Cybersecurity: Governance, Risk and Compliance Masterclass

About Course

This hands-on course covers 4 main modules providing know-how and understanding the following:

Course Outline

Cybersecurity Fundamentals
Governance and Policy Writing
Risk Management
Compliance and ITGC

94330cookie-checkCybersecurity: Governance, Risk and Compliance Masterclass

Course Content

Cybersecurity Fundamentals
This module takes you through the foundation in Cybersecurity as follows: Introduction to Cybersecurity, Cybersecurity Careers and Fraud Issues, Fundamental Objectives of Cybersecurity, AAA Principles and Authentication, Security Principles and Best Practices, Network Security, Malware and Social Engineering, Web Security, Operating System Security and Wireless Security. Incident Response and Recovery Ethical and Legal Considerations Future Trends in Cybersecurity

Introduction to Cybersecurity
Cybersecurity Cases and Fraud Issues
Fundamental Objectives of Cybersecurity
AAA Principles and Authentication
Security Principles and Best Practices
Network Security
Malware and Social Engineering
Web Security
Operating System Security and Wireless Security
Incident Response and Recovery
Ethical and Legal Considerations
Future Trends in Cybersecurity

Governance and Policy Writing
This module provides the basics of GRC and hands-on Policy writing. The modules will cover the following Introduction to GRC, GRC Frameworks and Standards, Governance and Board Oversight, Risk Management Fundamentals, Compliance Management, Internal Controls and Assurance, GRC Technology Solutions, GRC Policies and Procedures, Risk Assessment and Risk Appetite, Compliance Monitoring and Reporting, Internal Audit and Controls Testing, Incident Management and Response, GRC Reporting and Communication, Vendor and Third-Party Risk Management, Ethics and Corporate Social Responsibility, Training and Awareness Programs, GRC Program Governance and Maturity, Emerging Trends in GRC

Introduction to GRC, GRC Frameworks and Standards
Governance and Board Oversights
GRC Policies and Procedures
Risk Management Fundamentals
Compliance Management
Internal Controls and Assurance
Internal Audit and Controls Testing
GRC Reporting and Communication
Training and Awareness Programs
Policy Writing Assignment
Awareness Training Assignment

Risk Management
This module expose the steps in risk management based on NIST CSF and NIST RMF. Covering the following Introduction to Risk, Types of Risk, Risk Assessment, Risk Monitoring and Management, Vulnerability Scanning Tools, Risk Domains and Levels, Linking Penetration Test Results to NIST Control Families, Risk Mitigation Strategies, Business Impact Analysis, Risk Culture and Awareness, Software Development Lifecycle (SDLC), FISMA Risk Management Framework (RMF)

Introduction to Risk Management

00:00
Risk Assessment
Risk Monitoring and Management
Risk Assessment Tools and Techniques

00:00
Risk Domains and Levels
Linking Penetration Test Results to NIST Control Families

00:00
Risk Mitigation Strategies

00:00
Introduction to NIST Cybersecurity Framework CSF
Identify
Protect
Detect
Respond

00:00
Recover
Implementing the NIST Cybersecurity Framework
Integrating the NIST Framework with other Standards and Regulations
Emerging Trends and Future of the NIST Framework

00:00
Introduction to FISMA-RMF
FISMA Overview

00:00
Introduction to RMF

00:00
RMF Roles and Responsibilities

00:00
General Support System (GSS)

00:00
Major Application (MA) and Minor Application (mA)

00:00
Confidentiality, Integrity, and Availability of Federal System

00:00
Categorization
Categorization – Privacy Impact Assessment & Threshold Analysis (PIA/PTA)
Categorization – 3rd Party website/Application
Categorization – System of record notices-SORN

00:00
Categorization – OMB Number
Categorization – E-Authentication
Categorization – High Value Asset (HVA)
Categorization – Summary of the Phase of Categorization
NIST CSF- Risk Assessment
GRC Masterclass: Risk Management
GRC Masterclass: Risk Management
GRC Masterclass: Risk Management

Compliance and ITGC
The Compliance and ITGC leads into compliance frameworks and regulation by performing IT Auding to be compliance. The following are covered as follows: ISO 27001:2013, PCI-DSS, HIPAA/HITECH/HITRUST and Third Party Risk Management.

