Awareness & Training

ISACA Introduces New Certification for IT Risk Professionals
Risk management and effective security controls are on every organization's agenda, and responding to this market demand is ISACA, which introduces a new risk-related certification for IT risk professionals.

The Certified in Risk and Information Systems Control (CRISC) designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems controls. These professionals help enterprises accomplish business objectives such as effective and efficient operations, reliable financial reporting, and compliance with regulatory requirements.

"The main objective of this certification is to demonstrate to employers that the certified professional is able to identify and evaluate the risks at the implementation and development level specific to an organization, and help the company accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls," says Urs Fischer, chair of ISACA's CRISC Task Force.

The CRISC is particularly designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

"CRISC fills a gap that currently exists in the marketplace, says Fischer, as it targets the 'hands-on' IT professionals responsible for technical and system operations that implement, design and develop the controls, understand the risk scenario and threats to the organization and work in attempt to lower this risk.

Starting this April, a grandfathering program will be initiated, through which experienced professionals can earn the certification without passing an exam. Experienced and qualified professionals can submit their applications based on CRISC's focus areas for review, which will then be examined by an official committee. The first CRISC exam will be administered in 2011.

CRISC complements ISACA's three existing certifications: Certified Information Systems Auditor, Certified Information Security Manager and the Certified in the Governance of Enterprise IT.

Additional information about the CRISC certification is available at www.isaca.org/crisc.


About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.





Around the Network