Cgrc - Certified In Risk And Governance And Compliance -Isc2

CGRC - Certified in Risk and Governance and Compliance -ISC2 2023 Training

What you'll learn

Gain a comprehensive understanding of the RMF, including its purpose, key components, and the six-step authorization process.

Learn how to categorize information systems based on their impact levels, considering factors like confidentiality, integrity, and availability.

Understand the process of selecting and implementing appropriate security controls based on identified risks, system requirements, and organizational policies.

Learn various security assessment methodologies and techniques, including vulnerability scanning, penetration testing, and security control assessments.

Develop the skills to make informed authorization decisions based on the evaluation of the system's security posture, compliance with policies and regulations,

Understand the importance of continuous monitoring in maintaining the security posture of information systems, including identification, response, and remediati

Learn how to develop and maintain security authorization documentation, including security plans, risk assessment reports, and system security packages.

Gain knowledge of security governance principles, compliance requirements, and the roles and responsibilities of stakeholders in ensuring effective security pra

Requirements

Basic understanding of IT concepts: Participants should have a basic understanding of IT concepts such as networks, databases, and IT infrastructure.

Description

Welcome to the Certified in Risk and Governance and Compliance - CGRC Training "Formerly known as the Certified Authorization Professional - CAP" The Certified in Risk and Governance and Compliance (CGRC) is a globally recognized credential that validates professionals' expertise in the risk management framework and the process of authorizing and maintaining information systems. Our comprehensive CGRC certification course is designed to equip you with the necessary knowledge and skills to excel in the field of information system authorization.Course Overview:Risk Management Framework (RMF): Understand the principles and components of the RMF, including the six steps involved in the process of authorizing information systems.Security Categorization: Learn how to categorize information systems based on their impact levels, considering factors such as confidentiality, integrity, and availability.Security Controls Selection and Implementation: Explore the process of selecting and implementing appropriate security controls based on the identified risks and system requirements.Security Assessment: Gain an understanding of security assessment methodologies and techniques, including vulnerability scanning, penetration testing, and security control assessments.Authorization Decision: Learn how to make informed authorization decisions based on the evaluation of the system's security posture and compliance with applicable policies and regulations.Continuous Monitoring: Understand the importance of continuous monitoring in maintaining the security posture of information systems, including the identification and response to security incidents.Security Authorization Documentation: Learn how to develop and maintain security authorization documentation, including security plans, risk assessment reports, and system security packages.Security Governance and Compliance: Explore the principles of security governance and compliance, including the roles and responsibilities of stakeholders, policy development, and audit and compliance processes.Course Format and Features:Engage in interactive online modules, and videos, to enhance your understanding of CGRC concepts and principles.Expert Instructors: Learn from experienced instructors who have in-depth knowledge of authorization processes and practical industry experience.Real-world Case Studies: Apply your knowledge to real-world scenarios and case studies to strengthen your problem-solving and decision-making skills.Enroll in our CGRC certification course today and take a significant step towards advancing your career in information system authorization and risk management."This course is not official course - and not sponsored by ISC2" Course requirements To enroll in this course, you should have a basic understanding of information security concepts and practices. There are no other prerequisites for this course. Secure Your Future with CyvitrixIn today's digital age, cybersecurity and information security are no longer optional. With an increasing amount of sensitive information being stored and shared online, the need for top-notch security has never been greater. Welcome to Cyvitrix, your ultimate resource for comprehensive and cutting-edge cybersecurity courses.At Cyvitrix, we understand that knowledge is power — power to protect, power to prevent, and power to prosper. Our wide range of courses caters to everyone, from beginners who want to understand the basics to professionals seeking advanced skills to stay ahead of the curve.Why Choose Cyvitrix?Industry-Relevant Curriculum: We constantly update our courses to reflect the latest threats and trends in cybersecurity. You'll learn how to deal with real-world scenarios, preparing you for the challenges you'll face in the field.Expert Instructors: Our courses are taught by industry veterans with years of experience in cybersecurity and information security. They're not just teachers, they're practitioners who have been in the trenches.Flexible Learning: We believe in making learning accessible. Whether you prefer to study at your own pace online or enjoy the intensity of live online classes, we've got you covered.Certification: Upon completion of our courses, you'll receive a Cyvitrix certification, a testament to your newfound skills and a valuable addition to your professional profile.Community: Join a network of like-minded learners and experts. Share insights, ask questions, and build connections in our vibrant community.Whether you're looking to advance your career, start a new one, or simply enhance your understanding of cybersecurity, Cyvitrix is your trusted partner on this journey. With our courses, you're not just investing in education; you're investing in your future.Take the first step towards empowering your digital life. Enroll in a Cyvitrix course today.At Cyvitrix, we provide Training courses that help you as students to conquer and pass your certification exams from first attempt.Our courses are designed to provide you all what you need in order not only to pass the exam, but also to apply this knowledge to elevate and support your career objectivesWhy training with us is ideal for you?- Excellent quality video content- High courses quality- Organized materials- Real life scenarios and examples- Practice questions and questions ideas- Up to date content- Instructor is available to answer all questions you might get- Reasonable pricing

Overview

Section 1: Course Introduction - Certified In Governance and Risk and Compliance - CGRC

Lecture 1 CGRC Course Introduction

Lecture 2 Have a Question?

