CGRC Certification Training
| Commitment | 3 Days, 7-8 hours a day. |
| Language | English |
| User Ratings | Average User Rating 4.8 See what learners said |
| Price | REQUEST |
| Delivery Options | Instructor-Led Onsite, Online, and Classroom Live |
COURSE OVERVIEW
ISC2 Certified in Governance, Risk & Compliance (CGRC®) Certification Training Workshop
Learn how to maintain and authorize information systems within the NIST Risk Management Framework (RMF). You’ll leave this boot camp with the knowledge and domain expertise needed to pass the Certified in Governance, Risk and Compliance (CGRC) exam the first time you take it.
ENO Institute CGRC Workshop teaches you best practices, policies and procedures used to authorize and maintain information systems. You’ll learn how to use the RMF to support your organization’s operations while complying with legal and regulatory requirements.
The ISC2 Certified in Governance, Risk and Compliance (CGRC) certification is sought after by civilian, state and local governments, as well as system integrators supporting these organizations. You’ll leave with the knowledge and skills necessary to earn your ISC2 CGRC certification, which verifies your ability to set up the formal processes used to assess risk and establish security requirements.
CGRC objectives
This workshop prepares you to pass the ISC2 CGRC exam, which covers seven domain areas required for information system authorization practitioners:
- Information security risk management program
- Categorization of information systems
- Selection of security controls
- Implementation of security controls
- Assessment of security controls
- Authorization of information systems
- Continuous monitoring
WHAT'S INCLUDED?
- 3 Days of CGRC Certification Training from an Authorized (ISC)² Instructor
- CGRC Certification Training Courseware
- Certificate of Completion
- 100% Satisfaction Guarantee
- Exam Pass Guarantee
RESOURCES
- CGRC Certification Training – https://www.wiley.com/
- CGRC Certification Training – https://www.packtpub.com/
- CGRC Certification Training – https://store.logicaloperations.com/
- CGRC Certification Training – https://us.artechhouse.com/
- CGRC Certification Training – https://www.amazon.com/
RELATED COURSES
- Cloud Security Fundamentals Training
- Cloud Computing Security Training
- Computer Forensics Training
- Critical Information Infrastructure Protection Training (CIIP)
- CyberSAFE (Securing Assets for End-Users) Training
- CyberSec First Responder: Threat Detection and Response Training
- Cybersecurity Foundations Training
- Cyber Threats Detection and Mitigation Training
- Cyber Threats Hunting (CCTHP) Training
- Cybersecurity Investigations and Network Forensics Analysis
- Cyber Threat Intelligence Analysis Training
- Cybersecurity Investigations and Network Forensics Analysis
ADDITIONAL INFORMATION
COURSE OBJECTIVES
In-depth coverage required to pass the CGRC exam:
- Understanding the purpose of information systems security authorization
- Defining systems authorization
- Describing and decide when systems authorization is employed
- Defining roles and responsibilities
- Understanding the legal and regulatory requirements for A&A
- Initiating the authorization process
- Establishing authorization boundaries
- Determining security categorization
- Performing initial risk assessment
- Selecting and refining security controls
- Documenting security control
- Performing certification phase
- Assessing security control
- Documenting results
- Conducting final risk assessment
- Generating and presenting an authorization report
- Performing continuous monitoring
- Monitoring security controls
- Monitoring and assessing changes that affect the information system
- Performing security impact assessment as needed
- Documenting and monitoring results of impact assessments
- Maintaining system’s documentation (e.g. POA&M, SSP, interconnection agreements)
CUSTOMIZE IT
- We can adapt this CGRC Certification Training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this CGRC Certification Training course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the CGRC Certification Training around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policymaker), and present the CGRC Certification Training course in a manner understandable to lay audiences.
AUDIENCE/TARGET GROUP
- Information system security officers
- Senior system managers
- System administrators
- IT and information security professionals who use the RMF
- Anyone looking to learn more about the NIST-based information systems security authorization process
CLASS PREREQUISITES
- In order to obtain the CGRC certification, you must have at least two years of paid work experience in at least one of the seven domains listed in the ISC2 CGRC Common Body of Knowledge (CBK). However, you can become an Associate of ISC2 by passing the exam without the required work experience.
COURSE SYLLABUS
Introduction
Risk Management Framework
- Understanding the Risk Management Framework
- Categorization of information systems
- Selection of security controls
- Security control implementation
- Security control assessment
- Information system authorization
- Monitoring of security controls
RMF steps
- Risk Management Framework processes
- Categorize information systems
- Information system
- System security plan
- Categorize a system
- National security system
- Privacy activities
- System boundaries
- Register system
Select security controls
- Establish the security control baseline
- Common controls and security controls inheritance
- Risk assessment as part of the Risk
- Management Framework (RMF)
Implement security controls
- Implement selected security controls
- Tailoring of security controls
- Document security control implementation
Assess security controls
- Prepare for the security control assessment
- Establish a security control assessment plan (SAP)
- Determine security control effectiveness and perform testing
- Develop initial security assessment report (SAR)
- Perform initial remediation actions
- Develop the final security assessment report and addendum
Authorize information systems
- Develop a plan of action and milestones (POAM)
- Assemble the security authorization package
- Determine risk
- Determine the acceptability of risk
- Obtain a security authorization decision
Monitor security state
- Determine the security impact of changes to the system and environment
- Perform ongoing security control assessments
- Conduct ongoing remediation actions
- Update key documentation
- Perform periodic security status reporting
- Perform ongoing risk determination and acceptance
- Decommission and remove the system
