 | advice[at]qap.eu | audit[at]qap.eu
   Audit     Advisory     Training     Change     Disclaimer     Copyright   
pen4web