CRISC is worth it ?

Hey guys I'm new to this thread I have some questions Regarding CRISC :

1 : Is Crisc worth it ?

2 : After passing the exam of Crisc, its easy to get a job without the certification and no experience ?

3 : what background a person needs to get into CRISC ?

4 : are there any prerequisite to get into CRISC or a person can give this exam any time ?

5 : If there is any better certification then CRISC, Please guide me about it

Find more posts tagged with

Comments

dustervoice

nazeef95 wrote: »

Hey guys I'm new to this thread I have some questions Regarding CRISC :

1 : Is Crisc worth it ?

2 : After passing the exam of Crisc, its easy to get a job without the certification and no experience ?

3 : what background a person needs to get into CRISC ?

4 : are there any prerequisite to get into CRISC or a person can give this exam any time ?

5 : If there is any better certification then CRISC, Please guide me about it

Answers:

1. Yes
2. No
3. None
4. No
5. No

jcundiff

disagree with dustervoice's answers for 3 and 5...

3. the CRISC requires 3 year experience :

"To become CRISC certified requires passage of the CRISC exam and 3 years work experience requirements in the fields of risk management and IS control. A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least three (3) CRISC domains is required for certification. There are no substitutions or experience waivers." - ISACA web site

To obtain the CRISC certification, you must pass the exam and meet the work experience requirements.

5. Better certifications would be based upon career path and current certs... CISSP, CISA, PMP and/or other certifications may better meet the OP's career path and experience level

dustervoice

I answered the questions based on face value.

3. "Getting into Crisc" ->Crisc is just study material and an exam
5. "Cert better than Crisc?" Its the best cert for IT risk management

So i still stick by my answers

@jcundiff thanks for the detail explanation.

636-555-3226

1 - It's an educational experience. If you don't have a lot of risk management experience, you'll learn a lot and have some good takeaways.

2 - Certs don't usually land people jobs. They help you look better than other candidates. Not having any experience will hurt you more. Unless you were the only candidate and we were in a pinch, I would not hire you if you didn't have any experience, regardless of the cert. Risk management isn't something you usually leave up to entry-level people with no experience.

3 - CRISC qualifications are on ISACA's website

4 - Ditto

5 - The only other risk management certification I hear anybody talking about is Certification in Risk Management Assurance (CRMA). It's geared towards auditors. The CRISC and CRMA don't come up often in job opportunities, but when they do there's usually little human supply, so salaries tend to be pretty decent and your competition for the same position tends to be few and far between.

Overall I recommend the CRISC just for the learning opportunity. Be warned, it's a tough test. Practice those Q&A databases over and over again so you get a good feel for the "tone" or look-and-feel of ISACA questions.

andhow

I thought the test was a bit odd. I did well, but I was honestly surprised by my score. The review manual has good information and is a bit repetitive, but it helped me pass.

happibirdy

Hi Everyone,

I am enrolled in the June 2016 test.
And I have just started studying today.

Do you think 3 months is enough time to study and pass the exam?

dustervoice

happibirdy wrote: »

Hi Everyone,

I am enrolled in the June 2016 test.
And I have just started studying today.

Do you think 3 months is enough time to study and pass the exam?

This is too much of a generic question to provide an answer. "Enough time" is dependent on a lot of factors. Your experience, how many hours per day you invest, study materials you've invested in , etc. Until you provide that information is really hard to say.

rohit10

happibirdy wrote: »

Hi Everyone,

I am enrolled in the June 2016 test.
And I have just started studying today.

Do you think 3 months is enough time to study and pass the exam?

Have you already taken an ISACA exam in the past? If so, it is more than enough I feel. I took the CISA in June 2015 and then took CRISC December 2015, which I studied a month for. I think if you have a CISA, you would be able to pass just reviewing the material a couple of times, you already have the ISACA mindset and know what they are looking for.

happibirdy

rohit10 wrote: »

Have you already taken an ISACA exam in the past? If so, it is more than enough I feel. I took the CISA in June 2015 and then took CRISC December 2015, which I studied a month for. I think if you have a CISA, you would be able to pass just reviewing the material a couple of times, you already have the ISACA mindset and know what they are looking for.

Thanks rohit10. This is actually my first exam with ISACA.

happibirdy

Somehow my reply didnt show up

...

reposting:
I got the review manual and CRISC Review Questions, Answers & Explanations, 4th Edition.
I am going to invest 6 hours a week to study for the next 10 weeks or so...
1 year of experience at doing IT Risk Assessments and updating IT Risk Registers.

Appreciate any tips or guidance

....

jcundiff

what are you doing for the other year of experience?

OctalDump

Yeah, CRISC can be worth it if you are looking for a job in IT that has a strong Risk Management focus. These are typically senior roles in areas like Management and Security.

CRISC has an experience requirement, so passing the exam with no experience would be highly unusual. In the context of who the exam is aimed at, it would be unlikely to get a CRISC type job without some other qualification or experience. The best I can think of is a recent IT/business graduate who might work in a junior audit capacity where risk assessment is a large component.

The best background for CRISC would be one that satisfies the certification requirements. Which would generally also mean some years of experience or qualifications to enter into a role which would satisfy the certification requirements. This is more a mid career (perhaps later) certification than an 'entry level' or even 'professional' certification.

As the certification page says, anyone can sit the exam, but only those with the certification requirements can get the certification. You have 5 years from passing the exam to satisfy those requirements.

There are many, many IT certifications and many within IT Security, IT Management and IT Governance. What might be better depends on many factors about you and the job markets you are looking at.

PMI also offers a risk management certification, which is more general in scope. ISACA offer a good range of these more senior certifications, as well as a generalist IT Security program and certifications in IT Governance (Cobit). ISC2 offer similar things, with a bit more technical focus. GIAC offer a good range of technical, hands on certifications in Info Sec. Comptia has a range of vendor neutral, more entry level certifications.

smoten

I registered CRISC exam for June 2016 and preparing CRISC with following stuff

1) CRISC manual 2015
2) CRISC online QA Database 2016

Can anyone let me know is there any difference btw 2015 and 2016 manual ?
Also if anyone give me suggest me is there any other stuff would be helpful for the exam preparation.

Thanks.

dustervoice

smoten wrote: »

I registered CRISC exam for June 2016 and preparing CRISC with following stuff

1) CRISC manual 2015
2) CRISC online QA Database 2016

Can anyone let me know is there any difference btw 2015 and 2016 manual ?
Also if anyone give me suggest me is there any other stuff would be helpful for the exam preparation.

Thanks.

No difference only a cover change.

lamont29

The CRISC is based on ones experience with the methodology of risk management. There are entire graduate programs in risk management. In order to be effective, you better have the appropriate background to perform in this area. Having a passing score on this test is simply not enough.

beads

Risk management as applied to InfoSec is generally "baked in" to many security related positions but rarely a stand alone, let alone, entry level position from what I could find on Monster or Indeed. Most if not all of what I could see were all senior level positions or unrelated to security as a whole. Think loss prevention, etc.

I would serious suggest looking at the job board positions for information on specific opportunities related to any one topic. Kudos for asking a specific question regarding breaking into the security field.

Personally, I am in one of the last remaining security generalist positions left standing so I do some risk management. For the year this is what it amounts to in a medium sized organization. Annual enterprise risk assessment; annual individual product risk reviews and initial product review (aka penetration and vulnerability assessment). Definitely not enough to carve out an entire year's worth of work or 2,000 man-hours of effort. My organization as roughly 150 products and services and not everything gets deep scrutiny. Say this because this will further limit your potential position search to very large enterprises for risk management positions.

Anyone here do so much risk management that you have a dedicated person doing nothing but? Just curious.

:

- b/eads

scasc

beads wrote: »

Risk management as applied to InfoSec is generally "baked in" to many security related positions but rarely a stand alone, let alone, entry level position from what I could find on Monster or Indeed. Most if not all of what I could see were all senior level positions or unrelated to security as a whole. Think loss prevention, etc.

I would serious suggest looking at the job board positions for information on specific opportunities related to any one topic. Kudos for asking a specific question regarding breaking into the security field.

Personally, I am in one of the last remaining security generalist positions left standing so I do some risk management. For the year this is what it amounts to in a medium sized organization. Annual enterprise risk assessment; annual individual product risk reviews and initial product review (aka penetration and vulnerability assessment). Definitely not enough to carve out an entire year's worth of work or 2,000 man-hours of effort. My organization as roughly 150 products and services and not everything gets deep scrutiny. Say this because this will further limit your potential position search to very large enterprises for risk management positions.

Anyone here do so much risk management that you have a dedicated person doing nothing but? Just curious. :

- b/eads

My current role as a cyber security contractor is working for an investment bank in the 2nd line of defence in their cyber risk team. The team sponsored their permie’s to go for the CRISC and the work covered is full on RM working closely with the 1st business to ensure risks have been appropriately identified and security controls deployed where needed. Cyber Risk seems to br flavour of the month in banking