At the top of this page, you will find a button that provides full access to the Governance, Risk, and Compliance Certification (CGRC) practice test. Directly below, a comprehensive practice test is ready for you to delve into. Engaging with these tests allows you to highlight your strong points, uncover areas that need improvement, and guide your study efforts with precision.
To enhance your preparation, particularly in areas requiring additional attention, we have developed specialized quizzes. These quizzes are carefully tailored to focus on particular aspects of the CGRC exam, offering a focused and efficient study strategy.
Governance, Risk, and Compliance Certification Domain Exams
The Governance, Risk, and Compliance Certification (GRC) exam, often aimed at assessing a professional’s knowledge and skills in managing governance, risk management, and compliance within an organization, covers a wide range of topics.
Here is the domain breakdown:
Domain 1: Information Security Risk Management Program
- Exam percentage: 16%
- Number of Questions: 20
- Focus: This domain typically focuses on the foundation of risk management, including strategies to identify, evaluate, and prioritize risks. It may cover risk assessment methodologies, risk response strategies, and the integration of risk management into organizational processes.
Domain 2: Scope of the Information System
- Exam percentage: 11%
- Number of Questions: 14
- Focus: This area deals with defining the boundaries of information systems within an organization. It includes identifying critical assets, understanding the technology environment, and determining the scope for risk management and compliance efforts.
Domain 3: Selection and Approval of Security and Privacy Controls
- Exam percentage: 15%
- Number of Questions: 19
- Focus: Focuses on the process of selecting appropriate security and privacy controls based on risk assessments and organizational requirements. It covers frameworks and standards for controls, customization of controls to fit the organization, and the approval process.
Domain 4: Implementation of Security and Privacy Controls
- Exam percentage: 16%
- Number of Questions: 20
- Focus: This domain examines the practical aspects of implementing selected controls within the organization. It includes deployment considerations, integration with existing processes, and ensuring controls meet their intended objectives.
Domain 5: Assessment/Audit of Security and Privacy Controls
- Exam percentage: 16%
- Number of Questions: 20
- Focus: Focuses on methods and processes for evaluating the effectiveness of implemented controls. It includes audit techniques, compliance assessments, and reporting on findings to stakeholders.
Domain 6: Authorization/Approval of Information Systems
- Exam percentage: 10%
- Number of Questions: 12
- Focus: Covers the formal process of authorizing information systems for operation within an organization, including risk acceptance, documentation requirements, and the roles and responsibilities in the authorization process.
Domain 7: Continuous Monitoring
- Exam percentage: 16%
- Number of Questions: 20
- Focus: This area involves ongoing activities to monitor security and privacy controls’ effectiveness and compliance status. It includes setting up monitoring tools, analyzing monitoring data, and making adjustments based on findings.
Exam Domain | % of Exam | # of Questions | Focus |
---|---|---|---|
Information Security Risk Management Program | 16% | 20 | This domain typically focuses on the foundation of risk management, including strategies to identify, evaluate, and prioritize risks. |
Scope of the Information System | 11% | 14 | This area deals with defining the boundaries of information systems within an organization. |
Selection and Approval of Security and Privacy Controls | 15% | 19 | Focuses on the process of selecting appropriate security and privacy controls based on risk assessments and organizational requirements. |
Implementation of Security and Privacy Controls | 16% | 20 | This domain examines the practical aspects of implementing selected controls within the organization. |
Assessment/Audit of Security and Privacy Controls | 16% | 20 | Focuses on methods and processes for evaluating the effectiveness of implemented controls. |
Authorization/Approval of Information Systems | 10% | 12 | Covers the formal process of authorizing information systems for operation within an organization |
Continuous Monitoring | 16% | 20 | This area involves ongoing activities to monitor security and privacy controls’ effectiveness and compliance status. |
Important Considerations:
- Total Number of Questions: The total number of questions and the percentage breakdown will depend on the specific certification body’s guidelines. The numbers provided are estimations based on typical exam formats.
- Study Resources: Official study guides, online courses, practice exams, and professional forums can be invaluable resources. Specific links and resources should be obtained directly from the certification body’s website or authorized training providers.
- Exam Format and Duration: Exams can be multiple-choice, scenario-based, or a mix. The total duration of the exam usually ranges from 2 to 4 hours.
- Recertification Requirements: Most certifications require continuing professional education (CPE) credits or similar ongoing learning to maintain the certification.
