Overview
Managing cybersecurity is about managing risk, specifically the risk to information assets of valued by an organization. This course examines the role of Governance, Risk Management, and Compliance (GRC) as part of the Cybersecurity management process, including key functions of planning, policies, and the administration of technologies to support the protection of critical information assets.
In this course, a learner will be able to:
● Identify the importance and functions of Governance, Risk Management, and Compliance in Cybersecurity program management.
● Describe best practices in risk management including the domains of risk assessment and risk treatment.
● Describe the structure and content of Cybersecurity-related strategy, plans, and planning
● Identify the key components and methodologies of Cybersecurity policies and policy development
● Discuss the role of performance measures as a method to assess and improve GRC programs
Syllabus
- Welcome to The GRC Approach to Managing Cybersecurity (Course 2)
- This is an overview of the learning objectives for the course.
- Introduction to the Management of Cybersecurity (Module 2.1)
- Cybersecurity Governance and Planning (Module 2.2)
- Introduction to the module on Cybersecurity Governance and Planning
- Cybersecurity Risk Management (Module 2.3)
- Learning Objectives for the module cybersecurity risk management
- Cybersecurity Policy (Module 2.4)
- Learning objectives for module cybersecurity policy.
- Measuring Success in the Cybersecurity Program (Module 2.5)
- Learning objectives for Enterprise Cybersecurity Policy
- Law and Regulation in Cybersecurity (Module 2.6)
- Learning objectives for Law and Regulation in Cybersecurity
- Wrap-Up to the course 'The GRC Approach to Managing Cybersecurity'
Taught by
Herbert J. Mattord, Ph.D., CISM, CISSP, CDP and Michael Whitman, Ph.D., CISM, CISSP