Description
About CGRC
A professional earning the Certified in Governance, Risk and Compliance (CGRC®) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in accordance with legal and regulatory requirements.
The broad spectrum of topics included in the CGRC Common Body of Knowledge (CBK®) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following seven domains:
- Information Security Risk Management Program
- Scope of the Information System
- Selection and Approval of Security and Privacy Controls
- Implementation of Security and Privacy Controls
- Assessment/Audit of Security and Privacy Controls
- Authorization/Approval of Information System
- Continuous Monitoring
Experience Requirements
Candidates must have a minimum of two years cumulative work experience in one or more of the seven domains of the CGRC CBK.
A candidate that doesn’t have the required experience to become a CGRC may become an Associate of ISC2 by successfully passing the CGRC examination. The Associate of ISC2 will then have three years to earn the two years of required, relevant experience. Learn more about CGRC experience requirements and how to account for part-time work and internships at www.isc2.org/Certifications/CGRC/CGRC-Experience-Requirements.
Accreditation
CGRC is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.
Job Task Analysis (JTA)
ISC2 has an obligation to its membership to maintain the relevancy of the CGRC. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by security professionals who are engaged in the profession defined by the CGRC. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.
CGRC Examination Information
Length of exam | 3 hours |
Number of items | 125 |
Item format | Multiple choice |
Passing grade | 700 out of 1000 points |
Exam language availability | English |
Testing center | Pearson VUE Testing Center |
CGRC Examination Weights
Domains | Average Weight |
---|---|
1. Information Security Risk Management Program | 16% |
2. Scope of the Information System | 11% |
3. Selection and Approval of Security and Privacy Controls | 15% |
4. Implementation of Security and Privacy Controls | 16% |
5. Assessment/Audit of Security and Privacy Controls | 16% |
6. Authorization/Approval of Information Systems | 10% |
7. Continuous Monitoring | 16% |
Total | 100% |
Reference : https://www.isc2.org/certifications
There are no reviews yet.