Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Cyber Security Governance, Risk, and Compliance (GRC) Mastery
Welcome to GRC Mastery
Welcome to GRC Mastery! (0:25)
Best way to study this course (1:23)
Is GRC boring? (1:56)
Do you need technical knowledge to work in GRC? (1:48)
Module 1 : Introduction to GRC
What is GRC? (2:19)
Cyber Security GRC Examples (1:51)
How does GRC fit within cyber security consulting? (1:15)
Introducing Oscorp
Knowledge Check
Lesson Summary
Module 2 : Cyber Security Risk Management
The real purpose of Cyber security risk management (3:17)
Identify cyber security threats (2:04)
Conduct cyber security risk assessments (2:32)
Risk Registers (2:20)
Cyber Security Frameworks (0:43)
The CIA triad in the real world (1:51)
The OWASP Secure Design Principles (8:14)
The NIST Cyber Security Framework (1:52)
Privacy Impact Assessments (PIA) (1:44)
What most organisations get wrong about Cyber Security Risk (2:02)
Knowledge Check
Practical Assessment: CIA Triad
Practical Assessment Solution: CIA Triad
Module 3 : Cyber Security Audit
What is auditing? (2:44)
The three lines of defence model (3LOD) (3:39)
Cyber Security Audit in the real world (3:20)
Problems with the current Cyber Security Audit in the real world (2:41)
Knowledge Check
Practical Assessment: Audit Program
Practical Assessment Answer: Audit Program
Module 4 : Asset Management
What is Asset Management? (0:48)
Types of Assets
Asset Identification (2:24)
Asset Classification (3:18)
CMDB (1:50)
Why organisations fail at Asset Management (3:54)
Practical approach to asset management (3:06)
Knowledge Check
Practical Assessment: Asset Management
Practical Assessment Solution: Asset Management
Module 5 : Identity and Access Management (IAM)
The role of IAM in Cyber Security (4:30)
Authentication (2:09)
Multi-Factor Authentication (MFA) (6:08)
Managing passwords in the real world (4:14)
Authorisation (4:20)
Active Directory (4:34)
Privilege Access Management (PAM) (4:35)
Knowledge Check
Practical Assessment: IAM
Practical Assessment Solution: IAM
Module 6 : Security Education and Awareness
The human element (1:52)
Phishing (2:06)
Social Engineering (3:40)
Education and awareness programs (4:36)
Measuring the effectiveness of Education and Awareness Programs (4:53)
Problems with Education and Awareness in the real world (2:51)
Knowledge Check
Practical Assessment: Education and Awareness
Practical Assessment Solution: Education and Awareness
Module 7 : Data Security and Data Loss Protection (DLP)
Two real ways we can protect data (3:21)
Data Classification (4:55)
Data Labelling (2:42)
Encryption in the real world (5:52)
Data Loss Protection mechanisms (4:43)
Practical limitations of DLPs (4:43)
Knowledge Check
Practical Assessment: DLP
Practical Assessment Solution: DLP
Module 8 : Cyber Security detection and incident response
Detection and Monitoring (2:56)
Security information and event management (SIEM) (6:04)
Managed Security Service Provider (MSSP) (6:36)
Cyber Security Incident Response (3:37)
The MITRE ATT&CK framework (2:26)
Cyber Drills and Crisis Simulation (4:15)
The role of external service providers in incident response (1:52)
Knowledge Check
Practical Assessment: Incident Response
Practical Assessment Solution: Incident Response
Module 9 : Third-party risk management (TPRM)
What is this Third-party risk management (TPRM)? (4:13)
The supplier discovery process (2:05)
Supplier Classification (1:52)
The supplier assessment process (2:01)
The supplier assessment questionnaire (5:10)
Issues with TPRM in the real world (5:21)
Knowledge Check
Practical Assessment: TPRM
Practical Assessment Solution: TPRM
Module 10 : Penetration Testing and Vulnerability Management
What is Penetration Testing? (4:12)
Types of Penetration tests (3:42)
What organisations get wrong about Penetration Testing (4:52)
What is vulnerability management? (3:42)
Common problems in vulnerability management (8:48)
Knowledge Check
Practical Assessment: Vulnerability Management
Practical Assessment Solution: Vulnerability Management
Capstone Project: Cyber Security Program using the NIST Framework
Designing a comprehensive Cyber Security Program (4:37)
Problem Description
Full solution of the Capstone Project
Identify (7:04)
Protect (11:41)
Detect (1:50)
Respond (0:29)
Recover (0:28)
Final solution document walk-through (7:46)
Common Mistakes with NIST Assessments (6:44)
Bonus : Getting hired as a GRC Professional
Applying to GRC jobs (4:27)
GRC Cover letters, CV, Resumes (1:40)
Add GRC Mastery to your LinkedIn Profile (0:32)
Stay in touch
Further learning
Active Directory
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock