What is CRISC?
Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. It’s offered by ISACA, a nonprofit professional association focused on IT governance with a number of certifications in its stable, including CISM.
Enterprise risk management (ERM), is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. A risk management program aims to balance the likelihood of a risk happening against the potential damage that would ensue if it does. Overall, the goal is to help understand an organization’s tolerance for risk, categorize it, and quantify it. (For more background, read CSO‘s explainer on ERM or our article on risk management mistakes CISOs still make.)