Governance, Risk, and Compliance Certification (CGRC) Exam Breakdown
The Governance, Risk, and Compliance (GRC) Certification Exam is designed for professionals seeking to demonstrate their expertise in understanding and implementing GRC principles within an organization. This certification often reflects a comprehensive grasp of governance structures, risk management techniques, and compliance with relevant laws and standards.
While specific details about a CGRC (Certified Governance, Risk, and Compliance) exam might vary depending on the certifying body, generally, such certification programs aim to validate the skills required to ensure an organization’s activities align with its goals, manage risks effectively, and comply with necessary legal and regulatory requirements.
Here’s a general breakdown of what such a certification exam might cover, though it’s important to consult the specific certifying body for precise details:
- Governance: Understanding how to establish and maintain a governance framework that aligns with business objectives, ensures effective decision-making processes, and incorporates stakeholder needs.
- Risk Management: Knowledge of identifying, assessing, managing, and mitigating risks that could negatively impact the organization’s operations, reputation, or stakeholders.
- Compliance: Ensuring that organizational practices adhere to relevant laws, regulations, policies, and standards, both internally set and externally imposed.
- Information Technology and Security: Often, GRC certifications include a focus on IT governance, risk management, and compliance due to the critical role of IT in modern organizations.
- Audit and Assurance: Understanding how to conduct audits to assure the effectiveness of governance, risk management, and compliance activities.
- Ethics and Culture: Establishing and promoting an organizational culture that values ethical behavior and compliance with internal policies and external regulations.
Remember, the specifics of CGRC exams, including the syllabus, format, prerequisites, and preparation resources, can vary significantly between certifying bodies. It’s essential to directly consult the official websites of these organizations for the most accurate and detailed information.
How to Become CGRC Certified
Becoming certified in Governance, Risk, and Compliance (GRC) involves a series of steps, including educational preparation, practical experience, and passing a certification exam. The specific path to achieving a GRC certification can vary based on the certifying body, as there is no single “CGRC” certification universally recognized. Instead, several organizations offer certifications in governance, risk management, and compliance, each with its own focus and requirements.
Below, I’ll outline a general approach to gaining certification in this field;
1. Identify the Right Certification
First, determine which certification aligns with your career goals, industry, and level of experience. Some of the notable certifications in the GRC field include:
- Certified in Governance, Risk and Compliance (CGRC) by GRC Certify: This certification focuses on providing a strong foundational understanding of GRC principles.
- Certified in Risk and Information Systems Control (CRISC) by ISACA: Focuses on risk management and information systems control.
- Certified Information Systems Auditor (CISA), also by ISACA: While more audit-focused, it includes elements of governance and risk.
- Certified Compliance & Ethics Professional (CCEP) by the Compliance Certification Board (CCB): Focuses on compliance and ethics in various industries.
2. Review the Requirements
Each certification has its own set of prerequisites. These can include:
- Educational Background: Some certifications may require a bachelor’s degree or equivalent in a related field, though this is not always mandatory.
- Professional Experience: Many certifications require a certain number of years of professional experience in governance, risk management, compliance, or related areas.
- Ethical Standards: Agreement to adhere to a code of professional ethics.
3. Prepare for the Exam
- Study Materials: Obtain study guides, textbooks, and other materials recommended by the certifying body. Many organizations offer official training courses or recommend specific educational resources.
- Training Courses: Consider enrolling in formal training courses offered by the certifying organization or accredited training providers. These can be in-person or online.
- Practice Exams: Take advantage of any practice exams or sample questions provided by the certifying organization to familiarize yourself with the exam format and question types.
4. Apply for and Take the Exam
- Follow the application process as outlined by the certifying organization. This typically involves submitting documentation of your eligibility, such as proof of education and professional experience, and paying an exam fee.
- Schedule your exam. Some certifications may offer the exam year-round, while others may have specific testing windows.
5. Maintain Your Certification
- After passing the exam and becoming certified, you will likely need to maintain your certification through continuing professional education (CPE) credits and renewing your certification periodically, which usually involves a fee and proof of ongoing education or professional development in the field.
Make sure to review each certification’s specific requirements and resources directly from the official websites, as they will provide the most accurate and detailed information.
