CGRC logo

Governance, Risk, and Compliance Certification (CGRC)

Enhance your cybersecurity skills with the Governance, Risk, and Compliance (CGRC) course, addressing laws and minimizing organizational risks.

Category:

In-depth coverage of the seven domains required to pass the CGRS exam:

  1. Develop a compliance risk mitigation strategy.
  2. Contribute to a risk management framework.
  3. Create policies with controls.
  4. Enhance risk maturity.
  5. Promote enterprise security.
  6. Prioritize business processes in continuity planning.
  7. Select eGRC tools based on needs and capabilities.
  • Candidates must have a minimum of two years cumulative work experience in one or more of the seven domains of the CGRC CBK.
  • A candidate who doesn’t have the required experience to become a CGRC may become an Associate of ISC2 by successfully passing the CGRC examination. The Associate of ISC2 will then have three years to earn the two years of required, relevant experience.

The CGRC is ideal for IT, information security, and information assurance practitioners who work in Governance, Risk, and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization, including positions like:

  • Cybersecurity Auditor
  • Cybersecurity Compliance Officer
  • GRC Architect
  • GRC Manager
  • Cybersecurity Risk & Compliance Project Manager
  • Cybersecurity Risk & Controls Analyst
  • Cybersecurity Third Party Risk Manager
  • Enterprise Risk Manager
  • GRC Analyst
  • GRC Director
  • Information Assurance Manager

 

1.1 – Demonstrate knowledge in security and privacy governance, risk management, and compliance program
1.2 – Demonstrate knowledge in security and privacy governance, risk management and compliance program processes
1.3 – Demonstrate knowledge of compliance frameworks, regulations, privacy, and security requirements
2.1 – Describe the system
2.2 – Determine security compliance required
3.1 – Identify and document baseline and inherited controls
3.2 – Select and tailor controls
4.1 – Develop implementation strategy (e.g., resourcing, funding, timeline, effectiveness)
4.2 – Implement selected controls
5.1 – Prepare for assessment/audit
5.2 – Conduct assessment/audit
5.3 – Prepare the initial assessment/audit report
5.4 – Review initial assessment/audit report and plan risk response actions
5.5 – Develop final assessment/audit report
5.6 – Develop risk response plan
6.1 – Review and submit security/privacy documents
6.2 – Determine system risk posture
6.3 – Document system compliance
7.1 – Perform system change management
7.2 – Perform ongoing compliance activities based on requirements
7.3 – Engage in audits activities based on compliance requirements
7.4 – Decommission system when applicable
Length of exam 3 hours
Number of questions 125
Question format Multiple choice
Passing grade 700 out of 1000 points
Exam availability English
Testing center Pearson VUE Testing Center

Description

In today’s dynamic landscape of cybersecurity laws and regulations, organizations face a critical skills gap that can lead to increased liability. The Cybersecurity Specialization: Governance, Risk, and Compliance (CGRC) course equips individuals with the knowledge needed to navigate these complexities. It covers the creation of governance systems, risk management strategies, policy enforcement, and compliance measures. Through a challenge-based approach, participants gain practical skills that mirror real-world scenarios, enabling them to enhance their organization’s cybersecurity posture and minimize legal risks.

Related Courses