IT-Trainer Jobs und Stellenangebote: ISC2 CGRC - Certified in Governance, Risk and Compliance

Seminardauer: 5 Tage

Trainer gesucht

IT-Trainer Jobs und Stellenangebote: ISC2 CGRC - Certified in Governance, Risk and Compliance, (ISC2), Compliance, IT Security, IT-Security Spezialist.

Anmelden / Registrieren als Trainer

Agenda

Domain 1: Information Security Risk Management Program

  • Understand the foundation of an organization information security risk management program
  • Understand risk management program process
  • Understand regulatory and legal requirements

Domain 2: Scope of the Information System

  • Define the information system
  • Determine categorization of the information system

Domain 3: Selection and Approval of Security and Privacy Controls

  • Identify and document baseline and inherited controls
  • Select and tailor controls to the system
  • Develop continuous control monitoring strategy (e.g., implementation, timeline, effectiveness)
  • Review and approve security plan/Information Security Management System (ISMS)

Domain 4: Implementation of Security and Privacy Controls

  • Implement selected controls
  • Document control implementation

Domain 5: Assessment/Audit of Security and Privacy Controls

  • Prepare for assessment/audit
  • Conduct assessment/audit
  • Prepare the initial assessment/audit report
  • Review initial assessment/audit report and perform remediation actions
  • Develop final assessment/audit report
  • Develop remediation plan

Domain 6: Authorization/Approval of Information Systems

  • Compile security and privacy authorization/approval documents
  • Determine information system risk
  • Authorize/approve information system

Domain 7: Continuous Monitoring

  • Determine impact of changes to information system and environment
  • Perform ongoing assessments/audits based on organizational requirements
  • Review supply chain risk analysis monitoring activities (e.g., cyber threat reports, agency reports, news reports)
  • Actively participate in response planning and communication of a cyber event
  • Revise monitoring strategies based on changes to industry developments introduced through legal, regulatory, supplier, security and privacy updates
  • Keep designated officials updated about the risk posture for continuous authorization/approval
  • Decommission information system