Our Experience Teaching Governance, Risk, and Compliance Certification (CGRC) Candidates To Pass The Exam
The journey of creating our Governance, Risk, and Compliance Certification (CGRC) practice tests at Career Employer has been an extraordinary one, filled with both triumphs and obstacles. This endeavor was influenced by the extensive array of subjects encompassed by the exam and the distinct requirements of our learners.
We meticulously designed every facet of our approach to guarantee thorough preparation for each student aiming to succeed in the exam. Our dedication to offering a holistic learning experience is evident in the wide-ranging and diverse practice materials we provide, underscoring our commitment to fostering student achievement.
Teaching a Governance, Risk, and Compliance (GRC) certification course, such as the Certified in Governance, Risk, and Compliance (CGRC), from a lecturer’s perspective, involves a multifaceted approach that aims to equip students with the comprehensive knowledge and skills necessary to effectively manage governance, risk, and compliance issues within organizations. Here’s an overview of the approach:
Understanding the Core Concepts
- Governance: It’s crucial to provide students with a deep understanding of governance principles, including how governance frameworks guide organizational strategy, ensure accountability, and foster a culture of ethical decision-making.
- Risk Management: Students should learn about risk assessment methodologies, risk response strategies, and how to integrate risk management into the decision-making processes.
- Compliance: Teaching compliance involves covering the laws, regulations, and standards relevant to the organization’s operations, and how to develop programs to ensure continuous compliance.
Incorporating Practical Exercises
- Case Studies and Simulations: Utilize case studies from real-world scenarios to discuss the challenges and solutions in GRC. Simulations can also provide hands-on experience in decision-making.
- Group Projects: Encourage students to work on projects that require them to develop or critique GRC frameworks for hypothetical or real organizations.
Leveraging Technology
- GRC Software Tools: Introduce students to GRC software tools. Demonstrations or hands-on labs using these tools can provide insights into their application in real-world scenarios.
Evaluation and Continuous Learning
- Certification Preparation: Use practice exams and review sessions focused on the CGRC certification exam to help students assess their understanding and readiness.
- Guest Lectures and Webinars: Invite industry experts to share their experiences, offering students practical perspectives on applying GRC principles.
At Career Employer, our team of experts has painstakingly developed the Governance, Risk, and Compliance Certification (CGRC) certification practice test, leveraging their extensive knowledge and experience in preparing for the CGRC exam. Their proficiency has played a crucial role in assisting more than 1000 Governance, Risk, and Compliance professionals to achieve success in the official CGRC certification exam.
Comprising highly competent Governance, Risk, and Compliance professionals, each member brings over ten years of specialized experience in compliance. This ensures that our practice materials are not only crafted with expert insight but are also exceptionally effective in facilitating preparation.
Effective Study Strategies and Methods
For preparing for the Governance, Risk, and Compliance Certification (CGRC) exam effectively, a combination of structured training, self-study, and engagement with online communities is recommended. Here’s a consolidated approach based on the most helpful resources available online:
- Structured Training and Official Resources: ISC2 offers a range of official training and study resources designed specifically for the CGRC exam. These include the CGRC Official Training provided by ISC2’s global training partners, official CGRC flashcards, and access to a CGRC online study group. These resources are developed to align closely with the exam content and can significantly boost your preparation efforts.
- Self-Study Materials: For those who prefer self-study or are looking to supplement their learning, a variety of CGRC study guides and books are available. Notable resources include the Ultimate Guide to the CAP (the previous name for CGRC) from ISC2 and the Official ISC2 Guide to the CAP CBK, Second Edition. These materials offer in-depth coverage of the exam topics. Additionally, ISC2’s training website offers an online study group, interactive flashcards, and a study app, with members receiving discounts on official textbooks (Infosec Institute).
- Practice Exams and Simulations: Engaging with practice exams and simulation questions is a critical part of your exam preparation. It helps you familiarize yourself with the exam format and identify areas where you need further study. Various resources offer practice questions under the former CAP certification name, including books and training courses that contain customizable practice exams with extensive question banks (Infosec Institute).
- Online Forums and Communities: Joining online forums and communities such as the ISC2 Community and others like TechExams or Reddit can provide you with insights and tips from others who are preparing for or have already taken the CGRC exam. These platforms allow you to ask questions, share study materials, and connect with peers who can offer support and advice.
- Stay Informed on Exam Updates: It’s crucial to stay updated on any changes to the CGRC exam structure or content. ISC2 periodically updates the exam to reflect the evolving domain of governance, risk, and compliance. For instance, significant changes are scheduled for June 2024, affecting the exam’s domain weights. Being aware of these updates will help you focus your study efforts more effectively (ISC2 Community).
By integrating these strategies and resources into your study plan, you can enhance your preparation for the CGRC exam. Balancing structured learning with self-study, utilizing practice exams to gauge your readiness, and engaging with the community for support and advice are key steps to success.
Cost
Component | Details |
---|---|
Experience Requirements | Minimum of two years cumulative work experience in one or more of the seven domains of the CGRC CBK. |
Examination Details | 3 hours, 125 multiple-choice questions, passing grade of 700 out of 1000 points. |
Training and Preparation | Various training options are offered, including self-study tools and training partners globally. |
Maintenance and Renewal | Likely requires earning CPE credits and paying an annual maintenance fee. |
The Governance, Risk, and Compliance Certification (CGRC) offered by ISC2 is a specialized certification designed for IT, information security, and assurance practitioners who work in Governance, Risk, and Compliance roles. The certification process involves meeting experience requirements, preparing for and passing an examination, and maintaining the certification.
Exam and Certification Costs:
The specific costs associated with the CGRC certification process, including application fees, study materials, training costs, exam fees, and any post-exam fees such as certification maintenance or renewal fees, can vary widely depending on the training provider, the format of the study materials (self-study versus instructor-led training), and the candidate’s existing knowledge and experience in the GRC field.
Key Components of the Certification Process:
- Experience Requirements: Candidates must have a minimum of two years of cumulative work experience in one or more of the seven domains of the CGRC Common Body of Knowledge (CBK). Those without the required experience can become an Associate of ISC2 by passing the CGRC examination, then have three years to earn the necessary experience.
- Examination Details: The exam is 3 hours long, consists of 125 multiple-choice questions, and requires a passing grade of 700 out of 1000 points. The exam covers a range of domains including Information Security Risk Management Program, Scope of the Information System, Selection and Approval of Security and Privacy Controls, among others.
- Training and Preparation: ISC2 offers various training options to prepare for the CGRC exam, including self-study tools and training partners around the world. Official ISC2 training guarantees up-to-date content that aligns with the latest exam domains.
- Maintenance and Renewal: Maintaining the CGRC certification likely requires earning Continuing Professional Education (CPE) credits and paying an annual maintenance fee, similar to other certifications offered by ISC2. These requirements ensure that professionals keep their knowledge and skills current in the rapidly evolving field of cybersecurity.
For detailed and up-to-date information regarding the CGRC certification costs, including the exam fee, training options, and any additional costs for maintaining the certification, it is recommended to directly consult the ISC2 website or contact their customer service. This approach ensures that candidates have the most current information, as fees and requirements may change.
Reliable Study Materials and Resources
To prepare for the Governance, Risk, and Compliance Certification (CGRC) exam, you have a variety of resources at your disposal. Here’s a comprehensive guide to help you navigate through your preparation journey:
- Official ISC2 Resources: The ISC2 website is a great starting point. They offer a range of study materials including Skill Builder courses for GRC skill acceleration, a Risk Management Practitioner certificate program that provides practical knowledge, and official training both instructor-led and on-demand to cover exam material comprehensively. These resources are designed to help you gain a deep understanding of the exam content and are available for ISC2 members at no charge or for a fee for non-members.
- Infosec Institute: The Infosec Institute offers a Professional Development Immersive Course that covers timely and relevant cybersecurity topics. They also provide CAP certification boot camps focused on reviewing best practices within the RMF. These resources are perfect for uncovering knowledge gaps and maximizing your training experience through extensive mentoring and hands-on lab sessions.
- NICCS Training Camp: The NICCS offers an Official (ISC)² CGRC Certification Boot Camp, a comprehensive review of risk management frameworks & industry best practices merged with award-winning comprehensive exam preparation. This boot camp is available online or in classroom settings, providing a detailed curriculum that helps you understand GRC concepts in depth.
- EDUSUM: EDUSUM provides a step-by-step guide to ISC2 CGRC Certification Exam Preparation, highlighting the importance of starting with the ISC2 CGRC Official Guide. They also recommend exploring different study resources, including the official CGRC training course and study guides, to deepen your understanding of the subject matter.
- Infosec Boot Camp: Another recommendation is the Infosec’s CGRC Boot Camp, which is a three-day intensive program designed to teach you best practices, policies, and procedures used to authorize and maintain information systems within the NIST Risk Management Framework. This boot camp is available online, in-person, or for teams onsite, and it is suitable for individuals with 1-3 years of experience.
Each of these resources offers a unique approach to preparing for the CGRC certification exam, whether through self-paced online courses, immersive boot camps, or official study guides. It’s advisable to explore these options and choose the ones that best fit your learning style and preparation needs. Remember, successful preparation involves not only mastering the exam content but also understanding the application of concepts in real-world scenarios.
Tips for Exam Day
Focusing on exam day, it’s crucial to combine preparation strategies with practical tips to enhance your performance and manage stress. Here are some compiled exam day tips that are broadly applicable to high-stakes certifications like the Governance, Risk, and Compliance Certification (CGRC):
Pre-Exam Preparation:
- Review Key Concepts: Spend the last few days before the exam reviewing key concepts, formulas, and definitions rather than trying to learn new material.
- Exam Simulations: Engage in timed practice exams to familiarize yourself with the pressure of the actual exam. This can help improve your time management skills.
Night Before the Exam:
- Relax: Try to relax and avoid cramming. Your brain needs time to assimilate the information you’ve studied.
- Prepare Your Essentials: Gather all necessary documents and materials you need for the exam day, such as your admission ticket, ID, pens, pencils, a calculator (if allowed), and snacks.
Morning of the Exam:
- Healthy Breakfast: Eat a nutritious breakfast to ensure you have the energy needed for the exam. Avoid heavy, greasy foods that might make you feel sluggish.
- Arrive Early: Plan to arrive at the exam center early to avoid any last-minute stress and to have ample time to locate your examination room.
During the Exam:
- Read Instructions Carefully: Take the time to carefully read all instructions and questions to avoid misunderstandings.
- Pace Yourself: Keep an eye on the time and pace yourself to ensure that you have enough time to answer all the questions.
- Answer What You Know First: Tackle the questions you know first, then return to more challenging questions later. This ensures you secure all the points you can without getting stuck early on.
- Stay Calm: If you find yourself getting anxious, take a few deep breaths to calm down. Focus on the question at hand rather than the overall outcome of the exam.
After the Exam:
- Review if Time Allows: If you finish early and time permits, review your answers to check for any mistakes or questions you might have missed.
- Relax and Reward Yourself: Once the exam is over, take some time to relax and reward yourself for all the hard work and preparation.
General Tips:
- Positive Attitude: Maintain a positive attitude. Confidence can positively impact your exam performance.
- Healthy Lifestyle: In the days leading up to the exam, try to maintain a healthy lifestyle by eating well, getting enough sleep, and engaging in physical activity.
These tips, while general, are designed to complement your specific study strategies for the CGRC exam. Remember, the right preparation, combined with effective exam day strategies, can significantly enhance your chances of success.
Post-Exam: Next Steps
After completing the Governance, Risk, and Compliance Certification (CGRC) exam, there are several post-exam strategies and steps you can take to ensure you maximize the benefits of your efforts and continue to advance in your career.
- Engage with Professional Communities: Participating in online forums and communities is a great way to connect with other professionals who have also taken the CGRC or similar exams. ISACA, for example, offers an Engage Online Community where candidates and certified professionals can share experiences, resources, and advice. This platform allows for networking and learning from the experiences of others in your field .
- Continuous Learning and Professional Development: The field of governance, risk, and compliance is ever-evolving, making continuous learning essential. ISACA and GARP (Global Association of Risk Professionals) offer resources for ongoing education, including webinars, online courses, and conferences that can help you stay up-to-date with the latest trends, technologies, and best practices in your area of expertise .
- Membership in Professional Organizations: Joining professional organizations such as ISACA or GARP can provide access to a wealth of resources, including networking opportunities, professional development courses, and exclusive member benefits like discounts on further certification exams or training materials. Membership also often includes access to job boards, career advice, and industry insights that can help you advance in your career .
- Certification Maintenance and Renewal: Most certifications require continuing professional education (CPE) credits to maintain your certification status. This usually involves engaging in various professional development activities, attending conferences, or completing additional training or courses related to your field. Staying engaged with the certifying body’s resources will ensure you are aware of the requirements and opportunities to earn CPE credits .
- Contribute to the Field: Consider contributing to the field by writing articles, participating in speaking engagements, or volunteering within professional communities. Not only does this help you build a personal brand, but it also contributes to the advancement of the field. Organizations like ISACA encourage members to get involved in various ways, such as authoring articles or volunteering in different capacities .
