CGRC -Certified in Governance Risk and Compliance – NIST RMF

سرفصل های دوره

1. CGRC Training Section 1 - Introduction and Overview and Risk Management Program

1. Overview of ISC2 and CGRC Certification

2. Introduction to Governance

3. Legal and Regulatory Requirements and its impact

4. Business Strategy and Plans and Goals

5. Security Program

6. Business Case and Feasibility Analysis

7. Management Buy In

8. Policies

9. Policy development Best Practices

10. Standards

11. Procedures & Guidelines

12. Global Regulatory Landscape

13. Gap Analysis Process

2. CGRC Training Section 2 - Risk Management

1. Establishing an Information Security Risk Management Program

2. Risk Profile

3. Risk Terminologies

4. Risk Identification

5. Risk Analysis

6. Risk Evaluation and Treatement

7. Risk Reporting, Communication & Monitoring

8.1 NIST SP 800-37r2 - Direct Link.html

8. Understanding the NIST Risk Management Framework (RMF) - SP 800-37

9.1 COSO ERM Guidance Useful Resources.html

9. Understanding COSO ERM

10. Understanding ISO 27001 & 31000 in ERM

3. CGRC Training Section 3 - Information System and categorizations as per NIST RMF

1. The CIA Concept and DAD, Understand the Security Aspects

2. Categorizing Information Systems

3.1 FIPS 199 Standard for Reference.html

3. Applying FIPS 199 Standards

4. What is the Enterprise Architecture - EA

5. Common EA and Governance Frameworks

6. IT Asset Management

7. Shadow IT Risks

8. Acceptable Use Policy, Physical Security Policy

9. Data & Assets Lifecycle

10. Data Classification Levels

11. Data Protection Policies

12. Data Protection and Privacy

13. Privacy Policy

4. CGRC Training Section 4 - Security Controls Tailoring, Application & Assessment

1. Security Vulnerabilities

2. Threat Modeling

3. NIST SP 800-30.html

4. Selecting Appropriate Security Controls

5. Control examples

6. Control Concepts - Control Objective

7. Layered Defenses

8. Implementing NIST SP 800-53.html

9. System Security Plans.html

10. Implementing Selected Security Controls.html

11. Documenting Security Control Implementation.html

12. Assessing Security Control Effectiveness.html

13. Metrics and KPIs

14. Utilizing NIST SP 800-53A.html

15. Evaluation of Controls

5. CGRC Training Section 5 - Authorizing the Information System

1. Why Authorization is Crucial.html

2. Preparing for Information System Authorization.html

3. System Authorization Roles.html

4. Understand Roles and Responsibilities - RACI Chart

5. Creating Authorization Packages.html

6. Outsourcing and Contractors

7. Supply Chain Risk Management

8. The System Authorization Life Cycle.html

9. Why System Authorization Programs Failure Reasons.html

10. System Authorization Documentation.html

11. Change Management

12. Configuration Management

13. Release Management

14. Software Testing and Accreditation and Certification

15. Application Testing Tools

6. CGRC Training Section 6 - Continues Monitoring and Assessment and Improvement

1. Auditing and Assurance

2. Plan for Improvement - Maturity Models

3. Security Assessment

4. Implementing Continuous Monitoring Programs.html

5. Utilizing NIST SP 800-137.html

6. Conducting Key Updates for the Systems.html

7. Post-Release Activities.html

8. Patch Management

9. System Hardening, Security and Backup Policies

139,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy