Extensive global research conducted by ISACA has revealed that revealed enterprises are becoming more risk-aware and are looking to identify professionals who possess the skills to help them protect their assets and enhance their businesses.
To meet this demand ISACA, a global association of over 80,000 IT audit, risk, governance and security professionals, launched a new risk-related certification for IT professionals in early 2010—The Certified in Risk and Information Systems Control (CRISC). The designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems controls. A grandfathering programme, through which experienced professionals can earn the certification without passing an exam, will open in April and the first CRISC exam will be administered in 2011.
The CRISC has been established to recognise IT professionals with skills and abilities related to:
- Risk identification, assessment and evaluation
- Risk response
- Risk monitoring
- IS control design and implementation
- IS control monitoring and maintenance
Urs Fischer, Chair of ISACA’s CRISC Task Force commented, “The CRISC designation will demonstrate to employers that the certification holder is able to identify and evaluate the risks unique to their specific organisation and help the enterprise accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.”
CRISC complements ISACA’s three existing certifications: Certified Information Systems Auditor (CISA) established in 1978; Certified Information Security Manager (CISM) established in 2002; and the newer Certified in the Governance of Enterprise IT (CGEIT) established in 2006.
Paul Arkwright
Publisher