- Plan Your Career Path: Use the certification as a stepping stone to plan your next career move. This might involve seeking higher positions within your current organization or exploring opportunities elsewhere that align with your long-term career goals. The knowledge and credentials gained from the CGRC exam can significantly bolster your qualifications for roles in risk management, compliance, governance, and related fields.
Remember, passing the CGRC exam is just the beginning. The true value comes from how you leverage this achievement to further your career, contribute to the field, and stay current with the rapidly changing landscape of governance, risk, and compliance.
References
- ISACA. “ISACA.” ISACA, https://www.isaca.org/.
- OCEG. “OCEG – The Organization for Compliance, Ethics & Governance.” OCEG, https://www.oceg.org/.
- The Institute of Risk Management. “The IRM: The Institute of Risk Management.” The Institute of Risk Management, https://www.theirm.org/.
- GRC Certify. “GRC Certify.” GRC Certify, https://www.grccertify.com/.
- Compliance Certification Board. “Compliance Certification Board (CCB).” Compliance Certification Board, https://www.compliancecertification.org/.
- (ISC)². “CGRC Self-Study Resources.” (ISC)², https://www.isc2.org/certifications/cgrc/cgrc-self-study-resources.
- (ISC)² Community. “CGRC Exam Changes Effective June 2024.” (ISC)² Community, https://community.isc2.org/t5/CGRC-Study-Group/CGRC-Exam-Changes-Effective-June-2024/td-p/65413.
- (ISC)². “Certified in Governance, Risk and Compliance (CGRC).” (ISC)², https://www.isc2.org/Certifications/CGRC.
- (ISC)². “CGRC Certification Exam Outline.” (ISC)², https://www.isc2.org/certifications/cgrc/cgrc-certification-exam-outline.
- (ISC)². “Governance, Risk, and Compliance (GRC).” (ISC)², https://www.isc2.org/Landing/Governance-Risk-Compliance.
- (ISC)² Insights. “Preparing for the (ISC)² CGRC Exam.” (ISC)², https://www.isc2.org/Insights/2023/06/preparing-for-the-isc2-cgrc-exam.
- InfoSec Institute Resources. “Best CGRC Certification Study Resources and Training Materials.” InfoSec Institute, https://resources.infosecinstitute.com/certifications/isc2-cgrc/best-cgrc-certification-study-resources-and-training-materials/.
- NICCS. “Training Camp: (ISC)² Official CGRC Certification.” NICCS, https://niccs.cisa.gov/education-training/catalog/training-camp/isc2-official-cgrc-certification.
- Edusum. “(ISC)² CGRC Study Guide – Steps to CGRC Certification Exam Success.” Edusum, https://www.edusum.com/blog/isc2-cgrc-study-guide-%E2%80%93-steps-cgrc-certification-exam-success.
- InfoSec Institute. “ISC² CGRC Training Boot Camp.” InfoSec Institute, https://www.infosecinstitute.com/courses/isc2-cgrc-training-boot-camp/.
- Anecdotes. “GRC Certification.” Anecdotes, https://www.anecdotes.ai/post/grc-certification.
- Habig, Alexis. “10 Tips for Acing Your CGRC Certification Exam.” Medium, https://alexishabig.medium.com/10-tips-for-acing-your-cgrc-certification-exam-6ef04bb48d4a.
- Pluralsight. “Exam Review: Tips & Tricks for CGRC Cert.” Pluralsight, https://www.pluralsight.com/courses/exam-review-tips-tricks-cgrc-cert.
- Reddit. “CGRC.” Reddit, https://www.reddit.com/r/isc2/comments/185612g/cgrc/.
- InfoSec Institute Resources. “9 Tips for CRISC Exam Success.” InfoSec Institute, https://resources.infosecinstitute.com/certifications/crisc/9-tips-crisc-exam-success/.
- ISACA. “Credentialing.” ISACA, https://www.isaca.org/credentialing.
- GARP. “Global Association of Risk Professionals | GARP.” GARP, https://www.garp.org/.
- Reddit. “How Do I Improve on My Governance, Risk, and Compliance (GRC) Skills?” Reddit, https://www.reddit.com/r/SecurityCareerAdvice/comments/185chsq/how_do_i_improve_on_my_governance_risk_and/.