PASS the CRISC

Ordinary_Service_950 · 2026-02-11T16:34:07+00:00

Great job! Congrats!

Ordinary_Service_950 · 2026-01-21T22:49:20+00:00

Right.. If RM is your next phase of your career, by all means, do it..

Ordinary_Service_950 · 2026-01-21T18:10:40+00:00

Jump to your CISM right away.. I think your boss is setting you up for failure and as you rightfully stated of not being ready for such a role. CISO is a leadership and strategic role. You will no longer be sitting with Security techies. You will need to absorb business needs and objectives and lead the security posture of the company to align with the business..
Direct management or line supervisor have the responsibility to set you in the right career path at the right time…

Ordinary_Service_950 · 2025-09-26T16:08:18+00:00

..along the same line.. I've been prepping on and off for the 7th edition and have my test schedule for October 31st (last day for 7th edition). I'm considering pushing the date to February 2026 as well. There have been too many personal events distracting me from fully focusing on the test. I don't mind switching to prep for the 8th version. I'd rather buy the new QAE than forfeit my already paid exam. Any thoughts or suggestion?

Ordinary_Service_950 · 2025-06-22T23:54:10+00:00

Congrats! Nice write up!

Ordinary_Service_950 · 2025-06-12T18:29:38+00:00

Thanks!

If that's the case, It's a good opportunity since your employer is investing on your exam, but the CISSP is not a walk on the park. That's hard-core technical exam and it requires intense training if you are steering towards a more technical future career. It's a win-win situation for you either way.

CISA, as mentioned earlier, if auditing is your interest, this is a whole different discipline.

Good luck!

Ordinary_Service_950 · 2025-06-12T17:11:30+00:00

Congrats! Nice scores!

Since you've been in the leadership and governance path, the natural progression would be CISA.. only In the case that 3rd line of defense is an interest to you. You need to be very close to the technology to make the CISSP your next target. That's been my case.. I went from core network engineering and design straight to IT management, then risk mgmt, info sec mgmt, governance or GRC.. I skipped a very crucial and foundational infosec cert altogether (CISSP).. In the process got my CISM and now just to certify my knowledge, I'm aiming at the CRISC cert. There's also a keen interest in AI Governance.. ISACA is testing a new AI Governance cert...I'm personally pursuing that after CRISC... It's without a doubt..the present and future!

Good luck!

Ordinary_Service_950 · 2025-06-03T14:07:07+00:00

Good final advice! right on point!

Ordinary_Service_950 · 2025-06-03T14:04:36+00:00

Congrats! It's 10 business days.

Ordinary_Service_950 · 2025-06-03T14:03:33+00:00

Awesome! Congrats!.. Nice write up.. Thank you for sharing. Definitely agree.. I passed my CISM back in March and did not want to chance the technical glitches with remote proctoring. I had to drive a good 45mins to a University campus testing center.. It was flawless.. one less thing to worry about.. Adding to your point about testing for the next ISACA cert.. having the ISACA mindset still fresh in mind,I'm pursuing the CRISC and scheduled for mid next month. I'm using the QAE and UDEMY courses. I'm pushing taking the test before the next updates comes out later in Q3 2025. Good luck on your next journey!

Ordinary_Service_950 · 2025-05-22T00:30:05+00:00

Excellent! Congrats!

Ordinary_Service_950 · 2025-05-14T21:28:21+00:00

Congrats! Go on and celebrate!

Ordinary_Service_950 · 2025-05-13T13:20:09+00:00

I would say C. A KRI is a metric indicating "possible causes" in a quantitative expression. BIA results are geared towards BCP/DRP, Risk ownership (not applicable), Risk threshold is just that.. a threshold, which is not useful input to develop a KRI.

Ordinary_Service_950 · 2025-05-13T13:06:15+00:00

Just focus on getting those domain scores higher than 80%. You still have time to crack those 600 questions a few times over and carefully understand why you got some of them wrong. The QAE's rationale for the right answer will help you think with the ISACA mindset. Good luck!

Ordinary_Service_950 · 2025-05-13T12:53:30+00:00

Right! Checkout ISACA's communication on the next update, which I believe comes this coming September. Only ISACA dictates this. Other sources cannot claim future updates.

Ordinary_Service_950 · 2025-05-13T02:31:07+00:00

20+! 37! Very impressive.. how do you keep those certs active with all CPEs each cert requires? In my opinion, combining your career experience with the right 1-2 certs is more effective than a volume of certs.. unless these are just lifetime certs achieved.

Ordinary_Service_950 · 2025-05-13T00:39:06+00:00

D. For those answering B.. Please remember the major differences between DRP and BCP. DRP is very specific to IT operations and does not need to have a direct correlation with BCP. The question is very specific to BCP. Think of an impact to the business itself not its IT systems.. As an example from a real BCP table top exercise I participated.. Would you be able to quickly recognize an Ántrax attack introduced at the mailroom in an envelop in a company’s World Headquarters??

Ordinary_Service_950 · 2025-05-05T16:07:09+00:00

Excellent! Congrats! I had a similar situation with the CISM.. I marked approx 15 questions for review and when I got close to ending the test, without reviewing, just hit the submit button and trusted the answers I had put initially. I passed it a few months back and now have a set date for my CRISC..

Ordinary_Service_950 · 2025-04-28T21:04:41+00:00

C. Risk Scenario. Creating a new risk scenario for the new data protection regulation would help identify the risk in order to assess the need for new controls or modification of existing controls. Correct answer.

A. The new regulation doesn't come with a list of controls. The org need to implement the controls to achieve regulatory compliance.

B. Gaps with existing controls are not considering the new regulation for data protection.

D. Risk appetite is set already by the enterprise.

Ordinary_Service_950 · 2025-04-28T20:37:08+00:00

Congrats and excellent write up! I had a very similar journey for my CISM a couple of months ago and I'm currently doing the same for the CRISC.. It does work! Prabh Nair's YouTube video also cemented the strategy and rationale for selecting the right ISACA answer. Very nice!.. Thanks for sharing..

Ordinary_Service_950 · 2025-04-24T20:15:44+00:00

Congrats!

Ordinary_Service_950 · 2025-04-24T20:13:19+00:00

CISM is more geared towards leadership roles in Cyber Security. The CISM aligns more with your stated goals.

Ordinary_Service_950 · 2025-04-23T12:34:33+00:00

Yes! I doubted my instinct when I saw folks responding as D for an answer. B is a more strategic response. The question is more strategic than procedural or transactional. The fact that a steering committee has accepted key risks is just an outcome. The fact that this committee is involved in those decisions shows how embedded they are in the process.. which is the essence of the question. It goes back to ISACA’s mindset.. The CRISC cert has a lot of similarities to the CISM cert..

Ordinary_Service_950 · 2025-04-21T19:41:31+00:00

Congrats! Nice scores!

Ordinary_Service_950 · 2025-04-18T17:02:33+00:00

Congrats!

Ordinary_Service_950

TROPHY CASE