The certification will identify and measure skills related to risk identification, response, and monitoring, said ISACA. It will also evaluate professionals' ability to design, implement, monitor and maintain information security controls.
CRISC is designed to help employers identify experts in this field, explained ISACA. "We conducted an extensive amount of research globally and found that enterprises are becoming more risk-aware and are looking to identify professionals who possess the skills to help them protect their assets and enhance their businesses," said Urs Fischer, the chair of the CRISC task force within ISACA. "CRISC fills a gap that currently exists in the marketplace."
ISACA, which focuses on audit, risk, and governance disciplines, will administer the first CRISC examination next year, although it will be possible for professionals to be 'grandfathered in' without passing an exam. The organization will announce details of that scheme in April.
This is the fourth certification launched by ISACA. It also offers the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and the Certified in the Governance of Enterprise IT (CGEIT), which is its most recent certification, launched in 2006.
ISACA is also the publisher of the Risk IT standard for managing risk in IT, and the COBIT standard for IT governance.