Governance, Risk And Compliance (Grc)

Making security work for your company

What you'll learn

Define the responsibilities of information security or cybersecurity governance

Understand what compliance really is

Implement risk management and analysis in an agile fashion

How to apply GRC knowledge for all cybersecurity personnel

Understand how to engage with all levels of your company

Understand data privacy regulations like HIPAA and GDPR for security practice

Understand ISO 27001, NIST, SOC2 and other frameworks and standards

Requirements

No prior cybersecurity or information security pre-requisites

Description

This is a course on Governance, risk management and compliance for apprentices, students, InfoSec/Cyber professionals and other professionals who want to gain an understanding of GRC for their company or role. I am so excited you have made this wise decision to invest in your career development. GRC is a holistic approach to managing an organisation’s quality management and risks, as well as ensuring compliance with regulations. It involves aligning a company’s governance structure, quality and risk processes, and compliance activities to better enable the achievement of the company’s strategic goals.This course will teach you the fundamentals of GRC, including what GRC is and why it is important; the key components of GRC; how to implement a GRC program and; how to use GRC to improve your company's performance.Where you are a beginner or an experienced security practitioner, this course is for you. I will break down complex concepts into easy to understand steps. You can learn at your own pace and on your own time.Course Objectives:1. Provide a comprehensive understanding of the principles, frameworks, and best practices of governance, risk, and compliance.2. Develop the skills and knowledge required to identify, assess, and mitigate risks within an organization.3. Explore the legal and regulatory requirements that organizations must adhere to and the strategies for ensuring compliance.4. Equip students/professionals with the ability to design and implement effective GRC programs tailored to the specific needs of an organization.5. Foster critical thinking and decision-making abilities in the context of GRC, enabling students/professionals to make informed and ethical choices.6. Equip people with the knowledge needed to take and pass ISACA's CRISC certification, as well as act as an enhancer to those working towards CISM.Target Audience:This course is suitable for apprentices during their cybersecurity standards, undergraduate and postgraduate students moving into information security and cybersecurity, and anyone wanting to take the CRISC and CISM certifications. Additionally, professionals working in risk management, compliance, internal audit, legal, and corporate governance roles will benefit from this course to enhance their skills and knowledge. Finally, people from other areas of business who want to gain an understanding of what GRC is, its benefits and how to leverage GRC to better their productivity and sales figures without the jargon. Expected Outcomes:1. Students/professionals will gain a deep understanding of GRC principles, enabling them to contribute effectively to risk management and compliance initiatives in organizations.2. Participants will acquire the necessary skills to develop and implement robust GRC programs tailored to the needs of their respective organizations.3. The course will enhance critical thinking, problem-solving, and ethical decision-making skills among participants.4. Students/professionals will be better prepared to pursue careers in risk management, compliance, internal audit, and corporate governance roles.I have been in IT for almost two and a half decades and in information security since 2009. I hold numerous IT, security, risk management and data privacy-related certifications. I am committed to helping each and every one of you to succeed, and I am confident that you will learn a lot in this course. Everyone who takes this course gets access to support from myself. Rest assued you are in good, experienced hands.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Multi-skilled backgrounds and the principles of being a security practitioner

Lecture 3 Personal brand, transferable skills and career paths

Section 2: Understanding Governance, Risk, and Compliance

Lecture 4 Understanding the fundamental concepts of governance, risk and compliance

Lecture 5 The importance of GRC and security culture in modern organisations

Lecture 6 Business and security language communications

Section 3: Business Governance

Lecture 7 Principles and components of effective governance for business

Lecture 8 Building an effective business-aligned security program

Section 4: Risk Management

Lecture 9 Introduction to risk management and its importance in GRC

Lecture 10 Information Security risk and the business ecosystem

Lecture 11 ISO 31000, 27005, COSO, COBIT and RISK IT Framework

Lecture 12 Risk governance

Lecture 13 Risk assessments

Lecture 14 Risk qualitative and quantative

Lecture 15 Risk response and reporting

Lecture 16 Risk and software development lifecycle advantages, and being a business enabler

Section 5: GRC at work

Lecture 17 Developing a GRC business case, demonstrating value, and an implementation plan

Lecture 18 Smart Tracking Ltd Cyber Resilience Board Presentation

Lecture 19 Policies, Standards and Processes development in GRC

Lecture 20 Change management and stakeholder engagement

Lecture 21 Emerging technologies and their impact on GRC

Lecture 22 Business continuity and communications

Lecture 23 Development Policy

Lecture 24 Mock information security transformation strategy

Section 6: Data Privacy

Lecture 25 Overview of GDPR implemented in the EU

Lecture 26 Overview of the UK's Data Protection Act and UK GDPR

Lecture 27 Overview of USA laws and regulations

Lecture 28 Data governance and data lifecycles

Lecture 29 Ensuring data privacy and protection with continuous improvement process

Section 7: Frameworks and regulations

Lecture 30 ISO 27001

Lecture 31 NIST

Lecture 32 Other mainstream standards

Lecture 33 Regulatory bodies and obligations

Lecture 34 Developing compliance programmes and controls

Lecture 35 Responding to latest developments

Section 8: Wrapping up and questions

Lecture 36 Career pathways

Newcomers and apprentices wanting to understand what GRC is, and existing cyber professionals wanting to broaden their understanding.,Cybersecurity professionals interested in governance, risk or compliance,Information Security professionals wanting to learn about GRC,Risk managers wanting to learn about cybersecurity GRC,Any professional wanting an introduction to GRC