Introduction to Compliance and ITGC
ISO/IEC 27001:2013 – Overview
ISO/IEC 27001:2013 – ISO 27000 Family
ISO/IEC 27001:2013 – ISO 27001 Phases
ISO/IEC 27001:2013 – ISO 27000 Family of Controls
ISO/IEC 27001:2013 – ISMS
ISO/IEC 27001:2013
ISO/IEC ISO 27002:2022
ISO/IEC 27001:2013 – Management Controls for ISO 27001
ISO/IEC 27001:2013: Management Controls per ISO 27001
ISO/IEC 27001:2013 – Benefits of Certification for ISO 27001
ISO/IEC 27001:2013 – Advantages of Continuing on the Certification
ISO/IEC 27001:2013 – Pre-Audit Procedures
ISO/IEC 27001:2013 – Audit Procedures
ISO/IEC 27001:2013 – ISO 27001 Certification Process
ISO/IEC 27001:2013 – ISO 27001 Certification Process: Cont.
ISO/IEC 27001:2013 – ISO 27001 Certification Maintenance
Assignments – ISO 27001 Assignment
PCI Data Security Standard
PCI Requirements Overview
PCI Requirements Overview 2
PCI Requirements Overview 3
PCI Data Security Standard
PCI DSS Requirements for Security Controls and Procedures
PCI DSS Requirements for Security Controls and Procedures
PCI DSS: Specifications and Guidelines
PCI DSS: Ecosystem of Payment Devices, Applications, Infrastructure, and Users
PCI DSS: What is Scoping?
PCI Data Security Standard Requirements and Security Assessment Procedures)
PCI Data Security Standard Requirements
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA: The Following Federal Laws Protect The Privacy Of Patients
HIPAA: Those Impacted
HIPAA: Affected Area
HIPAA: Protected Health Information (PHI)
HIPAA: Minimum Information Required
The Health Insurance Portability and Accountability Act: HIPAA
HIPAA: The Security Risk Assessment
HITRUST
HITRUST: CSF
HITRUST: High-Level Assessment Steps
HIPAA /HITECH: The Health Information Technology for Clinical and Economic Health
HITECH: The Health Information Technology for Clinical and Economic Health Act
HITECH: II Meaningful Use Requirements
HITECH: III Breach Notification Rules
HITECH: IV Enforcement and Penalties
Case Study
HIPAA/HITECH/HITRUST: Conclusion
Third-Party Risk Management – Vendor due diligence
TPRM: What Third-Party Companies Do
TPRM: Illustrations of Third Parties
TPRM: Terminology
TPRM: Vendor
TPRM: Types of Risk
TPRM: TPRM Evolution
TPRM: Management
TPRM: Classification of Data
TPRM: Process
TPRM: Policy
TPRM: What to do first
TPRM: Keeping the process right
TPRM: Inherent Risk Questionnaire
TPRM: Significance of this Procedure
TPRM: Who fill’s the IRQ?
TPRM: Questionnaire Info.
TPRM: TPRM Questionnaire Controls
TPRM: Best Strategy
TPRM: Verify Every Control
TPRM: Report SOC 2 Type 2
TPRM: What Makes a Finding?
TPRM: The TPRM Generated Report: How is it Made?
TPRM: What Makes a TPRM Report?
TPRM: Vendor Tier
TPRM: Fourth Party

Student Ratings & Reviews

No Review Yet

About Course

Course Content

Introduction to Cybersecurity

Cybersecurity Cases and Fraud Issues

Fundamental Objectives of Cybersecurity

AAA Principles and Authentication

Security Principles and Best Practices

Network Security

Malware and Social Engineering

Web Security

Operating System Security and Wireless Security

Incident Response and Recovery

Ethical and Legal Considerations

Future Trends in Cybersecurity

Introduction to GRC, GRC Frameworks and Standards

Governance and Board Oversights

GRC Policies and Procedures

Risk Management Fundamentals

Compliance Management

Internal Controls and Assurance

Internal Audit and Controls Testing

GRC Reporting and Communication

Training and Awareness Programs

Policy Writing Assignment

Awareness Training Assignment

Introduction to Risk Management

Risk Assessment

Risk Monitoring and Management

Risk Assessment Tools and Techniques

Risk Domains and Levels

Linking Penetration Test Results to NIST Control Families

Risk Mitigation Strategies

Introduction to NIST Cybersecurity Framework CSF

Identify

Protect

Detect

Respond

Recover

Implementing the NIST Cybersecurity Framework

Integrating the NIST Framework with other Standards and Regulations

Emerging Trends and Future of the NIST Framework

Introduction to FISMA-RMF

FISMA Overview

Introduction to RMF

RMF Roles and Responsibilities

General Support System (GSS)

Major Application (MA) and Minor Application (mA)

Confidentiality, Integrity, and Availability of Federal System

Categorization

Categorization – Privacy Impact Assessment & Threshold Analysis (PIA/PTA)

Categorization – 3rd Party website/Application

Categorization – System of record notices-SORN

Categorization – OMB Number

Categorization – E-Authentication

Categorization – High Value Asset (HVA)

Categorization – Summary of the Phase of Categorization

NIST CSF- Risk Assessment

GRC Masterclass: Risk Management

GRC Masterclass: Risk Management

GRC Masterclass: Risk Management

Compliance and ITGC The Compliance and ITGC leads into compliance frameworks and regulation by performing IT Auding to be compliance. The following are covered as follows: ISO 27001:2013, PCI-DSS, HIPAA/HITECH/HITRUST and Third Party Risk Management.

Introduction to Compliance and ITGC

ISO/IEC 27001:2013 – Overview

ISO/IEC 27001:2013 – ISO 27000 Family

ISO/IEC 27001:2013 – ISO 27001 Phases

ISO/IEC 27001:2013 – ISO 27000 Family of Controls

ISO/IEC 27001:2013 – ISMS

ISO/IEC 27001:2013

ISO/IEC ISO 27002:2022

ISO/IEC 27001:2013 – Management Controls for ISO 27001

ISO/IEC 27001:2013: Management Controls per ISO 27001

ISO/IEC 27001:2013 – Benefits of Certification for ISO 27001

ISO/IEC 27001:2013 – Advantages of Continuing on the Certification

ISO/IEC 27001:2013 – Pre-Audit Procedures

ISO/IEC 27001:2013 – Audit Procedures

ISO/IEC 27001:2013 – ISO 27001 Certification Process

ISO/IEC 27001:2013 – ISO 27001 Certification Process: Cont.

ISO/IEC 27001:2013 – ISO 27001 Certification Maintenance

Assignments – ISO 27001 Assignment

PCI Data Security Standard

Compliance and ITGC
The Compliance and ITGC leads into compliance frameworks and regulation by performing IT Auding to be compliance. The following are covered as follows: ISO 27001:2013, PCI-DSS, HIPAA/HITECH/HITRUST and Third Party Risk Management.