On June 15, 2024, ISC2 will update the CGRC exam. This exam update is the result of the Job Task Analysis (JTA), which is an analysis of the knowledge, skills and abilities of the credential evaluated by ISC2 members on a triennial cycle. The exam domain weights for the CGRC will change as follows:
|
Current (Effective August 15, 2021) |
New (Effective June 15, 2024) |
||
1 |
Information Security Risk Management Program |
16% |
Security and Privacy Governance, Risk Management, and Compliance Program |
16% |
2 |
Scope of the Information System |
11% |
Scope of the System |
10% |
3 |
Selection and Approval of Security and Privacy Controls |
15% |
Selection and Approval of Framework, Security, and Privacy Controls |
14% |
4 |
Implementation of Security and Privacy Controls |
16% |
Implementation of Security and Privacy Controls |
17% |
5 |
Assessment/Audit of Security and Privacy Controls |
16% |
Assessment/Audit of Security and Privacy Controls |
16% |
6 |
Authorization/Approval of Information System |
10% |
System Compliance |
14% |
7 |
Continuous Monitoring |
16% |
Compliance Maintenance |
13% |
|
Total: |
100% |
Total: |
100% |
For more information, please review our CGRC Exam Update FAQs or the CGRC Exam Outline.
Hi, Do you think when the new exam changes go in place there will be a update to the self study material needed? Will there be an updated CBK?
Hi there
I am an authorized ISC2 instructor for CGRC. From my point of view, there are only minor tweaks to the distribution of questions (see the original posting). You do not need to wait for updated CBK materials.
The exam questions are primarily based on your knowledge of Information Security/cybersecurity and important NIST standards. The current material is very good. See my earlier posting on common standards such NIST, ISO etc for you to review as part of the curriculum.
https://community.isc2.org/t5/CGRC-Study-Group/Self-Study-or-Enroll-in-ISC2-Course/m-p/65306
Best wishes,
Dr K