Foundations of Governance, Risk, and Compliance

Effective implementation of governance, risk, and compliance (GRC) programs requires specific cybersecurity talent and leadership. GRC professionals must utilize frameworks and best practices to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management, and more. In this course, you will: - Relate GRC principles, responsibilities, and activities to frameworks, regulations, and requirements. - Identify the purpose, activities, and components of the scoping process. - Connect requirements, policies, management practices, and system capabilities that influence controls decisions. - Identify key steps and best practices for implementing security and privacy controls. - Summarize elements and processes involved in the assessment and audit of controls. - Consider the purpose and types of documentation and activities necessary to establish system compliance. - Identify activities and roles necessary to ensure effective monitoring and maintenance of system compliance. Who should take this course? IT, information security, and information assurance practitioners who have a need to understand or implement a comprehensive GRC program, including those in or pursuing the following positions: - Cybersecurity Auditor - Cybersecurity Compliance Officer - GGRC Architect - GRC Manager - Cybersecurity Risk & Compliance Project Manager - Cybersecurity Risk & Controls Analyst - Cybersecurity Third Party Risk Manager - Enterprise Risk Manager - GRC Analyst - GRC Director - Information Assurance Manager