Project Overview

In this project, you will apply the skills you have acquired to analyze data provided about a fictional technology company and create fundamental components of the company’s GRC program.

In particular, you will identify potentially relevant compliance obligations, modify a risk management policy to meet the company’s specific needs, assess risks apparent in the company’s infrastructure leveraging common risk management frameworks, and develop governance activities to ensure security controls are operating as expected.

The following materials will be to provided in order to complete the project:

• A narrative describing the company, its business goals, and appetite for risk
• Network and data flow diagrams
• A partial cybersecurity risk management policy
• A partial risk management framework.

Final implementation of these project components will showcase your ability to interpret business strategy as a function of risk management and develop primary GRC components to enhance the business’ security posture.