Q&A: Allan Boardman
The chair of ISACA's Credentialing Board talks about the organization's Certified in Risk and Information Systems Control certification.
What does a certification in risk and information systems control cover? CRISC is for professionals who have experience in developing effective controls to manage IT risk. They are the individuals in an enterprise who provide guidance to management on the impact of risk and its effect on business operations and the overall health of the enterprise. They are also responsible for communicating the risk to others throughout the business by establishing a common language for the enterprise.
CRISC, which is based on independent market research and the input of subject-matter experts around the world, is designed to help meet the rising demand for professionals who understand business risk and have the technical knowledge to help achieve effective controls. CRISC-certified professionals have the tools and knowledge to develop a common perspective and language for IT risk within an enterprise.
How does certifying help fill an IT skills gap? Certification provides the enterprise with the confidence that those holding certifications share a similar level of experience and knowledge. Certification can help hiring managers more quickly categorize job candidates by skill level, which is especially important in areas where there are skills gaps or high-growth areas with a large volume of job applicants, not all of whom are equally qualified.
The CRISC professional is able to provide value to an organization by providing insight from an overall organizational perspective on both IT risk and control. The CRISC certification is recognition of that skill and knowledge.
What sort of background is helpful for this type of certification? The CRISC credential is for those who are experienced in both risk and control. The areas of the job practice cover five domains: Risk identification, assessment and evaluation; risk response; risk monitoring; information systems control design and implementation; and IS control monitoring and maintenance.
Experience is required to become certified. Individuals need verified evidence of at least three years of work experience in three of the domains for risk management and IS control.
How might this training and certification help a person understand IT risk management as it applies to overall business process? The focus of the CRISC certification is on the IT risk professional gaining the tools and knowledge to evaluate the enterprise as a whole. Effective enterprise risk management requires an integrated and holistic approach. The first three domains that CRISC focuses on -- risk identification, assessment and evaluation; risk response; and risk monitoring -- provide the framework, from an organizational perspective, for managing and mitigating IT risk across business processes and technology. In addition, CRISC gives risk professionals a common language for communicating within IT and with the greater enterprise about risk. Based on the input from the CRISC professional, enterprises are then able to make effective risk-based decisions and prioritize efforts and resources to those areas that are most at risk.
Silicon Alley Surging
A study called "New Tech City" makes the case that New York is becoming an important hub of the digital economy. The report, from the Center for an Urban Future, notes that, while there is no way to know how many digital startups have been formed in the city, 486 that were founded in the past five years have received angel, seed or venture capital funding. The report's authors estimate that the actual number of technology startups is well above 1,000. Overall, Silicon Alley is still well behind Silicon Valley as a center of technology entrepreneurship, but New York has surpassed Boston as the No. 2 tech hub in the country.
One metric that shows the rise in prominence for technology in the city is employment growth, with IT growth outstripping the average for the city and many of its traditional economic mainstays. Similarly, a comparison of venture capital activity in New York and other U.S. technology centers offers a sense of the area's economic vitality.
New York Job Growth, 2007-12
IT vs. other sectors
- IT: 28.7%
- City average: 3.6%
- Broadcasting: 0.4%
- Securities industry: -5.9%
- Legal services: -7%
- Publishing: -15.8%
- Manufacturing: -29.5%
Growth in Venture Capital Deals by Region,
- New York: 32%
- U.S. average: -11%
- Silicon Valley -1%
- Los Angeles/Orange County: -8%
- New England: -14%
- Texas: -17%
- San Diego: -38%
Source: The Center for an Urban Future's "New Tech City" report, May 2012
More Career Watch columns
- Career Watch: Pay was down for CS grads last year, but IT workers find that money isn't everything
- Career Watch: In-demand skills for 2014
- Career Watch: On job satisfaction, CIOs' perceptions may be skewed
- Career Watch: Paying lip service to work/life balance
- Career Watch: In IT, you don't have to be a star
- Career Watch: IT pros say they're smarter than the boss
- Career Watch: Where job interviews are really tough
- Career Watch: IT professionals assess the IT profession
- Career Watch: QA engineers are just about the happiest workers of all
- Career Watch: Mentoring, from both sides
Read more about Management in Computerworld's Management Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Education/Training White Papers | Webcasts