If you ask me what the best certification in information security are to advance your career, CRISC would be in the top 3 of my recommendation. It is accredited by US DoD and is highly valued in the industry
What is CRISC?
CRISC stands for Certified in Risk and Information System Controls. Let’s try to understand the two-element of this certification ie. Risk and Controls
- Risk – Enterprise is risk and opportunity-driven. To ensure that your IT-related risk activities are in alignment with your Enterprise risk management strategy, we need a middleman who understands risk holistically and has a deep understanding to advise the senior management on the controls to
- Information Security Controls – Controls are generally called safeguards or countermeasures. While there is a slight difference between the two, the purpose is the same. The purpose is to mitigate the Risk so that it remains within the Acceptable limits decided by Senior Management
The crux is that enterprise needs expertise who understands Risk, helps align IT risk with Business and who can plan the advisory role to guide Senior Management on Risk and the controls to mitigate that risk. CRISC is the best in class only certification which focus both on Risk and IS controls.
Good Enough, is there eligibility to do CRISC Certification?
CRISC certification requires that the candidates should already have three years of work experience into managing IT risk and implementing IS controls. Three years of cumulative work experience is required across at least two CRISC domains out of which one must be in Domain 1 or 2. Please note, there are no experience waivers or substitutions.
What are the different domains in CRISC?
- IT Risk Identification—27%
- IT Risk Management—28%
- Risk Response and Mitigation of —23%
- Risk and Control Monitoring and Reporting—22%
The percentage against each denotes the percentage of coverage in the CRISC Exam.
CRISC exam includes 150 questions which must be completed in four hours. The exam is available in three languages, Chinese Simplified, English and Spanish
How much do I pay to appear for CRISC?
The fee structure is different for ISACA’s members and non-members:
ISACA Member: $575 USD
ISACA Non-member: $760 USD
There are additional fees for maintaining certification:
ISACA Member: $45 USD
ISACA Non-member: $85 USD
The exam fee is neither refundable nor transferable. ISACA membership can be obtained through the online registration process on ISACA’s website.
ISACA exams are conducted in PSI centres and the candidate can book the exam at any time of the year. Once you pay for the CRISC exam you must pass the exam within one year of payment.
How to Prepare?
- Not much stuff is available on the website related to this certification. Make sure you refer to official content. Especially the sample questions can be way too misleading. We recommend the following study material:
- It’s advisable to take you your CRISC training before you appear for the exam. This will help you shape up well for the preparation. Books are dry and sometimes difficult to relate. Most certified professionals will agree with me that ISACA has its own way of expression of ideas and a candidate needs to align with thinking and you must align with what else questions can be too tricky to answer.