• Course
  • Vendor

New – Acquire the skills to design a system of governance to enforce compliance with laws, regulations, and company policies. GK# 6974

  • Course Start Date: 2019-07-29
  • Time: 08:30:00 - 16:30:00
  • Duration: 3 days 08:30 AM - 04:30 PM
  • Location: Virtual
  • Delivery Methods(s): Virtual Instructor Led

Course Outline

Pre-Requisites

Cybersecurity Foundations
Security+ Certification Prep Course

Lessons

In an ever-changing political and criminal landscape, there is an increasing need for people with specialized and up-to-date knowledge of current cybersecurity laws, regulations, and best practices. The skills gap this need creates in an organization exposes the organization to liability.

Cybersecurity Specialization: Governance, Risk, and Compliance will give you an understanding of the current laws and regulations that drive the creation of a governance system of rules, practices, and processes by which a company is directed and controlled. Understanding the fundamentals of the implementation of a risk management strategy will help your organization achieve compliance through policy management, control creation, and assessment of the effectiveness of controls. In this course, you will learn to set up processes to enforce compliant behaviors in your organization, including the enforcement of a systemic culture of documentation, verification, audits, remediation, follow-through, responsibility, and authority.

The course uses a challenge-based design focusing on what a learner should be able to do at the end of the course and back on the job. The practice opportunities and challenge activities resemble—as much as possible—tasks the learner would be asked to perform in a real-life situation.

WHAT YOU'LL LEARN
  • Develop a strategy to mitigate compliance risk based on laws governing Information Technology and reporting requirements to various regulatory bodies
  • Contribute to a risk management strategy that will frame an organization's risk tolerance along with defining and enabling managers to understand the levels of risk they are allowed to take
  • Create policies supported by controls that utilize frameworks and standards to minimize risk to an acceptable level
  • Determine the mechanisms to raise the organization's risk maturity level
  • Support both top-down and bottom-up approaches to enterprise security by acquiring management buy-in and improving employee attitudes to security
  • Contribute to a business continuity plan that prioritizes business processes
  • Select an eGRC tool to help manage risk based on requirements and capabilities

OUTLINE
Why Does GRC Matter?
  • Terms and definitions
  • Assets, value
  • Increasing importance of Governance, Risk, and Compliance
Industry Compliance
  • Essence of compliance
  • Industry Standards: Payment Card Industry (PCI)
  • Industry Standards: Sarbanes-Oxley (SOX) Act
  • Industry Standards: Financial Industry Regulatory Authority (FINRA)
  • Industry Standards: General Data Protection Regulation (GDPR)
  • Compliance and company policy
Privacy Compliance
  • Impact of privacy
  • Personally identifiable information (PII), protected health information (PHI)
  • Data architecture
  • Data handling
  • Encryption
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Gramm-Leach-Bliley Act (GLBA)
  • Privacy best practices
Risk Assessment
  • CIA triad
  • Threat modeling
  • Risk assessment
  • Quantitative vs. qualitative risk assessment
  • Risk assessment models
  • Risk likelihood and impact
  • Risk tolerance
  • Risk appetite
  • Business impact analysis (BIA)
  • Risk mitigation strategies
Risk Management
  • Risk management strategies: Mitigation, avoidance, transference, acceptance
  • Risk Management Framework (RMF)
  • RMF vs. CAP
  • Risk maturity level
  • Residual risk
  • Continuous monitoring and incident response
  • Patch management and the Common Vulnerability Scoring System (CVSS)
Corporate Culture
  • Enterprise-wide attitudes to security and risk
  • FUD: Fear, uncertainty, and doubt
  • Governance failures in the real world
  • Buy-in
  • NICE, best practices, role-based training
  • Aligning risk management with business goals
  • Authorized use policies
  • Tools: Training, rewards and consequences, hiring practices
  • Ongoing monitoring and tracking
Governance and Policy
  • Business continuity plan (BCP)
  • Disaster recovery plan (DRP)
  • Business impact analysis (BIA)
  • Single point of failure
  • Redundancy
  • BCP dependency chain
  • Rapid information sharing
  • RACI chart
  • Discussion: Fast vs. good vs. cheap
Course Look Around
  • eGRC: Archer and OpenPages
  • Real-time access to information
  • Reporting
  • Relevance
  • Interoperability
  • Savings through reduced complexity

LABS
  • Challenge: Why does GRC matter?
  • Challenge: Collaborate on compliance solutions
  • Challenge: Identify and classify PII
  • Challenge: Calculate risk
  • Challenge: Choose a risk management strategy
  • Challenge: Adjust corporate culture
  • Challenge: Develop a DRP and integrate it with the BCP
  • Challenge: Explore eGRC tools

WHO SHOULD ATTEND
  • Mid-career professionals who are interested in a career in risk analysis and management of cybersecurity processes, tools, and people.
  • Students should have at least two years of experience in cybersecurity but can come to this course from a variety of backgrounds, including but not limited to auditing, project management, DevOps, and engineering.

Cancellation Policy

We require 16 calendar days notice to reschedule or cancel any registration. Failure to provide the required notification will result in 100% charge of the course. If a student does not attend a scheduled course without prior notification it will result in full forfeiture of the funds and no reschedule will be allowed. Within the required notification period, only student substitutions will be permitted. Reschedules are permitted at anytime with 16 or more calendar days notice. Enrollments must be rescheduled within six months of the cancel date or funds on account will be forfeited.

Training Location

Online Classroom
your office

your city, your province
your country   

About Global Knowledge

x

Global Knowledge is the world's leading learning services and professional development solutions provider. We deliver learning solutions to support customers as they adapt to key business transformations and technological advancements that drive the way that organizations around the world differentiate themselves and thrive. Our learning programs, whether designed for a global organization or an individual professional, help businesses close skills gaps and foster an environment of continuous talent development.

Training Provider Rating

This vendor has an overall average rating of 4.39 out of 5 based on 424 reviews.

No comment
No comment
No comment
No comment
No comment
No comment
No comment
No comment
No comment
No comment
No comment
No comment
Wasn’t as advanced as I thought it would be. There was an issue when the day my course was the first time they used a new platfo ... Read more
x

Wasn’t as advanced as I thought it would be. There was an issue when the day my course was the first time they used a new platform.. from adobe to something called zoom; I had to call support line cause it stated our instructor wasn’t present. Thankfully I called cause everyone online was in the adobe virtual classroom waiting for what looked like a teacher who didn’t show up for class (IT didn’t get anything resolved until 10mins after start time). I felt like he was really getting hung up on very basic knowledge for the first half of the course (talking about how to create tabs and drag formulas as an example). I completed files a few times before he was done explaining. There was a scheduled fire drill for them (roughly 30mins)that also cut into our time, which wasn’t deducted from the hour lunch break or the two, fifteen min breaks. I also really wish he touched base more on the automating workbook functions portion which we barely did. I'm happy there were/are those study guides (learning videos) and exams to take on my own time that I hope after I've had the class are still available for me to learn from.

No comment
No comment
No comment
No comment
It was difficult to practice on my PC while trying to watch the presentation online.
No comment
David was excellent!! I am very for having this course!!

Course Reviews

No Reviews Yet