ISC2

Certified In Governance, Risk And Compliance

CY-CGRC

Type

Virtual

Classroom ILT

Skill Level

Intermediate

Available dates

May 13, 2024

August 5, 2024

Learning Path

Cybersecurity

Virtual

Duration

5 days

1 Day

TYPE

Virtual

Classroom ILT

LEARNING PATH

Cybersecurity

SKILL LEVEL

Intermediate

DURATION

5 days

AVAILABLE DATES

May 13, 2024

August 5, 2024

Choose date

From: R25 000,00

Price excluding VAT

Introduction

The Certified in Governance, Risk and Compliance (CGRC) provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST Risk Management Framework. This training course will help students review and refresh their knowledge and identify areas they need to study for the CGRC exam. Content aligns with and comprehensively covers the seven domains of the ISC2 CGRC Common Body of Knowledge (CBK).

Official courseware is developed by ISC2 – creator of the CGRC CBK – to ensure your training is relevant and up to date. Our instructors are verified security experts who hold the CGRC and have completed intensive training to teach ISC2 content

Audience profile

This course is for individuals planning to pursue the CGRC certification. The CGRC is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in federal government, military, civilian roles, local governments and private sector organisations. Roles include:

ISSOs, ISSMs and other InfoSec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues
Executives who must “sign off” on Authority to Operate (ATO)
Inspector generals (IGs) and auditors who perform independent reviews
Program managers who develop or maintain IT systems
IT professionals are interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management

CGRC is also ideal for IT, information security and cybersecurity professionals responsible for governance, risk and compliance within an organisation. Roles include:

Authorizing Official
Cyber GRC Manager
Cybersecurity Auditor/Assessor
Cybersecurity Compliance Officer
Cybersecurity Architect
GRC Architect
GRC Information Technology Manager
GRC Manager
Cybersecurity Risk & Compliance Project Manager
Cybersecurity Risk & Controls Analyst
Cybersecurity Third Party Risk Manager
Enterprise Risk Manager
GRC Analyst
GRC Director
GRC Security Analyst
System Security Manager
System Security Officer
Information Assurance Manager
Cybersecurity Consultant

Pre-requisites

Candidates must have at least two years of cumulative, paid work experience in one or more of the seven domains of the ISC2 CGRC Common Body of Knowledge (CBK)
Earning a four-year college degree or regional equivalent or an additional credential from the ISC2 approved list will satisfy one year of the required experience
Education credit will only satisfy one year of experience
Part-time work and internships may also count towards your experience
Full-Time Experience: Your work experience is accrued monthly

Thus, you must have worked a minimum of 35 hours/week for four weeks to accrue one month of work experience:

Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week
1040 hours of part-time = 6 months of full-time experience
2080 hours of part-time = 12 months of full-time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organisation letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery

Course objectives

On completion of this program, the participants will be able to:

Identify and describe the steps and tasks within the NIST Risk Management Framework (RMF)
Apply common elements of other risk management frameworks using the RMF as a guide
Describe the roles associated with the RMF and how they are assigned to tasks within the RMF
Execute tasks within the RMF process based on assignment to one or more RMF roles.
Explain organisational risk management and how it is supported by the RMF

