BKA renginio "Kaip tapti lyderiais IT valdymo, saugos ir audito srityje?" pranešimas apie CISM (Certified Information Security Manager) sertifikaciją. Renginys vyko balandžio 18 d., 2013.
2. CRISC sertifikacijos pristatymas
Pasiruoškite įveikti organizacijos rizikos valdymo iššūkius
ISACA®
Pasitikėjimas informacinėmis sistemomis ir jų nauda
www.isaca.org/crisc
Viktoras Bulavas, CISA, CGEIT, CRISC
Kadenciją baigęs asociacijos
ISACA Lietuva pirmininkas
3. CRISC Target Market
Designed exclusively for risk and information
controls personnel who:
Identify, assess and analyze risk
Design, implement and maintain
controls to mitigate risk
Respond to risk events
4. Why Become a CRISC?
Enhanced Knowledge and Skills
To demonstrate your willingness to improve your technical
knowledge and skills
Career Advancement
To demonstrate to management your commitment toward
organizational excellence
To obtain credentials that employers seek
To enhance your professional image
Worldwide Recognition
To be included with other professionals who have gained
worldwide recognition
5. CRISC in the Workplace
Nearly 600 are employed in organizations as the CEO, CFO or
equivalent executive position.
More than 400 serve as chief audit executives, audit partners or
audit heads.
Over 1,200 serve as CIOs, CISOs, or chief compliance, risk or privacy
officers.
More than 3,500 are employed as security directors, managers or
consultants and related staff.
More than 2,200 are employed as IT directors, managers,
consultants and related staff.
Nearly 4,400 serve as audit directors, managers or consultants and
related staff.
Over 2,900 are employed in managerial, consulting or related
positions in IT operations or compliance.
7. Domain 1—Risk Identification, Assessment and Evaluation (31%)
Identify, assess and evaluate risk to enable the execution of the enterprise
risk management strategy.
Domain 2—Risk Response (17%)
Develop and implement risk responses to ensure that risk issues,
opportunities and events are addressed in a cost-effective manner and in
line with business objectives.
CRISC Job Practice Areas
(Effective 2010)
8. Domain 3—Risk Monitoring (17%)
Monitor risk and communicate information to the relevant stakeholders to
ensure the continued effectiveness of the enterprise‘s risk management
strategy.
Domain 4—IS Control Desing and Implementation (17%)
Design and implement IS controls in alignment with the organisation‘s risk
appetite and tolerance levels to support business objectives.
Domain 5—IS Control Monitoring and Maintenance (18%)
Monitor and maintain IS controls to ensure they function effectively and
efficiently.
CRISC Job Practice Areas
(Effective 2010)
(continued)
9. CRISC Certification
Requirements
• Earn a passing score on the CRISC exam
• Submit verified evidence of a minimum of 3 years
of risk and information systems controls experience
(covering 3 of the 5 job practice domains)
• Submit completed CRISC application within 5 years
of passing exam and receive approval
• Adhere to the ISACA Code of Professional Ethics
• Comply with the CRISC Continuing Professional
Education Policy
10. • Risk control is an emerging discipline with
scarce study materials
• Develops better understanding what Risk and
Information System control is and what is not
• Training is good start to exam preparation
How course can help?
11. 2012 Registration Fees:
14 December 2013
Early Registration – On or before 21 August 2013:
• ISACA Member: US $485.00
• Non-Member: US $660.00
Final Registration – After 21 August, but on or before 25 October 2013:
• ISACA Member: US $535.00
• Non-Member: US $710.00
Register Online at www.isaca.org/examreg and save $$
• Online registration via the ISACA web site is encouraged, as
candidates will save US $75. Non-members can join ISACA at
the same time, which maximizes their savings.
Exam registration fees must be paid in full to sit for the exam. Those whose
exam registration fees are not paid will not be sent an exam admission ticket
and their registration will be cancelled.
12. Bulletin of Information
(BOI) and Registration
Form
• There is a Bulletin of Information for each exam administration for
each exam.
