Course Outline

This course will focus on Governance, Risk, and Compliance as it relates to cybersecurity. The course begins with an overview of GRC and security GRC as practices. It then turns to define the key responsibilities for each GRC function--Governance, Risk, and Compliance--and the course completes with a review of Audit Management.

In the Governance lesson, we discuss the basics of Governance, how Governance professionals are required to think strategically, their role in championing security throughout the organization, and the main role of Governance professionals: measuring security control effectiveness and working with stakeholders to correct any issues.

The Risk management lesson highlights the experience Risk Management professionals must apply to security risks in the organization, discusses how risk management traditionally operates, and what that means for today’s organization.

The Compliance lesson explains what security compliance means to today’s organization, discusses where compliance obligations originate, how Compliance professionals evaluate obligations, and finally, how controls are assessed against the organization’s obligations.

The final lesson focuses on a critical GRC task--Audit Management. In Audit Management, we will discuss how audits originate and what GRC professionals must accomplish to ensure audits go smoothly.