Governance, Risk and Compliance (GRC)

Paths

Governance, Risk and Compliance (GRC)

Authors: Richard Harpur, Bobby Rogers, Mike Woolard, Shaila Rana, Jo Harder

In this path, you will find important laws, compliance standards and security frameworks that are imperative to multiple roles within information security. Each course will... Read more

You will learn some of the most important security compliance standards, frameworks and laws that an analyst within information security including:

  • PCI DSS
  • GDPR
  • ISO 27001
  • HIPAA
  • NIST CSF
  • NIST RMF
  • CIS Controls
  • SOX

Pre-requisites

  • No prerequisites required

Governance, Risk and Compliance (GRC)

In this path, you will find important laws, compliance standards and security frameworks that are imperative to multiple roles within information security. Each course will describe what the purpose that the compliance standard, framework or law aims to achieve, what organizations should be compliant, and what reasons, requirements or advantages there are for your organization to adopt and integrate.

Security Compliance, Governance, and Frameworks

by Richard Harpur

Nov 12, 2021 / 1h 41m

1h 41m

Start Course
Description

There are now more Security Compliance requirements than ever before and with new requirements arriving each year it can be difficult to stay informed. In this course, Security Compliance, Governance, and Frameworks, you’ll receive a walk through of the major security compliance requirements. First, you'll discover the scope for each compliance program. Next, you’ll learn what your obligations are under each security compliance program. Finally, you'll explore the implications of non-compliance, which can be very significant in some cases. Best of all, this course simplifies the security requirements and doesn’t get caught up on technical language, allowing you to quickly get an overview of each security compliance program. When you’re finished with this course, you'll have developed a foundational knowledge of many security compliance programs and be confident talking to your peers or clients about these programs.

Table of contents
  1. Course Overview
  2. The What, Who, and Why of Security Compliance
  3. Complying with the PCI standard
  4. Complying with the GDPR
  5. Complying with ISO27000 Standards Family
  6. Complying with HIPAA
  7. Complying with SOX and GLBA
  8. Understand NIST Standards
  9. Understand the CIS Standard

Information Governance: HIPAA

by Bobby Rogers

Sep 13, 2021 / 2h 1m

2h 1m

Start Course
Description

Over the past several years, the healthcare industry has suffered numerous catastrophic breaches of personal and health-related data. These breaches have resulted in the unauthorized disclosure of a wide range of sensitive information, from Personally Identifiable Information (PII) to extremely sensitive Protected Health Information (PHI), as well as health-related financial data. Security practitioners in the healthcare industry need the critical knowledge required to secure patient health data, maintain privacy, and ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related laws. In this course, Information Governance: HIPAA, you’ll learn to protect and maintain the confidentiality, integrity, and availability of sensitive personal and healthcare data, as well as comply with all appropriate healthcare security laws and regulations. First, you’ll explore how healthcare categorizes and organizes personal and patient data types, as well as the differences between protecting healthcare data security and ensuring the privacy of the individual. Next, you’ll discover the complex governance framework of laws, regulations, and policies that mandate the security controls implemented to protect healthcare data. Finally, you’ll learn how to assess the compliance and effectiveness of security and privacy controls implemented and planned within the organization to protect data and reduce risk. When you’re finished with this course, you’ll have the skills and knowledge of healthcare governance and controls needed to protect sensitive data and ensure privacy.

Table of contents
  1. Course Overview
  2. The Challenge of Healthcare Security and Privacy
  3. Health Data Management Foundations
  4. Understanding Healthcare Information Security and Privacy
  5. Healthcare Information Laws
  6. Complying with the HIPAA Security and Privacy Rules
  7. Assessing HIPAA Compliance
  8. Performing Post Assessment Actions
  9. Managing Breaches

Security Compliance: CMMC

by Bobby Rogers

Jul 28, 2021 / 1h 27m

1h 27m

Start Course
Description

Over the past several years, damaging breaches of government data in defense contractor systems have resulted in the unauthorized disclosure of a wide range of sensitive information. In this course, Cybersecurity Maturity Model Certification (CMMC): First Look, you’ll gain fundamental knowledge about the Cybersecurity Maturity Model Certification (CMMC) requirement recently levied by the U.S. Government on its defense contractors, to protect Controlled Unclassified Information (CUI). First, you’ll explore what the CMMC is, and why it was created. Next, you’ll discover the key US Government regulations involved with imposing the CMMC on Department of Defense contractors, including the Defense Federal Acquisition Regulations, as well as the NIST Special Publication 800-171 series. You’ll understand the structure of the CMMC model, to include its domains, capabilities, processes, and practices. Finally, you’ll learn about the 5 Levels of the CMMC Maturity Model. When you’re finished with this course, you’ll understand how the CMMC will apply to the various scenarios in which defense contractors may be situated.

Table of contents
  1. Course Overview
  2. Understanding the CMMC
  3. Reviewing the CMMC Legal Requirements
  4. Explaining the CMMC Certification Process
  5. Scenarios: How Does the CMMC Apply to My Industry?

Security Framework: NIST CSF

by Mike Woolard

Oct 13, 2021 / 54m

54m

Start Course
Description

All organizations, big and small, need to secure themselves, but it is a task that is easier said than done. In this course, Security Framework: NIST CSF, you’ll learn the basics of the framework and how to apply it to your business. First, you’ll explore the core controls. Next, we’ll talk through the different levels, or tiers, you can implement the controls. Finally, you’ll learn how the controls you selected to implement, to what tier you implemented them, makes up the profile of your organization. When you’re finished with this course, you’ll have the skills and knowledge of the NIST CSF needed to implement a security program at your organization.

Table of contents
  1. Course Overview
  2. NIST CSF Fundamentals
  3. Framework Core
  4. Implementation Tiers
  5. Framework Profile
  6. Framework Comparisons
  7. Next Steps to Implement
  8. Summary

Information Governance: CCPA

by Shaila Rana

Jul 22, 2021 / 59m

59m

Start Course
Description

Understanding the new California Consumer Privacy Act (CCPA) that has begun being enforced in July 2020 is essential to avoid heavy penalties and fines when it comes to the data privacy of California Citizens. In this course, Data Privacy Under the California Consumer Privacy Act, you will learn what the CCPA entails for both businesses and consumers. First, you’ll learn what data is covered and who is affected by this new law. Next, you’ll discover the required notices and steps if there is a data breach. Finally, you’ll learn what rights California citizens have over their personal data. When you’re finished with this course, you’ll have the skills and knowledge of the California Consumer Privacy Act needed to know your rights and be compliant with this groundbreaking law.

Table of contents
  1. Course Overview
  2. Establishing Responsibilities and Accountabilities
  3. Discerning Data Privacy
  4. Defining Data Rights

Information Governance: CDPA

by Mike Woolard

Oct 12, 2021 / 41m

41m

Start Course
Description

Consumers expect that their privacy rights are protected within your business. Compliance with frameworks such as the NIST CSF, and certification to frameworks like ISO27001, allow you to demonstrate your security posture to meet the obligations of the CDPA. In this course, Information Governance: CDPA, you’ll learn what is required of your organization to be compliant with the CDPA in Virginia. First, you’ll explore the requirements of the law and the rights provided to consumers of Virginia. Next, you'll dive into the law from the angle of the organization that controls the data vs. companies that process the data. Finally, you'll learn how this law compares to other privacy laws in the United States. When you’re finished with this course, you’ll have the skills and knowledge to understand how this law may or may not affect your business and what steps you need to take to comply with the law.

Table of contents
  1. Course Overview
  2. CDPA Fundamentals
  3. Consumer Rights
  4. Controller Responsibilities
  5. Processor Responsibilities
  6. Privacy Law Comparison
  7. Summary

Information Governance: COPPA

by Shaila Rana

Sep 17, 2021 / 33m

33m

Start Course
Description

Keeping children safe online is difficult. Everyone must be aware and understand how to protect children online and how to remain in compliance with law. In this course, Information Governance: COPPA, you’ll learn about the Children’s Online Privacy Protection Act. First, you’ll explore what this law entails. Next, you’ll discover who must comply with COPPA. Finally, you’ll learn how to comply with COPPA and the legal ramifications of non-compliance. When you’re finished with this course, you’ll have the skills and knowledge of COPPA needed to remain compliant with this law and protect children online.