• Can be downloaded from the ISACA web site at:
www.isaca.org/criscboi
Bulletin includes:
– Requirements for certification
– Exam description
– Registration instructions
– Test date procedures
– Score reporting
– Test center locations
– Registration forms
13. Types of Questions on
the CRISC Exam
Exam consists of 200 multiple choice questions administered
over a four-hour period
Questions are designed to test practical knowledge and
experience
Questions require the candidate to choose one best answer
Every question or statement has four options (answer choices)
14. Study Materials
ISACA Members Non-Members
Candidate’s Guide to the CRISC Exam……..…free to each paid registrant
(also available online at www.isaca.org/criscguide)
CRISC Review Manual 2013….…………….. (US) $85.00 (US) $115.00
CRISC Review Questions, Answers & ……... (US) $40.00 (US) $60.00
Explanations Manual 2013
CRISC Review Questions, Answers & ……... (US) $40.00 (US) $60.00
Explanations Manual 2013 Supplement
CRISC Online Review Course (US) $185.00 (US) $225.00
For detailed descriptions visit www.isaca.org/criscbooks
15. A proper study plan consists of several steps:
Self-appraisal
Determination of the type of study program
Having an adequate amount of time to prepare
Maintaining momentum
Readiness review
Become involved in your local chapter and explore
networking opportunities and study groups.
How to Develop a CRISC
Study Plan
16. How to Study for the
CRISC Exam
Read the Candidate’s Guide thoroughly
Study the CRISC Review Manual
Work through the CRISC Review Questions, Answers &
Explanations Manual, Supplements and/or online review
course
Participate in an ISACA Chapter Review Course
Read literature in areas where you need to strengthen skills
Spend time studying the complement of your field: If
controls focused, study from risk focus and vice-versa
Join or organize study groups
17. • Is available at www.isaca.org/criscapp
• Effective with applications received 1 June 2012 and forward, an
application fee of US $50 will be required to apply for certification.
Contains:
– Requirements for certification
– Code of Professional Ethics
– Instructions for completion of form.
– Verification of work experience for applicant form
– CRISC application form
• Until an application is received and approved, candidates are not
CRISC certified and cannot use the designation.
Application for
Certification
19. Once certified, the certification must be renewed annually. Maintaining the
certification requires:
• Earning and reporting an annual minimum of 20 hours of continuing
professional education
• Earning and reporting a minimum of 120 hours of continuing
education for each fixed three-year period (each 3-year cycle)
• Pay the annual certification maintenance fee
• Respond and submit required documentation of continuing education
activities if selected for an annual audit
• Comply with the ISACA Code of Professional Ethics
(www.isaca.org/ethics)
ISACA membership provides many CPE opportunities which can assist
you with meeting this requirement. For more details visit
www.isaca.org/cpe.
Continuing Professional
Education (CPE)
Requirements
20. Norite sužinoti daugiau?
Susisiekite su mumis:
El.paštu: asociacija@isaca.lt
Internete: www.isaca.lt
Ačiū už dėmesį!
Daugiau informacijos apie organizuojamus ISACA sertifikacijų mokymus rasite www.bka.lt
Susisiekite telefonu 8 5 2780502 arba el.paštu mokymai@bka.lt
Notas do Editor
BENEFITS OF BECOMING A CRISC:Being recognized as a CRISC brings with it a great number of professional and organizational benefits. Successful achievement demonstrates and attests to an individual's risk and information systems control expertise and indicates a desire to serve an organization with distinction. This expertise is extremely valuable given the changing nature of information technology and the need to employ certified professionals who are able to apply the most effective information security management practices, and who have an awareness of the unique requirements particular to information technology environments. Those who become CRISCs join other recognized professionals worldwide who have earned this highly sought after professional designation. Although certification may not be mandatory for everyone, a growing number of organizations are recommending that employees become certified. The CRISC designation assures employers that their staff is able to apply state-of-the-art risk and information systems control practices and techniques and that these skills are maintained. For these reasons, many employers require the achievement of the CRISC designation as a strong factor for employment and/or advanced promotion.
Updated January 2013.Nearly 600 are employed in organizations as the CEO, CFO or equivalent executive position.More than 400 serve as chief audit executives, audit partners or audit heads.Over 1,200 serve as CIOs, CISOs, or chief compliance, risk or privacy officers. More than 3,500 are employed as security directors, managers or consultants and related staff.More than 2,200 are employed as IT directors, managers, consultants and related staff.Nearly 4,400 serve as audit directors, managers or consultants and related staff.Over 2,900 are employed in managerial, consulting or related positions in IT operations or compliance.