Lecture 3 Useful Links for CGRC Certification

Section 2: Domain 1 - Information Security Risk Management Program - 16%

Lecture 4 What we will cover in Domain 1

Lecture 5 CGRC-1-1 - The Security Objective

Lecture 6 CGRC-1-2 - Privacy vs Security

Lecture 7 CGRC-1-3 - Essential Security terms - Security Vulnerabilities

Lecture 8 Share your feedback about the Course!

Lecture 9 CGRC-1-4 - The Security Threats

Lecture 10 CGRC-1-5 - The Security Attacks

Lecture 11 CGRC-1-6 - Web Application Attacks

Lecture 12 CGRC-1-7 - Password Attacks and Techniques of Cracking Passwords

Lecture 13 CGRC-1-8 - Information Security Frameworks

Lecture 14 CGRC-1-9 - Laws and Regulations that Affect Information Security

Lecture 15 CGRC-1-10 - The Purpose of Security Program

Lecture 16 CGRC-1-11 - Risk Management Overview

Lecture 17 CGRC-1-12 - Risk Management Frameworks

Lecture 18 CGRC-1-13 - Vendor Management and Security requirements in Contracts

Lecture 19 CGRC-1-14 - Supply Chain Risk Management

Lecture 20 CGRC-1-15 - SOC Reports

Lecture 21 CGRC-1-18 - Software Development Process

Lecture 22 CGRC-1-17 - Software Development Methodologies

Section 3: Domain 2 - Scope of the Information System - 11%

Lecture 23 What we will cover in Domain 2

Lecture 24 CGRC-2-1 - Information System Architecture

Lecture 25 CGRC-2-2 - Computing System Components

Lecture 26 CGRC-2-3 - Computing device forms and types of OS and Platforms

Lecture 27 CGRC-2-4 - Software Types and Licenses

Lecture 28 CGRC-2-5 - Data Lifecycle

Lecture 29 CGRC-2-6 - Roles in Data and Assets Protection

Lecture 30 CGRC-2-7 - Data Classification

Lecture 31 CGRC-2-8 - Data Security Measures

Lecture 32 CGRC-2-9 - Retention of Business Records

Lecture 33 CGRC-2-10 - Data Destruction

Lecture 34 CGRC-2-11 - Introduction to Databases

Lecture 35 CGRC-2-12 - Database Management System

Lecture 36 CGRC-2-13 - Database Security Key Concepts

Lecture 37 CGRC-2-14 - Authentication, Authorization and Accounting

Lecture 38 CGRC-2-15 - Authorization and Access Control Models

Lecture 39 CGRC-2-16 - Owner and Custodian and their responsibilities

Lecture 40 CGRC-2-17 - Active Directory and LDAP Overview

Section 4: Domain 3 - Selection and Approval of Security and Privacy Controls - 15%

