Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Foundations of Governance, Risk, and Compliance

(ISC)² via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Effective implementation of governance, risk, and compliance (GRC) programs requires specific cybersecurity talent and leadership. GRC professionals must utilize frameworks and best practices to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management, and more. In this course, you will: - Relate GRC principles, responsibilities, and activities to frameworks, regulations, and requirements. - Identify the purpose, activities, and components of the scoping process. - Connect requirements, policies, management practices, and system capabilities that influence controls decisions. - Identify key steps and best practices for implementing security and privacy controls. - Summarize elements and processes involved in the assessment and audit of controls. - Consider the purpose and types of documentation and activities necessary to establish system compliance. - Identify activities and roles necessary to ensure effective monitoring and maintenance of system compliance. Who should take this course? IT, information security, and information assurance practitioners who have a need to understand or implement a comprehensive GRC program, including those in or pursuing the following positions: - Cybersecurity Auditor - Cybersecurity Compliance Officer - GGRC Architect - GRC Manager - Cybersecurity Risk & Compliance Project Manager - Cybersecurity Risk & Controls Analyst - Cybersecurity Third Party Risk Manager - Enterprise Risk Manager - GRC Analyst - GRC Director - Information Assurance Manager

Syllabus

  • Introduction
  • Security and Privacy GRC Program
    • Governance, risk, and compliance (GRC) encompasses the structured approach organizations follow to align IT and business strategies, manage risks effectively, and ensure organizational activities adhere to established regulations and standards.
  • Scope of the System
    • Scoping the system defines the boundaries and characteristics of the system that will be assessed and protected. It helps in identifying the system's assets, functions, interconnections, dependencies, area of operations, users, and stakeholders, as well as the applicable laws, regulations, policies, and standards that govern the system. Scoping of the system also helps to determine the level of risk that the system poses to the organization and its mission, and the level of effort and resources that will be required to manage the risk.
  • Selection and Approval of Framework, Security, and Privacy Controls
    • The selection and approval of controls requires an understanding of what a control is, what it is designed to do, and what policy decisions shape the controls environment. Controls decisions are shaped by a variety of influences, including statutory or regulatory obligations, organizational security or privacy policies, the organization’s risk management practices, existing controls, system capabilities, and contractual requirements associated with the operation of the system.
  • Implementation of Security and Privacy Controls
    • Security and privacy controls are the technical, administrative, and physical measures that an organization implements to protect its information systems and data from unauthorized access, use, disclosure, modification, or destruction. Control implementation and alignment helps an organization ensure the confidentiality, integrity, and availability of their information systems and data; reduce its exposure to threats and vulnerabilities; and demonstrate its adherence to relevant laws, regulations, and standards. It also enables the organization to communicate its security and privacy posture to its stakeholders, customers, and partners, and to build trust and reputation.
  • Assessment and Audit of Controls
    • The term assessment generally implies a less formal assessment activity, while the term audit implies a more formal assessment typically done to show compliance to a particular standard. Across industries, the utilization of these terms can be inconsistent. The GRC professional should understand how the terms are employed within the context of a specific use case. Here "assessment" is used as a broad term that encompasses both general evaluations and the specific instances of audits.
  • System Compliance
    • System compliance is the adherence of a system to the established standards, policies, and regulations that govern its operation, security, and performance. Documentation from security and privacy assessments after control implementation is reviewed to determine system compliance. These documents are analyzed against organizational risk strategy and risk assessments to determine residual risk compared to risk appetite. Once system compliance decisions are made and stakeholders acknowledge and agree on the risk treatment options, the system is authorized to operate and ready for production.
  • Compliance Maintenance
    • System compliance is not a one-time event. Compliance maintenance includes processes that ensure a system remains compliant throughout its life cycle and detects and resolves any compliance issues that may arise. It extends beyond periodic demonstration of compliance and involves a comprehensive approach to change management, ongoing activities, and system decommissioning with strict adherence to global and industry-specific frameworks.
  • Course Conclusion
    • ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our certified members and associates are a force for good, safeguarding the way we live. Our certifications enable professionals to demonstrate their knowledge, skills, and abilities at every stage of their careers. Becoming a certified professional through the CGRC demonstrates to employers and peers that you have the knowledge and skills to integrate governance, risk management, and regulatory compliance within an organization. It shows that you are able to use various international frameworks to manage risk and authorize and maintain information systems. Official trainings, seminars, courseware, and self-study aids from ISC2 are available to help you get ready for the rigorous CGRC exam by reviewing relevant domains and topics. Whether you prefer self-paced, online instructor-led, or in-person classroom training, ISC2 has an option to fit your schedule and learning style.
  • Foundations of Governance, Risk, and Compliance Final Assessment

Taught by

ISC2 Education & Training

Tags

Reviews

Start your review of Foundations of Governance, Risk, and Compliance

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.