Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. It’s offered by ISACA, a nonprofit professional association focused on IT governance with a number of certifications in its stable, including CISM.
Enterprise risk management (ERM), is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. A risk management program aims to balance the likelihood of a risk happening against the potential damage that would ensue if it does.