How the Updated CRISC Can Be Beneficial to Security Professionals

Additional resources

ISACA Updates CDPSE and CRISC Exams to Reflect Latest Risk and Privacy Priorities

To keep pace with the evolving risk and privacy professions, ISACA has updated the exams and review materials for the Certified Data Privacy Solutions Engineer (CDPSE) and Certified in Risk and Information Systems Control (CRISC) credentials.

Responsible Use of AI in IT Risk Management: A Balance of Innovation and Ethics

Many organizations are turning to AI to help manage their IT risks. However, while AI increases efficiency and power, it also increases responsibility, particularly in terms of ethics.

ISACA® IT Risk Resources

ISACA’s expert guidance gives professionals and enterprises the tools, techniques and understanding to manage IT Risk.

CRISC—Certified in Risk and Information Systems Control

ISACA's Certified in Risk and Information Systems Control (CRISC) program provides expertise in managing enterprise IT risk and implementing information systems controls.

Most of us refresh our devices every year or two to access the latest features and functions. ISACA has done the same with the CRISC exam. They’ve looked at the current threat landscape, recognized the rise of artificial intelligence (AI) and machine learning (ML), and ensured the exam reflects this reality.

The updated CRISC exam, which will take effect on 3 November, acknowledges both the increasingly rapid pace of technological change and the risks that have come prevalent with it. It provides comprehensive cover of the current aspects of ML and AI, giving security professionals the knowledge they need to adapt frameworks, risk registers and compliance layers to meet modern demands.

Organizations everywhere are embracing ML to cut costs, accelerate processes and monetize their services. Business data sources are being connected into Large Language Models (LLMs) to unlock the value they hold. Yet, this pace of adoption has come with significant risks. The data you are feeding into these models must still comply with organizational policies, existing controls and regulatory requirements. Without this, the consequences of errors, both financial and reputational, could be severe. We’ve all seen the headlines of high-profile data breaches in recent months.

ML and AI technologies are not going away. In fact, the pace of adoption is accelerating. What you work on this week may look very different from next week as new tools and capabilities are emerging. Having the skills to recognize, assess and respond to these changes is vital to keeping your organization secure and resilient.

For security professionals, the benefits of the updated CRISC exam are clear. Passing the exam equips you with the tools to:

• Build frameworks that incorporate AI and ML risks
• Adapt governance processes as technologies evolve
• Identify and mitigate risks linked to machine learning adoption
• Keep your organization compliant in a constantly shifting landscape

The updated CRISC exam ensures that security professionals are prepared not only for today’s risks, but also for the unpredictable challenges ahead in this new AI and ML world. With it, you can design robust frameworks, create effective controls and ensure your organization stays ahead of the curve.

In short, the CRISC exam has been modernized for a modern problem. Governance, risk and compliance functions are stretched like never before, and ML and AI sit at the center of this challenge. Equipping yourself with this knowledge means you’ll be ready to meet the demands of a world in which AI and ML are at the forefront of everything we do.

Editor’s note: Find out more about CRISC and the updated exam content here.