Certified in Governance Risk Management & Compliance (CGRC) Part 2
A comprehensive training course covering all the globally accepted Governance, Risk and Compliance frameworks, helping you emerge as a well-rounded GRC professional
Governance, Risk Management, and Compliance (GRC) are the three main pillars for reliably achieving organisational objectives, addressing uncertainty and acting with integrity. This course helps delegates understand how these pillars can be applied to drive higher levels of business performance and improve short, medium and long-term business sustainability.
Benefits of choosing this course
Benefits of choosing the CGRC (Part 2) course
Highly comprehensive training course covering all aspects of Governance, Risk Management and Compliance.
Offers a detailed perspective into cybersecurity compliance requirements like ISO 27001, PCI DSS, HIPAA.
The perfect stepping stone into the high-paying career of a GRC professional.
Highlights of the CGRC (Part 2) course
7 comprehensive modules with several sub-sections covering key regulatory standards like ISMS, GDPR, HIPAA, PCI DSS, IT Act and SOX Act.
Self-assessment options after each module to reinforce learning.
Downloadable study material that you can use to reference and revise all the intensive learning.
- Key Learning Objectives
- Downloads
- About
-
Key Learning Objectives
-
After completing the CGRC Part 2 course, you will be able to:
- Articulate the basics of Risk Assessment, Risk Management and associated Methodologies and guidelines.
- Offer a detailed explanation of the need and requirements of ISMS, PCI-DSS and ISO 27001:2013.
- Properly understand what is Business Continuity Planning and Disaster Recovery Planning .
- Explain what HIPAA is, its applicability, rules and requirements.
- Understand and explain the basics of ITIL and its implementation.
- Articulate the importance of GDPR, its objectives, definitions, principles, the rights of data subjects and what are the violations and penalties involved.
- Comprehend the fundamentals of Web Application architecture, OWASP, ESAPI security, Threat Modelling and Source Code Analysis in detail.
- Enhance your knowledge of the Cyber Crime and Information Technology Act, Offences covered under it with relevant case studies.
- Understand and explain the importance and application of the Sarbanes Oxley Act, its extent and relevance.
-
Direct Downloads
Directly download the full Learning Objectives of the course here
Templates. Worksheets & Mind-maps
When you enrol in this course you will have access to several worksheets & templates that you can use immediately. Take a look at the course curriculum, below, to see whats included in this course.
The image immediately below is a gallery view of some of the templates and collateral available to students.
Continuing Professional Development
CPD points can be claimed for this course at the rate of 1 point per hour of training for this NCSC-certified and CIISec-approved course (8 points for one-day public course and 15 points for the two-day internal workshop - for when organisations host this course internally).
CIPR Student-Only Incident Response Plan Template
As a student you get access to unique content including our highly acclaimed Cyber Incident Response Plan Template. If you want, you can download the FREE version of the Incident Response Plan template here.
-
About
Example Curriculum
- M.1.1.1 Agenda (0:49)
- M.1.1.2 Introduction to Risk & Definitions (6:24)
- M.1.1.3 IT Risk & IT Risk Categories (2:18)
- M.1.1.4 Risk Management & Risk Management Considerations (5:40)
- M.1.1.5 Risk Management Principles (3:22)
- M.1.1.6 RM Framework, RM Process, RM Approach (11:15)
- M.1.1.7 Risk Assessment & Risk Identification (10:49)
- M.1.1.8 Risk Analysis & Risk Evaluation (6:02)
- M.1.1.9 Risk Treatment (4:58)
- M.1.1.10 Monitoring & Review (1:36)
- M.1.1.11 Residual Risk (1:36)
- M.1.1.12 NIST Cybersecurity Framework (10:12)
- M.1.1.13 Cost Benefit Analysis (1:18)
- M.1.1.14 Governance (2:47)
- M.1.1.15 CISO & CISO's Responsibilities (1:28)
- M.1.1.16 Policies, Procedures & Information Security Strategy (10:08)
- M.1.1.17 Security Awareness (10:42)
- M.1.1 Risk Management & Governance (PDF)
- M.2.1.1 Agenda (1:33)
- M.2.1.2 Introduction to ISMS (1:55)
- M.2.1.3 Need for an ISMS and its Benefits (2:32)
- M.2.1.4 ISO 27001 (6:57)
- M2_Section1_5_Understanding Controls (3:45)
- M.2.1.6. Introduction to ISO 27001:2013 standard (2:38)
- M.2.1.7 Understanding the Structure of the Standard (3:13)
- M.2.1.8 ISO 27001:2013 Domains (2:31)
- M.2.1.9 Overview of Controls (9:00)
- M.2.1.10 Control Objective-5 (9:22)
- M.2.1.11 Control Objective-6 (12:50)
- M.2.1.12 Control Objective-7 (8:46)
- M.2.1.13 Control Objective-8 (18:47)
- M.2.1.14 Control Objective-9 (18:55)
- M.2.1.15 Control Objective-10 (5:45)
- M.2.1.16 Control Objective-11 (15:11)
- M.2.1.17 Control Objective-12 (18:46)
- M.2.1.18 Control Objective-13 (8:53)
- M.2.1.19 Control Objective-14 (18:01)
- M.2.1.20 Control Objective-15 (9:03)
- M.2.1.21 Control Objective-16 (8:35)
- M.2.1.22 Control Objective-17 (5:37)
- M.2.1.23 Control Objective-18 (10:17)
- M.2.1.24 Overview of ISMS implementation (6:02)
- M.2.1.25 Risk Assessment & Treatment (4:35)
- M.2.1.26 ISMS Documentation Review (4:13)
- M.2.1.27 ISMS Training (5:06)
- M.2.1.28 ISMS Documentation (4:22)
- M.2.1.29 Definitions (1:12)
- M.2.1.30 Audit, Certification, IAF, LI, LA (7:47)
- M.2.1.31 Audit Programme (4:03)
- M.2.1.32 Audit Activities (3:03)
- M.2.1.33 Audit Plan & Audit Checklist (2:13)
- M.2.1.34 Audit Findings & Audit Report (1:03)
- M.2.1.35 Opportunity For Improvement (OFI) & Non-Conformity (NC) (0:43)
- M.2.1 ISMS (PDF)
- M.3.1.1. Agenda (2:03)
- M.3.1.2. Introduction to GDPR (3:29)
- M.3.1.3. Subject Matter, Objectives, Scope (5:04)
- M.3.1.4. Definitions (Part I) (4:58)
- M.3.1.5. Definitions (Part II) (4:51)
- M.3.1.6 GDPR Structure & Applicability (1:16)
- M.3.1.7 GDPR Principles-1 (8:03)
- M.3.1.8 GDPR Principles - 2 (3:40)
- M.3.1.9 GDPR Principles-3 (9:03)
- M.3.1.10 Data Subject Rights - 1 (7:11)
- M.3.1.11 Data Subject Rights - 2 (3:24)
- M.3.1.12 Data Subject Rights-3 (3:32)
- M.3.1.13 Data Subject Rights-4 (4:44)
- M.3.1.14 Responsibility of Controller & Data Protection by Design & Default (3:59)
- M.3.1.15 Data Protection Impact Assessment (DPIA) (6:43)
- M.3.1.16 Data Protection Officer (DPO) (4:20)
- M.3.1.17 Codes of Conduct (2:26)
- M.3.1.18 Certification (3:06)
- M.3.1.19 Transfer of Personal Data to Third Country (5:23)
- M.3.1.20 General Principles for Transfers (7:56)
- M.3.1.21 Personal Data Beach, Liabilities & Penalties (2:43)
- M.3.1.22 Steps to comply with GDPR, Documents Required for GDPR & GDPR compliance (5:54)
- M.3.1 GDPR (PDF)
- M.3.2.1 Agenda (0:46)
- M.3.2.2 Introduction to HIPAA (2:17)
- M.3.2.3 Who is Covered by Privacy Rule? (9:33)
- M.3.2.4 Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) (5:12)
- M.3.2.5 Difference Between Protected Health Information and Consumer Health Information (1:24)
- M.3.2.6 Health Information Exchange (HIE) & eHealth exchange (4:38)
- M.3.2.7 Administrative Safeguards (2:20)
- M.3.2.8 Physical Safeguards (1:48)
- M.3.2.9 Technical Safeguards (2:05)
- M.3.2.10 HIPAA Violations (2:45)
- M.3.2.11 HIPAA Dos and Don'ts (2:16)
- M.3.2.12 Breach and Data Breaches (7:05)
- M.3.2.13 Documentation and HIPAA Requirements (2:39)
- M.3.2 HIPAA (PDF)
- M.4.1.1 Agenda (2:28)
- M.4.1.2 Introduction to PCI DSS (2:50)
- M.4.1.3 Common terms related to PCI DSS (1:12)
- M.4.1.4 Entities Involved in Payment Card Transactions (2:10)
- M.4.1.5 Some more details about Payment Card (23:14)
- M.4.1.6 Consequences of Compromised Payment Card Data (1:02)
- M.4.1.7 Need and Application of PCI DSS (2:59)
- M.4.1.8 Steps for Adhering to PCI DSS (0:51)
- M.4.1.9 Scoping & Network Segmentation (7:09)
- M.4.1.10 Compliance Requirements for PCI DSS (18:52)
- M.4.1.11 Levels of PCI Compliance (2:02)
- M.4.1.12 Do’s and Don’ts for Payment Card Security (6:02)
- M.4.1.13 SAQ and QSA (5:09)
- M.4.1.14 PA-DSS and its Requirements (16:46)
- M.4.1.15 Pin Transaction Security (PTS) (1:36)
- M.4.1.16 Payment Card Data Breaches and Myths (4:53)
- M.4.1.17 ROC, AOC & COC (20:48)
- M.4.1.18 PA QSA, QPA & ASV (3:38)
- M.4.1.19 Payment Card Attacks (5:23)
- M.4.1 PCI DSS (PDF)
- M.5.1.1 Agenda (2:00)
- M.5.1.2 Introduction to BCM (5:43)
- M.5.1.3 Business Continuity Planning (3:49)
- M.5.1.4 Issues in BCM (1:52)
- M.5.1.5 Risk Control Options (3:50)
- M.5.1.6 Disaster Recovery Plan (5:20)
- M.5.1.7 Maintenance of BCM Plan (3:32)
- M.5.1.8 Business Impact Analysis (5:59)
- M.5.1.9 Backup Sites (8:24)
- M.5.1.10 Backup Considerations and Backup Types (9:25)
- M.5.1.11 ISO 22301 and ISO 22301 Requirements (11:36)
- M.5.1.12 Mandatory Documents of ISO 22301 and Benefits (2:34)
- M.5.1 BCM (PDF)
- M.6.1.1 Agenda (1:15)
- M.6.1.2 Introduction to ITIL (2:32)
- M.6.1.3 ITIL History, Versions and Objectives (4:46)
- M.6.1.4 Definitions-1 (8:49)
- M.6.1.5 Definitions-2 (6:00)
- M.6.1.6 Definitions-3 (2:15)
- M.6.1.7 Service & Process (5:46)
- M.6.1.8 Service Design - Service Level Management (4:06)
- M.6.1.9 Service Design - Availability & Capacity Management (4:01)
- M.6.1.10 Service Design - Information Security & IT Service Continuity Management (3:47)
- M.6.1.11 Service Design - Supplier Management (2:18)
- M.6.1.12 Service Transition - Change Management (10:06)
- M.6.1.13 Service Operation - Incident & Event Management (3:47)
- M.6.1.14 Service Operation - Demand & Patch Management (3:55)
- M.6.1.15 Service Operation - Problem Management (2:50)
- M.6.1.16 Service Operation - Request & Access Management (2:33)
- M.6.1.17 Functions - Service Desk (6:11)
- M.6.1.18 Functions - Technical Management (3:10)
- M.6.1.19 Functions - Application Management (1:32)
- M.6.1.20 Functions - IT Operation Management (6:04)
- M.6.1 ITIL (PDF)
Sign up and Start Today
Pay-in-full in your local currency (where available)
We take all major forms of payment and we use secure checkout.
Featured Courses
Our most popular courses and offers.
Do you have immediate requirements in cybersecurity, governance, risk and compliance that need to be fulfilled in a short span of time? Check out our Virtual Cybersecurity Consultant service - a remote-only, full-service cyber consultancy service that offers 300+ services in over 15 cybersecurity domains.