What is CRISC?

When companies see risk, they often translate that risk into some type of event threatens their organization and cause harm to valuable information or data. This is untrue. Not every risk is a threat.

There are several factors that need to be analyzed and evaluated when looking risk that determines if risk can become a threat. Factors such as likelihood, impact, and assets the organizations mission and vulnerability all need to be taken into account before a risk becomes threatening.

What is ISACA’s CRISC ?

Certified in Risk and Information Security Control, or CRISC is one of the only certifications that can prepare you for real world threats and give you the tools necessary to evaluate and manage risk. The IT risk management life cycle that is covered in a CRISC course teaches you the necessary steps needed to evaluate risk. Then, depending on if that risk is a threat, the life cycle will teach you what steps should be taken next in order to eliminate that threat.

Who is CRISC for and why do you need it?

CRISC is a great certification to have if you are a Business Analyst, Project Manager, IT professional in risk management, or anyone that has already conquered three of the ISACA domains and want to continue moving further in your career.

CRISC is important to those in IT risk management and mitigation. ISACA certifications are globally recognized and by conquering the CRISC exam you are proving to your current and future employer that you have the skills and tools necessary to analyze and understand risk management.

How do I get Certified?

CIRSC is a certification that can only be obtained after passing the CRISC exam. This exam is regulated by ISACA and is only available to take twice a year. The first exam date has already passed, but the registration for the December 12th exam is still open and will remain open until October. In order to take this exam you need to have at least three years of work experience with at least three of the domains established by ISACA.

The exam is broken down as follows:

• Identification, Assessment and Evaluation of Risk – 31%
• Risk Response -17%
• Monitoring Risk -17%
• Information System Control, Design and Implementation -17%
• Information System Control, Monitoring and Maintenance -18%

You can prepare for this class by taking an instructor lead course, or through self study. If you have any further questions about CRISC or the exam, you can contact any of our consultants here at Phoenix TS by chatting with us via our website chat box, or you through email. Feel free to come to us with any questions, or concerns you have. We would love to help.