Information security - the Information security - the appropriate certificates as a key to appropriate certificates as a key to 9 th th Regional Conference on Information Security and Storage Systems Regional Conference on Information Security and Storage Systems Information Security Melting Point Information Security Melting Point Zdravko Stoychev, CISM ISACA – Sofia Certification Director October 7, 2010 - Sofia
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Information security - the Information security - the appropriate certificates as a key toappropriate certificates as a key to
99thth Regional Conference on Information Security and Storage Systems Regional Conference on Information Security and Storage Systems
Information Security Melting PointInformation Security Melting Point
Zdravko Stoychev, CISMISACA – Sofia Certification Director
• A 2007 survey of ISACA members revealed that 89% of CISAs value their certification, and 72% of CISAs believe that the CISA certification has helped advance their career
• Certified in Risk and Information Systems Control (CRISC),is the newest addition to the portfolio of recognized ISACA certifications, launched by ISACA in 2010
• CRISC serves IT and business professionals who identify and manage risks through the development and implementation of appropriate IS controls and comply with regulations that affect IS to help enterprises accomplish business objectives
• Designed for professionals who are engaged at an operational level to mitigate risk as defined by the CRISC Job Practice areas
• Risk Identification, Assessment and EvaluationIdentify, assess and evaluate risk to enable the execution of the enterprise risk management strategy
• Risk ResponseDevelop and implement risk responses to ensure that risk issues, opportunities and events are addressed in a cost-effective manner and in line with business objectives
• Risk MonitoringMonitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy
• IS Control Design and ImplementationDesign and implement IS controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives
• IS Control Monitoring and MaintenanceMonitor and maintain IS controls to ensure they function effectively and efficiently
For a complete viewing of the job practice domainstask and knowledge statements visit
• The grandfathering program enables professionals highly experienced in the CRISC job practice areas to apply for the CRISC certification without taking the exam
• Grandfathering is available 1 April 2010 through 31 March 2011. The first CRISC exam will be administered in 2011
• To download a grandfathering application visit www.isaca.org/criscapp
As of 1 September 2010 – Four months into its rigorous grandfathering program for the Certified in Risk and Information Systems Control (CRISC) designation, ISACA has issued the 1,000th certificate
Since 1 April 2010, candidates from more than 83 countries have applied for CRISC certification:
– The early-bird deadline for the grandfathering program is 31 October 2010, but
– The program will remain open through March 2011– The first CRISC exam will be administered in June 2011
• While CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness, CRISC is for IT and business professionals who design, implement and maintain IS controls.
• While CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks, CRISC is for IT professionals whose roles encompass security, operational and compliance considerations.
• While CGEIT is primarily for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management, CRISC is intended for IT and business professionals who are engaged at an operational level to mitigate risk.