Cyber Generalist to Governance, Risk, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

Corporate culture relates to the enterprise-wide attitudes towards security and risk. In this course, you'll learn about governance and corporate culture. First, you'll explore corporate security culture and associated concerns, before moving on to look at the concept of fear, uncertainty, and doubt and why it should be avoided. Next, you'll examine why enterprise-wide support is required, the differences between top-down and bottom-up, and various security roles. You'll learn about the importance of having an acceptable use policy, consequences of not having an appropriate policy in place, and having consequences for individuals who violate this policy. Finally, you'll examine methods of improving corporate culture and governance, like training, rewards and consequences, and hiring practices, and also learn about the importance of ongoing assessments.

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

Corporate culture relates to the enterprise-wide attitudes towards security and risk. In this course, you'll learn about governance and corporate culture. First, you'll explore corporate security culture and associated concerns, before moving on to look at the concept of fear, uncertainty, and doubt and why it should be avoided. Next, you'll examine why enterprise-wide support is required, the differences between top-down and bottom-up, and various security roles. You'll learn about the importance of having an acceptable use policy, consequences of not having an appropriate policy in place, and having consequences for individuals who violate this policy. Finally, you'll examine methods of improving corporate culture and governance, like training, rewards and consequences, and hiring practices, and also learn about the importance of ongoing assessments.

In this 12-video course, learners will discover the importance of integrating regulations with organizational security policies. Explore security standards such as General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability (HIPAA); and Federal Information Security Management Act (FISMA), as well as the International Organization for Standardization (ISO), and National Institute of Standard and Technology (NIST). To begin, determine how to establish the importance of building regulatory compliance into a company's IT security program. You will then examine Personally Identifiable Information (PII), and Protected Health Information (PHI). This leads into the subject of Payment Card Industry Data Security Standard (PCI DSS), and what it entails. You will learn how HIPAA protects medical information; how GDPR protects European Union citizen data, and how the Gramm-Leach-Bliley Act (GLBA), applies to financial institutions. You will also identify how FISMA strives to protect sensitive US Government information, and recognize both NIST and ISO security standards. To conclude the course, you will discover how the Sarbanes-Oxley Act (SOX), requires organizational financial transparency.

In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.

Learners can explore the creation, adoption, and use of an IRP (Incident Response Plan) in this 14-video course, which examines the purpose and objectives of an IPR, and how it incorporates the objectives of an organization. You will learn how to draft an IRP, and examine the six stages of incident response: preparation, identification, containment, eradication, recovery, and lessons learned. Next, you will examine several tools that are available for incident response strategies, including Sleuth Kit, Metasploit, Websense, and FireEye Security Orchestrator. You will explore the different types of CSIRTs (Computer Security Incident Response Teams), team roles, their purpose, and the benefits of an outsourced team. This course demonstrates an incident team response with two hypothetical scenarios. You will learn about compliance and regulatory requirements, and will examine the international standard, ISO 27001. You will examine governance policy to direct and control IT security. Finally, you will learn to use governance polices to create incident response policies, and you will learn the elements and best practices for creating a plan.

The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks. You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability. Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix. Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.

Every organization needs to understand risk and be familiar with how to mitigate it. Cloud services have different stakeholders and projects, and for this reason having a good understanding of risk is important. In this course, you'll learn about different types of risk and how to properly manage them. In addition, you'll explore risk auditing, business continuity, and disaster recovery.

Business continuity measures ensure that business operations continue during disruptions. In this course, you'll learn how to identify common disaster recovery terms and techniques and plan how to respond to business disruptions. Next, you'll learn to identify how to use physical and logical redundancy, clustering and load balancing to increase system and application availability. Lastly, you'll explore cloud-based load balancing and backups including learning how to configure and deploy a Microsoft Azure Load Balancer as well as back up data using Microsoft Azure. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.