1. Risk identification, assessment and evaluation
2. Risk response
3. Risk monitoring
4. IS control design and implementation
5. IS control monitoring and maintenance
At a glance, the focus areas are quite similar to those of another credential from PMI, Risk Management Professional (PMI-RMP). As per PMBOK, the risk management approach adopted by RMP is a six-step process which includes:
1. Plan risk management
2. Identify risks
3. Perform qualitative risk analysis
4. Perform quantitative risk analysis
5. Plan risk responses
6. Monitor and control risks
By comparing these two schools of risk management, one can find that both of them are very similar to each other. I think the major difference is the intended focus of CRISC on information systems while RMP a more generic process.
The style of RMP is to try to give you a rich set of techniques and tools for practical use. In my opinion, it is tactical, loosely coupled and so I don't recognize it a methodology, or a rigorous methodology. At the moment not much detailed information about CRISC is available, so no comment can be made.
I don't know how many CRISC have already been certified in Hong Kong (actually should be none as of the time of this writing) but do know there are four RMP in Hong Kong. The figure would probably be increased to six (including me) next month.
The CRISC information can be found at http://www.isaca.org/Template.cfm?Section=CRISC1&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=16&ContentID=55525
The PMI-RMP information can be found at http://www.pmi.org/CareerDevelopment/Pages/AboutCredentialsPMI-RMP.aspx
