GRC Complete Course - Governance, Risk & Compliance Training
GRC Complete Course - Governance, Risk & Compliance Training
Last updated 2/2024
Duration: 19h52m | .MP4 1280x720, 30 fps(r) | AAC, 44100 Hz, 2ch | 6.77 GB
Genre: eLearning | Language: English
Last updated 2/2024
Duration: 19h52m | .MP4 1280x720, 30 fps(r) | AAC, 44100 Hz, 2ch | 6.77 GB
Genre: eLearning | Language: English
Information GRC Training Course - Governance, Risk, Compliance Master Course to make you a REAL GRC Expert!
What you'll learn
Learn an Introduction to Information Security GRC
Information Security Governance
Risk Management
Compliance Management
Security Metrics and Reporting
Information Security Policies and Procedures
Vendor Risk Management
Security Auditing and Assurance
Real-world examples and case studies illustrating GRC concepts and challenges
Requirements
Basic understanding of IT concepts: Participants should have a basic understanding of IT concepts such as networks, databases, and IT infrastructure.
Basic understanding for Information Security and Cybersecurity Concepts
Description
Welcome to the Governance and Compliance Complete Training
This course will help you in case you are preparing for many classes, including but not limited to
- ISC2 Certified Information System Security Professional (CISSP)
- ISC2 Certified in Governance, Risk and Compliance (CGRC)
- ISACA Certified Information System Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
In addition to that, this course represents a great reference to anyone working in GRC.
If you are preparing for CGRC Certification, this course will be an excellent aid for doing so; as per ISC2, the official CGRC outlines are
Domain 1: Information Security Risk Management Program
Domain 2: Scope of the Information System
Domain 3: Selection and Approval of Security and Privacy Controls
Domain 4: Implementation of Security and Privacy Controls
Domain 5: Assessment/Audit of Security and Privacy Controls
Domain 6: Authorization/Approval of Information System
Domain 7: Continuous Monitoring
During this course, you will get introduced to all of the above concepts in great details, however we suggest that in addition to following this course be familiar with the following resources "remember that our course is also aligned with the below"
Certainly! Here are the rephrased book titles, authors, and publishing information:
1. "Information Security Risk Management for ISCO 27001/ISO 27002, 3rd Edition" - Written by Alan Calder and Steve Watkins. Published by IT Governance Publishing in August 2019.
2. "ISO 27001/ISO 27002 A Pocket Guide, 2nd Edition" - Written by Chris Davis, Mike Kegerreis, and Mike Schille and published by McGraw-Hill in October 2013.
3. "IT Auditing Using Controls to Protect Information Assets, 3rd Edition" - Written by Mike Kegerreis, Mike Schiller, and Chris Davis and published by McGraw-Hill Education in October 2019.
4. "NIST FIPS-199, Standards for Security Categorization of Federal Information and Information Systems" - Published by the U.S. Department of Commerce in February 2004.
5. "NIST SP 800-115, Technical Guide to Information Security Testing and Assessment" - Written by Karen Scarfone, Murugiah Souppaya, Amanda Cody, and Angela Orebaugh and published in September 2008.
6. "NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations" - Written by Kelley Dempsey, Nirali Shah Chawla, Arnold Johnson, Ronald Johnston, Alicia Clay Jones, Angela Orebaugh, Matthew Scholl, and Kevin Stine and published in September 2011.
7. "NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems" - Written by Ron Ross, Michael McEvilley, and Janet Carrier Oren and published in March 2018.
8. "NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments" - Published by the Joint Task Force Transformation Initiative in September 2012.
9. "NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy" - Published by the Joint Task Force Transformation Initiative in December 2018.
10. "NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View" - Published by the Joint Task Force Transformation Initiative in March 2011.
11. "NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations" - Published by the Joint Task Force Transformation Initiative in September 2020.
12. "NIST SP 800-53B, Control Baselines for Information Systems and Organizations" - Published by the Joint Task Force Transformation Initiative in October 2020.
13. "NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories" - Written by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, and Jessica Gulick and published in August 2008.
14. "NIST SP 800-70, Rev. 4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers" - Written by Stephen D. Quinn, Murugiah Souppaya, Melanie Cook, and Karen Scarfone and published in September 2020.
15. "NIST SP 800-88, Guidelines for Media Sanitization" - Written by Richard Kissel, Andrew Regenscheid, Matthew Scholl, and Kevin Stine and published in December 2014.
I hope you will enjoy this course!
Course Overview:
Introduction to Information Security GRC:
Overview of information security governance, risk management, and compliance.
Importance of GRC in ensuring organizational security.
Information Security Governance:
Roles and responsibilities of key stakeholders in information security.
Development and implementation of information security policies, procedures, and standards.
Information security frameworks and best practices (e.g., ISO 27001, NIST Cybersecurity Framework).
Risk Management:
Risk assessment methodologies and techniques.
Identification and classification of information security risks.
Risk mitigation strategies and controls.
Risk monitoring and reporting.
Compliance Management:
Regulatory and legal requirements related to information security (e.g., GDPR, HIPAA, PCI DSS).
Compliance frameworks and controls.
Compliance audits and assessments.
Incident response and breach management.
Security Metrics and Reporting:
Key performance indicators (KPIs) for measuring information security effectiveness.
Security metrics and reporting frameworks.
Dashboards and visualizations for presenting security data to stakeholders.
Information Security Policies and Procedures:
Development and implementation of information security policies.
Creation of security awareness and training programs.
Incident response planning and procedures.
Vendor Risk Management:
They are assessing and managing risks associated with third-party vendors.
Contractual and legal considerations for vendor security.
Ongoing monitoring and evaluation of vendor security controls.
Security Auditing and Assurance:
Internal and external audits of information security controls.
Compliance with auditing standards and frameworks.
Assurance and attestation processes.
Emerging Trends and Technologies:
Current trends and challenges in information security GRC.
Emerging technologies impacting GRC practices (e.g., cloud computing, IoT, artificial intelligence).
Privacy and data protection considerations.
Course Format and Features:
Engage in interactive online modules and videos to enhance your understanding of concepts and principles.
Expert
More Info