CRISC (Certified in Risk and Information Systems Control)

The Certified in Risk and Information Systems Control (CRISC) is a professional credential for individuals who specialize in identifying, managing, and mitigating risks related to a company's information technology. A CRISC-certified professional serves as a crucial link between IT and the business, translating technical vulnerabilities into clear business risks and then designing the system controls needed to safeguard the organization's assets and ensure business continuity.

Example: A company is launching a new customer portal that will handle sensitive personal information. A professional with a CRISC certification is tasked with a risk assessment. They would identify potential threats, such as a brute-force password attack or a system flaw that could lead to a data breach. The CRISC professional would then develop and implement a plan to mitigate these risks, which might include mandating multi-factor authentication and establishing robust logging and monitoring controls to protect customer data.