Course Details
Course Description:
The Official ISC2 CGRC Certification Boot Camp (Governance, Risk and Compliance) is a comprehensive review of various risk management frameworks & industry best practices merged with award-winning comprehensive exam preparation for Governance, Risk, and Compliance exam. (The certification formerly known as CAP)
CGRC demonstrates that candidates possess the advanced technical skills and knowledge to understand Governance, Risk and Compliance (GRC) to potential employers and that they can authorize and maintain information systems utilizing various risk management frameworks, along with best practices, policies, and procedures.
The CGRC Boot Camp is built off of thousands of hours of exam-focused instruction, hundreds of hours of instructional design, and the feedback tens of thousands of efficiently and effectively skilled, certified students.
CGRC DOMAIN 1: INFORMATION SECURITY RISK MANAGEMENT PROGRAM
-Understand the Foundation of an Organization-Wide Information Security Risk Management Program
-Understand Risk Management Program Processes
-Understand Regulatory and Legal Requirements
CGRC DOMAIN 2: CATEGORIZATION OF INFORMATION SYSTEMS (IS)
-Define the Information System (IS)
-Determine Categorization of the Information System (IS)
CGRC DOMAIN 3: SELECTION OF SECURITY CONTROLS
-Identify and Document Baseline and Inherited Controls
-Select and Tailor Security Controls
-Develop Security Control Monitoring Strategy
-Review and Approve Security Plan (SP)
CGRC DOMAIN 4: IMPLEMENTATION OF SECURITY CONTROLS
-Implement Selected Security Controls
-Document Security Control Implementation
CGRC DOMAIN 5: ASSESSMENT OF SECURITY CONTROLS
-Prepare for Security Control Assessment (SCA)
-Conduct Security Control Assessment (SCA)
-Prepare Initial Security Assessment Report (SAR)
-Review Interim Security Assessment Report (SAR) and Perform Initial Remediation Actions
-Develop Final Security Assessment Report (SAR) and Optional Addendum
CGRC DOMAIN 6: AUTHORIZATION OF INFORMATION SYSTEMS (IS)
-Develop Plan of Action and Milestones (POAM)
-Assemble Security Authorization Package
-Determine Information System (IS) Risk
-Make Security Authorization Decision
CGRC DOMAIN 7: CONTINUOUS MONITORING
-Determine Security Impact of Changes to Information Systems (IS) and Environment
-Perform Ongoing Security Control Assessments (SCA)
-Conduct Ongoing Remediation Actions (e.g., resulting from incidents, vulnerability scans, audits, vendor updates)
-Update Documentation
-Perform Periodic Security Status Reporting
-Perform Ongoing Information System (IS) Risk Acceptance
-Decommission Information System (IS)
NIST/GOVERNANCE OVERVIEW
NIST SP 800-37 rev 1/800-53 rev 4/800-53A rev 4
FIPS 199/200
CNSSI 1253
NIST SP 800-30/800-39/800-60/800-64/800-115/800-137
OMB A-123/A-130
- CGRC Exam Structure
- Exam Registration Process
- Time Management
- Topics and Concepts
- CAP Certification Question Structure
- Vendor Interpretation Techniques
Please check the course description to find prerequisite information.
We offer live-instructor group training classes for your team.
Upskill your team from the comfort of your office or online.
Benefits of Group Training Include:
- Experienced Professional Instructor Trains Your Team
- Content Focused On Your Team's Needs
- Convenient Scheduling and Class Setup
- Significant Per/Student Cost Savings
- Online, On-Site and Blended Options Available
Virtual Live Instructor
Free Training Materials
Convenient Scheduling
Testimonials
This was the class I needed.
The instructor Jeff took his time and made sure we understood each topic before moving to the next. He answered all of our questions, and I don't know about the rest of the students, but was very pleased with this experience.
I finally understand how to use Excel.
-Amanda T (Yale New Haven Hospital).
Great class!
We were able to cover a lot of information in one day without getting overwhelmed.
-Maria R (Microsoft).
We offer private CGRC group training services for organizations looking to upskill their team members with a live-instructor.
Training options include:
Learn more about how CGRC Private Group Training from Business Computer Skills can help your team.
