Certified in Governance, Risk and Compliance (CGRC) cybersecurity professionals have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organization while helping the organization achieve objectives, address uncertainty and act with integrity.
CGRC professionals align IT goals with organizational objectives as they manage cyber risks and achieve regulatory needs. They utilize frameworks to integrate security and privacy with the organization’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks.
The test is comprised of 125 items and the testing time allowed is three hours. It is a computer-based test (CBT). Items in the exam are primarily four-option multiple choice items with one correct key. At the end of the exam administration, candidates receive a provisional pass or fail decision. Failing candidates receive feedback on their exam performance by domains for complete exams; however, candidates who pass the exam receive a provisional congratulatory letter describing their next step in acquiring the credential.
The percentage (i.e., weight) of scored items by reporting domain:
• Domain 1. Security and Privacy Governance, Risk Management, and Compliance Program (6%)
• Domain 2. Scope of the System (10%)
• Domain 3. Selection and Approval of Framework, Security, and Privacy Controls (14%)
• Domain 4. Implementation of Security and Privacy Controls (17%)
• Domain 5. Assessment/Audit of Security and Privacy Controls (16%)
• Domain 6. System Compliance (14%)
• Domain 7. Compliance Maintenance (13%)
