Security Awareness Programs & Computer-Based Training
ISACA Introduces New Certification for IT Risk ProfessionalsRisk management and effective security controls are on every organization's agenda, and responding to this market demand is ISACA, which introduces a new risk-related certification for IT risk professionals.
The Certified in Risk and Information Systems Control (CRISC) designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems controls. These professionals help enterprises accomplish business objectives such as effective and efficient operations, reliable financial reporting, and compliance with regulatory requirements.
"The main objective of this certification is to demonstrate to employers that the certified professional is able to identify and evaluate the risks at the implementation and development level specific to an organization, and help the company accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls," says Urs Fischer, chair of ISACA's CRISC Task Force.
The CRISC is particularly designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.
"CRISC fills a gap that currently exists in the marketplace, says Fischer, as it targets the 'hands-on' IT professionals responsible for technical and system operations that implement, design and develop the controls, understand the risk scenario and threats to the organization and work in attempt to lower this risk.
Starting this April, a grandfathering program will be initiated, through which experienced professionals can earn the certification without passing an exam. Experienced and qualified professionals can submit their applications based on CRISC's focus areas for review, which will then be examined by an official committee. The first CRISC exam will be administered in 2011.
CRISC complements ISACA's three existing certifications: Certified Information Systems Auditor, Certified Information Security Manager and the Certified in the Governance of Enterprise IT.
Additional information about the CRISC certification is available at www.isaca.org/crisc.