Course content

Chapter 1: Prepare (10 Modules)
Explain the purpose and value of preparation	Identify references associated with the Prepare step
Identify other risk management frameworks and their relationship to RMF tasks	Identify relevant security and privacy regulations
List the references, processes and outcomes that define: RMF Task P-1: Risk Management Roles RMF Task P-2: Risk Management Strategy RMF Task P-3: Risk Assessment – Organisation RMF Task P-14: Risk Assessment – System RMF Task P-4: Organisationally Tailored Control Baselines and Cybersecurity Framework Profiles RMF Task P-5: Common Control Identification RMF Task P-6: Impact-Level Prioritization RMF Task P-7: Continuous Monitoring Strategy – Organisation	RMF Task P-8: Mission or Business Focus RMF Task P-9: System Stakeholders RMF Task P-10: Asset Identification RMF Task P-11: Authorization Boundary RMF Task P-12: Information Types RMF Task P-13: Information Life Cycle RMF Task P-15: Requirements Definition RMF Task P-16: Enterprise Architecture RMF Task P-17: Requirements Allocation RMF Task P-18: System Registration
Complete selected Prepare Tasks for the examples system.
Chapter 2: Categorize (5 Modules)
Explain the purpose and value of categorization	Identify references associated with the Categorize step
List the references, processes, and outcomes that define Risk Management Framework (RMF) Task C-1: System Description	Describe a system’s architecture
Describe an information system’s purpose and functionality	Select data security standards to meet organisational compliance requirements
Describe and document a system’s character	List the references, processes, and outcomes that define RMF Task C-2: Security Categorization
Categorize an information system.	List the references, processes and outcomes that define RMF Task C-3: Security Categorization Review and Approval
Describe the review and approval process for security categorization	Categorize the example systems
Chapter 3: Select (7 Modules)
Explain the purpose and value of control selection and allocation	Identify references associated with the Select step
Relate the ISO 27001 Statement of Applicability to the NIST RMF	List the references, processes and outcomes that define RMF Task S-1: Control Selection
List the references, processes and outcomes that define RMF Task S-2: Control Tailoring	Select appropriate security control baselines based on organisational guidance
Tailor controls a system within a specified operational environment	List the references, processes and outcomes that define RMF Task S-3: Control Allocation
List the references, processes and outcomes that define RMF Task S-4: Documentation of Planned Control Implementations	Allocate security and privacy controls to the system and to the environment of operation
Document the controls for the system and environment of operation in security and privacy plans	List the references, processes and outcomes that define RMF Task S-5: Continuous Monitoring Strategy – System
Develop and implement a system-level strategy for monitoring control effectiveness that is consistent with and supplements the organisational continuous monitoring strategy	List the references, processes and outcomes that define RMF Task S-6: Plan Review and Approval
Review and approve the security and privacy plans for the system and the environment of operation	Allocate security controls for the example system
Tailor security controls, for the example system	Draft a continuous monitoring plan for the example system
Chapter 4: Implement (5 Modules)
Explain the purpose and value of implementation	Identify references associated with the Implement step
Identify appropriate implementation guidance for control frameworks	List the references, processes and outcomes that define RMF Task I-1: Control Implementation
Integrate privacy requirements with system implementation	List the references, processes and outcomes that define RMF Task I-2: Update Control Implementation Information
Update a continuous monitoring strategy	Update a control implementation plan
Chapter 5: Access (6 Modules)
Explain the purpose and value of assessment	Identify references associated with the Assess step
Understand and identify common elements of the NIST process that are included in other frameworks and processes	List the references, processes and outcomes that define RMF Task A-1: Assessor Selection
List the references, processes and outcomes that define RMF Task A-2: Assessment Plan	List the references, processes and outcomes that define RMF Task A-3: Control Assessment
List the references, processes and outcomes that define RMF Task A-4: Assessment Reports	List the references, processes and outcomes that define RMF Task A-5: Remediation Actions
List the references, processes and outcomes that define RMF Task A-6: Plan of Action and Milestones.	Develop an assessment plan for identified controls in the example system.
Develop a remediation plan for unsatisfied controls in the example system.
Chapter 6: Authorize (6 Modules)
Explain the purpose and value of authorization.	Identify references associated with the Authorize step.
Relate system approvals under organisational processes to the concepts applied in the NIST RMF.	List the references, processes and outcomes that define RMF Task R-1: Authorization Package.
List the references, processes and outcomes that define RMF Task R-2: Risk Analysis and Determination.	List the references, processes and outcomes that define RMF Task R-3: Risk Response.
List the references, processes and outcomes that define RMF Task R-4: Authorization Decision.	List the references, processes and outcomes that define RMF Task R-5: Authorization Reporting.
Develop a risk determination for the example system on the system risk level.	Authorize the system for operation.
Determine appropriate elements for the Authorization decision document for the example system.
Chapter 7: Monitor (8 Modules)
Explain the purpose and value of monitoring.	Identify references associated with the Monitor step.
List the references, processes and outcomes that define RMF Task M-1: System and Environment Changes.	(Coordinate) Integrate cybersecurity risk management with organisational change management.
List the references, processes and outcomes that define RMF Task M-2: Ongoing Assessments	Monitor risks associated with supply chain.
List the references, processes and outcomes that define RMF Task M-3: Ongoing Risk Response.	Understand elements for communication surrounding a cyber-event.
List the references, processes and outcomes that define RMF Task M-4: Authorization Package Updates.	List the references, processes and outcomes that define RMF Task M-5: Security and Privacy Reporting.
List the references, processes and outcomes that define RMF Task M-6: Ongoing Authorization.	List the references, processes and outcomes that define RMF Task M-7: System Disposal.
Discuss Monitor step activities in the example system.
Chapter 8: CGRC Certification Information

