The CRISC (pronounced see-risk) certification focuses on:
* Risk identification, assessment and evaluation
* Risk response
* Risk monitoring
* IS control design and implementation
* IS control monitoring and maintenance
The new credential complements ISACA’s existing certifications:
* While CISA <http://www.isaca.org/cisa> is designed for IT professionals who perform independent reviews of control design and operational effectiveness, CRISC is for IT and business professionals who design, implement and maintain IS controls.
* While CISM <http://www.isaca.org/cism> is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks, CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
* While CGEIT <http://www.isaca.org/cgeit> is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management, CRISC is for the IT and business professionals who are engaged at an operational level to mitigate risk.
A grandfathering program, through which experienced professionals can obtain the certification without taking the exam, will open in April. The first CRISC exam will be held in 2011.
Click here <http://www.isaca.org/crisc> to learn more about this latest certification from ISACA.
è A minimum of 3 years of work experience performing the tasks described in the CRISC job practice is required for certification. There will be no substitutions or experience waivers.
è More details on the job practice areas for the above 5 domains is forthcoming in April.
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP