Governance, Risk, and Compliance for CompTIA Security+
Proper governance, compliance, and risk assessment are an important part of any organization’s overall success. This course will teach you how to implement proper controls, assess risk, and limit your company’s exposure.
What you'll learn
Regulations, privacy, compliance, and ensuring your customer’s data is secure are becoming increasingly important while at the same time becoming increasingly complex. As new regulations are introduced, a company’s responsibilities continue to increase. In this course, Governance, Risk, and Compliance for CompTIA Security+, you’ll learn to properly assess your company’s risk across all facets of the organization. First, you’ll explore the various types of controls that can be put in place to limit exposure. Next, you’ll discover several methodologies, frameworks, and best practices needed to develop policy and ensure compliance. Finally, you’ll learn how to create a business impact analysis and properly classify data, along with the technologies required to safeguard that data. When you’re finished with this course, you’ll have the skills and knowledge of risk management and compliance needed to ensure your organization is properly governing employee and customer data, complying with local, state, and federal regulations, and properly assessing risk.
Table of contents
- Module Overview 1m
- Privacy and Compliance Challenges 5m
- GDPR and Key Terminology 2m
- GDPR Key Terms and Data Processing Principles 2m
- Six Legal Grounds for Processing Personal Data 1m
- GDPR Compliance and Penalties 1m
- Compliance Frameworks 3m
- NIST and the Cyber-security Framework (CSF) 1m
- PCI-DSS 1m
- Enterprise Security Framework (ESF) 1m
- NIST SP 800-53 and ISO 27001 3m
- Cloud Security Alliance (CSA) 1m
- SSAE 18, SOC 1, 2, and 3 3m
- Benchmarks and Secure Configuration Guides 2m
- Systems Hardening 3m
- Vendor and Control Diversity 2m
- Module Review 0m
- Module Overview 1m
- Importance of Policies in Reducing Risk 0m
- Job Rotation 2m
- Mandatory Vacations 1m
- Separation of Duties 1m
- Least Privilege 1m
- Clean Desk Policies 1m
- Background Checks, NDAs, and Role-based Awareness Training 2m
- Use Cases for Monitoring 2m
- Things Typically Monitored 2m
- Balancing What's Reasonable 1m
- New Tools Are Constantly Developed 1m
- Monitoring Social Media 1m
- Employee Protections 1m
- Onboarding / Offboarding 1m
- Culture and Creating a Culture of Security 2m
- Setting the Stage 1m
- Awareness Training 1m
- Skills Training 2m
- Funding and Executive Buy-in 1m
- Continuous Improvement 1m
- Wired Brain Coffee's Approach to Training 2m
- Technology Diversity 1m
- Vendor Diversity 1m
- Service-level Agreement (SLA) 1m
- Memorandum of Understanding (MOU) and Master Services Agreement (MSA) 2m
- Business Partner Agreement (BPA) 1m
- EOL / EOS 2m
- Data Retention 1m
- User Account 1m
- Shared, Generic, Guest, and Service Accounts 2m
- Privileged Accounts 1m
- Change Management 2m
- Asset Management 2m
- Module Overview 1m
- Risk Types 3m
- Managing Risk 1m
- Risk Management Defined 1m
- Risk Management Concepts 3m
- Strategic Options 2m
- Risk Register, Risk Matrix, and Heat Map 1m
- Risk Control Self-assessment (RCSA) 3m
- Risk Awareness (Inherent, Residual, Control, and Risk Appetite) 1m
- Regulatory Examples 1m
- Gramm-Leach-Bliley Act (GLBA) 1m
- HIPAA 1m
- HITECH Act 2m
- Sarbanes-Oxley Act (SOX) 3m
- GDPR 1m
- Qualitative and Quantitative Analysis 3m
- Risk Calculation 1m
- Likelihood of Threat 1m
- Impact of Threat 1m
- Loss Calculation Terms (ALE, SLE, and ARO) 3m
- Threat Assessment (Disaster) 2m
- Additional Risk Calculation Terms (MTBF, MTTF, and MTTR) 1m
- Business Impact Analysis: Key Terminology 5m
- Mission Essential Functions 2m
- Identification of Critical Systems 2m
- Single Point of Failure (SPOF) 2m
- Order of Restoration 2m
- Phased Approach 1m
- Identifying Most Critical Systems First 2m
- Risk Assessment 1m
- Continuity of Operations 1m
- IT Contingency Planning 3m
- Module Overview 1m
- Company Obligations to Protect Security 2m
- Potential Damages from Mishandled Data 1m
- Incident Notification and Escalation 2m
- Notifying Outside Agencies 1m
- Data Classification 3m
- Privacy-enhancing Technologies, Data Masking, and Tokenization 2m
- Anonymization and Pseudo-anonymization 1m
- Data Owner 1m
- Data Controller and Processor 0m
- Data Steward / Custodian 1m
- Privacy Officer 1m
- Information Lifecycle 2m
- Privacy Impact Assessment 2m
- Terms of Agreement and Privacy Notice 2m
About the author
Chris is a professional information technologist, trainer, manager and lifelong learner. He is married with 3 beautiful children and interested in martial arts, working out, spending time with family and friends and being creative whenever possible. He has created a number of IT Certification training courses over the past 10 years and really enjoys helping people advance their careers through training and personal development.