Lecture 41 What we will cover in Domain 3

Lecture 42 CGRC-3-1 - Risk Identification Process

Lecture 43 CGRC-3-2 - Types of Risk

Lecture 44 CGRC-3-3 - Threat Model Overview

Lecture 45 CGRC-3-4 - Threat Model using STRIDE and DREAD

Lecture 46 CGRC-3-5 - Risk Analysis and Evaluation

Lecture 47 CGRC-3-6 - Managing the Risk and Apply Risk Response Strategy

Lecture 48 CGRC-3-7 - Risk Reporting and Monitoring

Lecture 49 CGRC-3-8 - Security Controls

Lecture 50 CGRC-3-9 - Security Controls Examples

Lecture 51 CGRC-3-10 - Control Objective and Control Testing

Lecture 52 CGRC-3-11 - Defens in Depth or layered defenses

Lecture 53 CGRC-3-12 - Controls Review and Evaluation

Lecture 54 CGRC-3-13 - The Process of Acquiring New technology

Lecture 55 CGRC-3-14 - Feasibility Analysis and Business Case

Lecture 56 CGRC-3-15 - Project vs Program and Project Management Roles

Lecture 57 CGRC-3-16 - Key Performance Indicators

Lecture 58 CGRC-3-17 - Understand Key Risk Indicators in Risk Monitoring

Section 5: Domain 4 - Implementation of Security and Privacy Controls - 16%

Lecture 59 What we will cover in Domain 4

Lecture 60 CGRC-4-1 - Policies

Lecture 61 CGRC-4-2 - Standards

Lecture 62 CGRC-4-3 - Procedures and Guidelines

Lecture 63 CGRC-4-4 - Social Engineering

Lecture 64 CGRC-4-5 - Security Awareness Program

Lecture 65 CGRC-4-6 - Privacy Regulation Requirements

Lecture 66 CGRC-4-7 - Privacy Regulation Roles

Lecture 67 CGRC-4-8 - Overview of IT Network

Lecture 68 CGRC-4-9 - Network Topology and Examples

Lecture 69 CGRC-4-10 - OSI Model Overview

Lecture 70 CGRC-4-11 - Network Security Controls

Lecture 71 CGRC-4-12 - Wireless, VoIP, IoT Security

Lecture 72 CGRC-4-13 - Endpoint Security Controls

Lecture 73 CGRC-4-14 - Endpoint Protection Platform

Lecture 74 CGRC-4-15 - Personnel Security Overview

Lecture 75 CGRC-4-16 - Physical Security Overview

Lecture 76 CGRC-4-17 - Physical Security Best Practices

Section 6: Domain 5 - Assessment/Audit of Security and Privacy Controls - 16%

Lecture 77 What we will cover in Domain 5

Lecture 78 CGRC-5-1 - Security Testing and Assessment

Lecture 79 CGRC-5-2 - Information System Auditing

Lecture 80 CGRC-5-3 - The Process of Auditing

Lecture 81 CGRC-5-4 - The Information System Auditor

Lecture 82 CGRC-5-5 - The Audit Committee

Lecture 83 CGRC-5-6 - Audit Planning

Lecture 84 CGRC-5-7 - Legal and Regulatory Requirements and Audit

Lecture 85 CGRC-5-8 - Audit Execution

Lecture 86 CGRC-5-9 - Evidence Collection during Auditing

Lecture 87 CGRC-5-10 - Using Sampling in Audit Engagement

Lecture 88 CGRC-5-11 - Audit Reporting and Documentation

Lecture 89 CGRC-5-12 - Security Testing and Penetration Testing

Lecture 90 CGRC-5-13 - Types of Penetration Testing

Lecture 91 CGRC-15-14 - Vulnerability Assessment

Section 7: Domain 6 - Authorization/Approval of Information System - 10%

Lecture 92 What we will cover in Domain 6

Lecture 93 CGRC-6-1 - Certification vs Accreditation of New System - ATO

Lecture 94 CGRC-6-2 - Software and Information System Testing - 1

Lecture 95 CGRC-6-3 - Software and Information System Testing - 2

Lecture 96 CGRC-6-4 - Software and System Implementation

Lecture 97 CGRC-6-6 - Release Management

Lecture 98 CGRC-6-5 - Change Management Process

Lecture 99 CGRC-6-7 - Types of Changes

Lecture 100 CGRC-6-8 - Configuration Management

Lecture 101 CGRC-6-9 - Patch Management and Vulnerability Management

Lecture 102 CGRC-6-10 - Asset Management

Section 8: Domain 7 - Continues Monitoring - 16%

Lecture 103 What we will cover in Domain 7

Lecture 104 Important Note for Domain 7 - CGRC Certification Training

Lecture 105 CGRC-7-1 - Incident Management Process

Lecture 106 CGRC-7-2 - Incident Response Team Formation

Lecture 107 CGRC-7-3 - Security Operation Center

Lecture 108 CGRC-7-4 - SIEM and Log Managemetn

Lecture 109 CGRC-7-5 - IT Help Desk

Lecture 110 CGRC-7-6 - Disasters and Disaster Recovery Plan

Lecture 111 CGRC-7-7 - Business Continuity Plan

Lecture 112 CGRC-7-8 - DRP & BCP Considerations

Lecture 113 CGRC-7-9 - Understand RTO and RPO

Lecture 114 CGRC-7-10 - Recovery Strategies

Lecture 115 CGRC-7-11 - BCP and DRP Testing and Evaluation

Section 9: What is Next?

Lecture 116 Bonus Lecture

IT managers: IT managers who are responsible for managing IT operations and ensuring they are aligned with business objectives and comply with legal and regulatory requirements.,IT professionals: IT professionals who are responsible for implementing and managing IT processes, such as IT service management, IT security, and IT risk management.,Compliance professionals: Compliance professionals who are responsible for ensuring that the organization's IT processes comply with legal and regulatory requirements.,Risk management professionals: Risk management professionals who are responsible for identifying and managing IT risks.,Governance, Risk and Compliance Professionals,People who want to obtain CGRC Certification