Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
CRISC: Everything You Need to Know

Neha Chandra August 12, 2015 2 Comments

CRISC: Everything You Need to Know

Certified in Risk and Information Systems Control (CRISC) is a fairly new certification exam issued by ISACA. CRISC certified professionals manage organizational risks, associated controls and ensure risk management strategies are aligned to overall business objectives.

I appeared for the exam in June 2014 and was amongst the top scorers in Asia region. Since there isn’t as much guidance about CRISC as about other ISACA certification like CISA & CISM, here is my take on the exam.

About the CRISC Certification

Issued by Information Systems Audit and Control Association (ISACA), CRISC certification is provided to professionals who identify and manage risks through the development, implementation and sustenance of information systems controls.You can learn more about the exam at the official page here.

What does it cover?

ISACA has recently revised CRISC job practice decreasing them to 4 from previous 5 domains. Starting June 2015, the CRISC exam will contain 150 questions (instead of 200) testing these new domains:

  • Domain 1—Risk Identification (27%)
  • Domain 2—Risk Assessment (28%)
  • Domain 3—Risk Response and Mitigation (23%)
  • Domain 4—Risk and Control Monitoring and Reporting (22%)

The numbers in brackets indicate the weight-age given to each domain in the exam. The domains are further represented in terms of knowledge statements. While it’s important to understand the knowledge statements and the objective they serve, one doesn’t need to mug them. You can review them here.

How to prepare for the exam?

The CRISC Review Manual 2015 from ISACA is the bible and your sole rescuer for this exam. I couldn’t catch hold of any good material from independent publishers, which re-emphasizes the fact that the exam is still evolving. I’ve not been fortunate enough to get a copy of the 2015 manual with new job practices, but I believe the essence of risk management shall be the same. The manual has plenty of questions for a candidate to practice and get a feel of the real exam. The answers and explanations are also provided. Besides this ISACA also has a CRISC Question & Answer Database and it’s supplement. One can also take a 12 month subscription and access the database via web.

What’s the exam like?

CRISC is a paper based examination. Starting 2015, 150 questions need to be answered in a duration of 4 hours. ISACA uses a 200-800 point scale with 450 as the passing mark for the exam. A scaled score is a conversion of the raw score on an exam to a common scale. I didn’t find any questions straight from the manual. They were more application & experience based in the risk management field.

The exam fee may vary from $440 to $750 based on whether or not you’re an ISACA member. You can start the exam registration process from here. Same goes with the cost of exam preparation material. My personal advice is to go for the membership here. ISACA has ton loads of wonderful materials, all free to members. In the unfortunate event of failing the exam, you need to pay the exam fee again to retake it. You can read more about the examination process here.

Post exam jitters

I personally felt devastated after the exam as I wasn’t sure about most of the questions I answered. This was unlike ISACA’s CISA exam, where I was pretty confident about my answers. Earnestly hoping to pass by a miracle, I stepped out of the exam hall and found others to be in the same boat.

Once you’ve given the CRISC examination, you’ll have to wait for 8 weeks to know the results. Therefore, by the time results are announced you would’ve probably moved on.

What’s next after clearing the exam?

Certification Prerequisites

  • 3 years of professional experience in at least two of the four new domains; 1 year of experience focused on Domain 1 or 2
  • Adherence to the ISACA Code of Professional Ethics
  • Comply with the CRISC Continuing Professional Education (CPE) Policy

Once you’ve cleared the exam, ISACA requires you to fill a CRISC Application for Certification. In this application you’ll need to list at least three years of cumulative work experience in at least three CRISC domains. Candidates who do not meet the experience requirements have five years, from the date of clearing the exam, to gain the relevant experience.

In order to maintain the certification certification holders must earn and submit certain number of CPE points annually and every three years. In addition to CPEs, Annual Maintenance Fees also needs to paid annually. Learn more about the credential maintenance requirements here.

Exam Tip

I often get questions like strategy adopted to prepare for the exam or a sure shot way to clear it. Believe me it totally depends upon individual strengths and weaknesses. So, the best way is to realize what you can leverage upon and what needs to be improved. At the end of day, it’s an exam!

If I have left out anything or if readers have any additional queries please leave them in the comments below. Please note that questions regarding sharing and distribution of pre-owned material will not be entertained as it amounts to piracy.

Related Posts

  • CISM: Everything You Need to KnowCISM: Everything You Need to Know
  • Understand and restrict admin access in your organizationUnderstand and restrict admin access in your organization
Neha Chandra
Neha Chandra

Neha Chandra, CISSP, RSA – Archer Administrator, ITIL v2 Foundation, PRINCE2 Foundation, Information Security & Privacy Consultant at IBM, is a recent Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC) exam passer and is preparing to pursue the Certified Information Security Manager (CISM) certification in the future.

Filed Under: Upcoming Certifications Tagged With: CRISC, Information Security, ISACA, Risk Management

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security command and control crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team red teaming Risk Management Social Media user enumeration Wifi

Top Posts

  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • Social-Engineer Toolkit: An Introduction
    Social-Engineer Toolkit: An Introduction
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Red Team Operations Attack Lifecycle
    Red Team Operations Attack Lifecycle

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress