Course Outline
Pre-Requisites
Cybersecurity Foundations
Security+ Certification Prep Course
Lessons
- Develop a strategy to mitigate compliance risk based on laws governing Information Technology and reporting requirements to various regulatory bodies
- Contribute to a risk management strategy that will frame an organization's risk tolerance along with defining and enabling managers to understand the levels of risk they are allowed to take
- Create policies supported by controls that utilize frameworks and standards to minimize risk to an acceptable level
- Determine the mechanisms to raise the organization's risk maturity level
- Support both top-down and bottom-up approaches to enterprise security by acquiring management buy-in and improving employee attitudes to security
- Contribute to a business continuity plan that prioritizes business processes
- Select an eGRC tool to help manage risk based on requirements and capabilities
Why Does GRC Matter?
- Terms and definitions
- Assets, value
- Increasing importance of Governance, Risk, and Compliance
- Essence of compliance
- Industry Standards: Payment Card Industry (PCI)
- Industry Standards: Sarbanes-Oxley (SOX) Act
- Industry Standards: Financial Industry Regulatory Authority (FINRA)
- Industry Standards: General Data Protection Regulation (GDPR)
- Compliance and company policy
- Impact of privacy
- Personally identifiable information (PII), protected health information (PHI)
- Data architecture
- Data handling
- Encryption
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic and Clinical Health (HITECH) Act
- Gramm-Leach-Bliley Act (GLBA)
- Privacy best practices
- CIA triad
- Threat modeling
- Risk assessment
- Quantitative vs. qualitative risk assessment
- Risk assessment models
- Risk likelihood and impact
- Risk tolerance
- Risk appetite
- Business impact analysis (BIA)
- Risk mitigation strategies
- Risk management strategies: Mitigation, avoidance, transference, acceptance
- Risk Management Framework (RMF)
- RMF vs. CAP
- Risk maturity level
- Residual risk
- Continuous monitoring and incident response
- Patch management and the Common Vulnerability Scoring System (CVSS)
- Enterprise-wide attitudes to security and risk
- FUD: Fear, uncertainty, and doubt
- Governance failures in the real world
- Buy-in
- NICE, best practices, role-based training
- Aligning risk management with business goals
- Authorized use policies
- Tools: Training, rewards and consequences, hiring practices
- Ongoing monitoring and tracking
- Business continuity plan (BCP)
- Disaster recovery plan (DRP)
- Business impact analysis (BIA)
- Single point of failure
- Redundancy
- BCP dependency chain
- Rapid information sharing
- RACI chart
- Discussion: Fast vs. good vs. cheap
- eGRC: Archer and OpenPages
- Real-time access to information
- Reporting
- Relevance
- Interoperability
- Savings through reduced complexity
- Challenge: Why does GRC matter?
- Challenge: Collaborate on compliance solutions
- Challenge: Identify and classify PII
- Challenge: Calculate risk
- Challenge: Choose a risk management strategy
- Challenge: Adjust corporate culture
- Challenge: Develop a DRP and integrate it with the BCP
- Challenge: Explore eGRC tools
WHO SHOULD ATTEND
- Mid-career professionals who are interested in a career in risk analysis and management of cybersecurity processes, tools, and people.
- Students should have at least two years of experience in cybersecurity but can come to this course from a variety of backgrounds, including but not limited to auditing, project management, DevOps, and engineering.
Cancellation Policy
We require 16 calendar days notice to reschedule or cancel any registration. Failure to provide the required notification will result in 100% charge of the course. If a student does not attend a scheduled course without prior notification it will result in full forfeiture of the funds and no reschedule will be allowed. Within the required notification period, only student substitutions will be permitted. Reschedules are permitted at anytime with 16 or more calendar days notice. Enrollments must be rescheduled within six months of the cancel date or funds on account will be forfeited.
Training Location
Online Classroom
your office
your city,
your province
your country
I would never take another course that starts at 11AM and goes to 9PM again. The way the course was laid out really took away from the capturing of what was presented as it was 5-6 hours of watching a screen before getting to the actual labs. There has to be a better way to lay out this particular course. In my previous course, the lectures were broken up by labs which worked out fantastic and kept you engaged in the course. There were days when in order to actually complete the labs, would go over the 9PM day end time frame. Was able to get the primary labs done, but if you want to get all the content completed, you cannot complete it in the window of this course, you will need to come back on your own time.