A profile of CRISCs demonstrates the increasing managerial influence and authority achieved: Executive Level (CEO, President, Owner, General/Executive Manager, CFO, CAE) - 7% IS Security Professionals (CISO, CSO, Security Director, Security Staff) - 27% IT Professionals (CIO, CTO, IS/IT Directors, Managers, IT Staff) – 16%Compliance and Risk Professionals (Chief of Compliance, Directors, Managers, Consultants) – 20%IS/IT Audit (directors, managers, consultants) – 28% Other – 2%
Rizikos kontrolė, kaip disciplina Lietuvos universitetuose neegzistuoja, literatūra pakankamai reta, todėl tai būtų geras atspirties taškas tiek rengiantis egzaminui, tiek gilinantis į rizikos ir informacijos sistemų kontrolės disciplinąKursai padeda suvokti disciplinos ribas bei pasirengti egzaminui
To assist individuals with the development of a successful study plan, ISACA provides several study aids and review courses to exam candidates. (Also see www.isaca.org for more details.)Candidate's Guide to the CRISC Examinationis supplied to individuals upon receipt of the CRISC exam registration form and payment. This guide provides general information regarding the administration of the exam as well as a detailed outline of the job practice areas, task and knowledge statements covered on the exam, and a sample copy of the admission ticket and exam answer sheet.You can view a detailed description of the study material item on the ISACA web site at www.isaca.org/criscbooks.
A proper study plan consists of several steps: week to prepare for the exam. The first step is a self-appraisal. The candidate should perform a general review of the CRISC content areas in the Candidate’s Guide to the CRISC Examination to determine overall familiarity with the concepts and practices covered in the exam. The candidate also should evaluate his/her own study habits and discipline. Based on this evaluation the candidate should have a general idea as to the amount of time and energy needed to adequately prepare for the exam.The second step is a determination of the type of study program to undertake. Options range from a brush-up of the material for the experienced IS risk and controls professional to a more intense self-study program for the less experienced candidate to a program of both self-study and attendance at a formal CRISC review program like this one.The third step is making sure that a candidate has the adequate amount of time to prepare. Candidates should plan to set aside an appropriate number of hours each week to prepare for the exam The fourth step is maintaining momentum. A candidate can easily lose interest in studying and encounter obstacles to study. A candidate must realize that this will normally occur and not become discouraged. The final step is performing a readiness review. The formal study program should be completed at least one week prior to the date of the exam. Become involved in your local chapter and explore networking opportunities and study groups.
Candidates preparing for the exam are encouraged to:Read the Candidate’s Guide thoroughlyStudy the CRISC Review ManualWork through the CRISC Review Questions, Answers & Explanations ManualParticipate in an ISACA Chapter Review Course or ISACA online review course.Read literature in areas where you need to strengthen skillsSpend time studying the complement of your field: IT controls focused, study from risk focus and vice-versaJoin or organize study groups
Once a candidate has passed the CRISC certification exam, he/she must complete the Application for Certification in Risk and Information Systems Control to become a CRISC. The purpose of the application is to verify that experience requirements have been met.The application is divided into seven parts; four pages of forms and three pages of instructions and includes:Requirements for certificationCode of Professional EthicsInstructions for completion of formVerification of work experience for applicant formCRISC application form
CRISC Continuing Education Policy Details
The Continuing Education Policy requires the attainment of continuing education hours over an annual and three-year reporting period. CRISCs must comply with the following requirements to retain certification:Attain and submit an annual minimum of twenty (20) continuing professional education hours Attain and submit a minimum of one-hundred and twenty (120) continuing education hours for a three-year reporting period. Both annual and three-year requirements begin 1 January of the following year after becoming certifiedSubmit annual certification maintenance fees to ISACA Headquarters in full by the due dateRespond and submit required documentation of continuing education activities if selected for an annual auditComply with ISACA Code of Professional Ethics (www.isaca.org/ethics)Specific activities are required and described in the CRISC Continuing Professional Education Policy, available online at www.isaca.org/crisccpepolicy.