In this course, students appraise all standards and information technology (IT) security audit processes, evaluate security controls, and examine governance of compliance and control responsibilities. Most organizations are required to comply with IT security regulations and/or standards resulting from the establishment of the Sarbanes-Oxley Act, General Computing Controls, the Gramm-Leach-Bliley Act (GLBA), the Federal Information Security Management Act (FISMA), and the Payment Card Industry Data Security Standard (PCI DSS) Students will become familiar with these standards and regulations.
Learning Objectives
Risk is present in all our endeavors. Unaddressed risks can impact our ability to meet a business's corporate objective. Technology introduces a lot of risks into an organization, proper identification and mitigation of these risk in a short time is essential to the success of a business.
This course addresses the identification, classification and mitigation of an organization's cyber risk allowing an organization to achieve its objective.
By the end of this course, the student will be able to:
- Develop an understanding risks and controls and the processes used to identify them including process mapping, threat modeling and gap analysis as evidenced by completion of weekly risk assessment walkthroughs
- Conduct a risk assessment in alignment with NIST's Risk Management Framework as evidenced by completion of weekly risk assessment walkthroughs
- Understand and critique implementations of current regulatory environments including PCI-DSS, 23 NYCRR 500, and Sarbanes Oxley as evidence by completion of weekly lab assignments
- Understand the security impact and implementation risks of emerging compliance requirements such as California Consumer Privacy Act (CCPA) and EU General Data Protection regulation (GDPR) as evidence by completion of weekly lab assignments
- Develop Policy and Procedure Documents that address the confidentiality, integrity and availability of an organizations digital assets as evidence by completion of weekly lab assignments
- Reinforce security governance principles identified in other cyber courses
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.