Table of contents
  1. Course Overview
  2. Discerning the Children’s Online Privacy Protection Act
  3. Understanding Compliance and Legal Penalties

Security Governance: FISMA

by Shaila Rana

Oct 12, 2021 / 31m

31m

Start Course
Description

Cybersecurity breaches affect everyone, and the federal government is not immune from these attacks. FISMA protects government agencies and private sectors that do business with the government against security attacks. In this course, Security Governance; FISMA, you’ll learn about the Federal Information Security Management Act of 2002.. First, you’ll explore what exactly FISMA entails. Next, you’ll discover the scope, purpose, and basic concepts of FISMA. Finally, you’ll learn how to comply with FISMA and the penalties of non-compliance.. When you’re finished with this course, you’ll have the skills and knowledge of FISMA needed to understand how the federal government protects the security of federal agencies.

Table of contents
  1. Course Overview
  2. Understanding FISMA
  3. Compliance with FISMA

Information Governance: GLBA

by Jo Harder

Sep 8, 2021 / 49m

49m

Start Course
Description

Whether you work for a bank, credit union, a mortgage processor, or other financial organizations, GLBA affects some or many aspects of your job. In this course, Information Governance: GLBA, you’ll learn about the Gramm-Leach-Billey Act (GLBA) and its impact on financial institution operations. First, you’ll gain an in-depth understanding of GLBA and learn about the requirements under the Financial Service Modernization Act of 1999. Next, you’ll delve into the compliance aspects of GLBA, including understanding the blurred lines between commercial banking and insurance/securities services. Finally, you'll understand what nonpublic personal information is and privacy protection requirements. When you’re finished with this course, you’ll understand GLBA and how it impacts your financial institution.

Table of contents
  1. Course Overview
  2. What Is GLBA?
  3. GLBA Compliance

ISO/IEC 27001 Information Security: The Big Picture

by Richard Harpur

Jun 1, 2016 / 2h 19m

2h 19m

Start Course
Description

Demand is growing for organizations to demonstrate their adherence to best practice for Information Security. If you're considering the ISO/IEC 27001 certification for your organization, completing this course will give you the confidence to achieve this security milestone. In ISO/IEC 27001 Information Security: The Big Picture, you'll learn essential knowledge of what is required to get your organization certified to this international standard. First, you will learn how to download and interpret the standard documentation and formal text. Next, you'll learn the process you need to go through to attain certification. Then, you'll learn how to retain your certification once you have successfully become certified. Finally, you will learn what tools and support you should consider to help make the process as easy and rapid as possible. When you're finished with this course, you will have the skills and knowledge to get your organization certified to an international information security standard.

Table of contents
  1. Course Overview
  2. Why ISO/IEC 27001 Is so Important
  3. Understanding the Standard’s Structure
  4. Certification Life Cycle - Attaining Your Certification
  5. Certification Life Cycle - Retaining Your Certification
  6. Getting Your Toolset and Support Ready
Learning Paths

Governance, Risk and Compliance (GRC)

  • Number of Courses10 courses
  • Duration12 hours

In this path, you will find important laws, compliance standards and security frameworks that are imperative to multiple roles within information security. Each course will describe what the purpose that the compliance standard, framework or law aims to achieve, what organizations should be compliant, and what reasons, requirements or advantages there are for your organization to adopt and integrate.

Courses in this path

Governance, Risk and Compliance (GRC)

In this path, you will find important laws, compliance standards and security frameworks that are imperative to multiple roles within information security. Each course will describe what the purpose that the compliance standard, framework or law aims to achieve, what organizations should be compliant, and what reasons, requirements or advantages there are for your organization to adopt and integrate.

Join our learners and upskill
in leading technologies