Benefits of Certified in Governance, Risk and Compliance

For the Individual:

Global credibility and marketability: Proves understanding of regulations and strategies for data privacy and risk management processes and procedures. Helps professionals stand out and be more competitive worldwide
Better opportunities: Can bolster career advancement and versatility, creating more choice in assignments for many
Growth and learning: Expands knowledge and keeps professionals up to date on industry standards, frameworks, regulations, requirements and risks
Increased compensation: Can lead to increases in salary. On average, ISC2 members report having salaries 35% higher than non-members

For the Organisation:

Secure the organisation’s critical data: Helps professionals effectively manage IT and security risks, reduce costs and meet compliance requirements, resulting in the prevention of reputational and financial losses
Increase overall cybersecurity IQ: Helps promote the consistent use of frameworks, informed decision-making and optimal performance through an integrated view of the organisation’s risk management practices
Improve information security coherence across the organisation: Promotes continuous collaboration and enhances the ability to respond to risks strategically
Instant credibility: Increases organisational integrity in the eyes of clients and other stakeholders
Satisfy requirements: Meets certification mandates for service providers and subcontractors
Stay current: Ensures professionals remain up to date on emerging and changing technologies, as well as security issues related to these technologies, through continuing professional education requirements
Ensure compliance: Helps prevent compliance violations and data breaches and ensure compliance with government and industry regulations (DoD 8570.01 approved)

Associated certifications and exam

Associate of ISC2: A candidate who doesn’t have the required experience may become an Associate of ISC2 by successfully passing the CGRC examination. The Associate of ISC2 will then have three years to earn two years of cumulative, paid work experience in one or more of the seven domains of the ISC2 CGRC Common Body of Knowledge (CBK).

Exam Details	Certified in Governance, Risk and Compliance
Exam Title	CGRC
Number of Questions/Practical Challenges	125 Questions
Test Duration	3 Hours
Test Format	Multiple choice questions
Test Delivery	Pearson VUE – Testing Centre
Availability	English, French, German, Brazilian Portuguese, Spanish-Modern, Japanese, Simplified Chinese, Korean
Passing Score	700/1000

ISC2 Overview

In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish holistic security programs that assure the protection of an organisations information assets.

ISC2 is an international non-profit membership association leading in educating and certifying cyber, information, software, and infrastructure security professionals throughout their careers. Headquartered in the United States and with offices in London, Hong Kong, and an authorized China agency in Beijing, ISC2, is recognized for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, along with a portfolio of credentials and world-class education programs in the form of vendor-neutral education products and career services.

ISC2 members represent an elite, global network of dedicated cybersecurity professionals – preeminent experts in their field – who have committed themselves to the highest ethical standards and best practices. All members are certified professionals who have passed ISC2 examinations attesting to skill and knowledge in their field. Through their ISC2 certification, they have demonstrated superior competency and devoted themselves to making the cyber world a safer place for all. With more than 120,000 certified members in more than 160 countries, the ISC2 community plays a vital role not only in the organizations they serve but in society. Without them, our critical infrastructures would go unprotected and we wouldn’t be as safe. As organizations are increasingly recognizing information security as imperative, ISC2 members are in greater demand than ever before.

Torque IT has embarked into a new and exciting growth phase that will further cement our organizations position as the leading Training, Enablement and Certification solutions provider in our market. As part of this strategy, Torque IT has achieved the status of Official Training Provider for ISC2.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Certified In Governance, Risk And Compliance

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

ISC2 Overview

contact

Vendor
Authorised

Details

Menu

newsletter

Certified In Governance, Risk And Compliance

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

ISC2 Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised