National CAE Designated Institution
  • Classroom
Course Description

In this course, students appraise all standards and information technology (IT) security audit processes, evaluate security controls, and examine governance of compliance and control responsibilities. Most organizations are required to comply with IT security regulations and/or standards resulting from the establishment of the Sarbanes-Oxley Act, General Computing Controls, the Gramm-Leach-Bliley Act (GLBA), the Federal Information Security Management Act (FISMA), and the Payment Card Industry Data Security Standard (PCI DSS) Students will become familiar with these standards and regulations.

Learning Objectives

Risk is present in all our endeavors. Unaddressed risks can impact our ability to meet a business's corporate objective. Technology introduces a lot of risks into an organization, proper identification and mitigation of these risk in a short time is essential to the success of a business.

This course addresses the identification, classification and mitigation of an organization's cyber risk allowing an organization to achieve its objective.

By the end of this course, the student will be able to:

  • Develop an understanding risks and controls and the processes used to identify them including process mapping, threat modeling and gap analysis as evidenced by completion of weekly risk assessment walkthroughs
  • Conduct a risk assessment in alignment with NIST's Risk Management Framework as evidenced by completion of weekly risk assessment walkthroughs
  • Understand and critique implementations of current regulatory environments including PCI-DSS, 23 NYCRR 500, and Sarbanes Oxley as evidence by completion of weekly lab assignments
  • Understand the security impact and implementation risks of emerging compliance requirements such as California Consumer Privacy Act (CCPA) and EU General Data Protection regulation (GDPR) as evidence by completion of weekly lab assignments
  • Develop Policy and Procedure Documents that address the confidentiality, integrity and availability of an organizations digital assets as evidence by completion of weekly lab assignments
  • Reinforce security governance principles identified in other cyber courses

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Operational Planning
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Risk Management
  • Strategic Planning and Policy