In the present era, when information is just a click away so are the treats to this information. A threat can come in any form - a hacking software, manipulation of data files or even destruction of data programs. These all threats are a matter of grave concern in the world of information technology. It is quite relieving to note that these threats can be controlled and risks mitigated.
This is where CRISC (Certified in Risk and Information System Control) Professionals step in. They are like watchdogs for Information Systems. These professionals are trained to control financial risks, failure risks, risks caused by natural disaster and many more. This is a certification for experienced professionals involved in developing effective controls for managing risks associated with information technology. It has been developed to meet the ever increasing demand of these professionals.
As In the case of other certifications, the first step is to procure the application form, duly fill it and submit it either online or post it. After the processing of the registration form, an acknowledgement email is sent to the candidate, mentioning exam test site and exam language. The test sites are available in the 100 miles of the location where the candidate wants to be tested. To give the flexibility, the exams take place two times a year during the months of June and December. Candidates are required to answer a total of 200 multiple choice questions. Total time for the exam is 4 Hours.
It takes approximately eight weeks for the results to come out. Passing the exam is not enough as the candidate is required to gain the work experience in accordance with the guidelines of the code of Professional Ethics. If the standards are not met within 3 years after passing the exam the score will stand void. The rules for the work experience are very strict and there is no waive in the experience in any case.
There is a requisition of work experience in at least 3 CRISC domains to apply for the certification. Along with that a cumulative experience of three years is required.
The aim of this certification is to provide stability, skills and potential to have the following abilities as Risk and Information System Controller:
- Ability to identify the possible risks and evaluate the priority;
- Ability to monitor the risks constantly and act immediately when needed;
- Ability to design, control and implementing the information system;
- Ability to control monitoring and maintenance of the functioning.
Benefits of CRISC Certification:
Information System is certainly a vast subject. It has facilitated functioning of the world market. Ultimately it brings along a risk of hacking information, destruction and modification of data. Here comes in the role of a certifiedrisk and Information system controller, who can protect the information from going to wrong hands.
CRISC is a highly sought after certification.CRISC certified professionals benefit in terms of better opportunities, better remuneration which in return seek more responsibility towards the role. The skills gained make the candidates specialized professionals responsible for controlling of business and technology risk management, designing and monitoring the implementation of the safeguard system.
CRISC professionals are in great demand in all kinds of industries such as technical, organizational, human-oriented and legal. As an expert in the field, you can showcase your understanding between the business goals and information security program.
I am in the information technology division in a bank. The banking industry is a highly information based industry where confidentiality and security of information are crucial. I am sure you will not like to transact with a bank that leaks information about the transactions you do! The certification has helped me emerge as an expert in the field of recognizing and managing risks in an information intensive industry. While knowledge of IT is essential for this it is not a technical in nature but talks about governance making it useful for both organizations and individuals.
Upasana Singh, Divisional Manager, Information Security