Trainer gesucht
IT-Trainer Jobs und Stellenangebote: ISC2 CGRC - Certified in Governance, Risk and Compliance, (ISC2), IT Security, IT-Security Spezialist.
Anmelden / Registrieren als Trainer
Agenda
Domain 1: Information Security Risk Management Program
- Understand the foundation of an organization information security risk management program
- Understand risk management program process
- Understand regulatory and legal requirements
Domain 2: Scope of the Information System
- Define the information system
- Determine categorization of the information system
Domain 3: Selection and Approval of Security and Privacy Controls
- Identify and document baseline and inherited controls
- Select and tailor controls to the system
- Develop continuous control monitoring strategy (e.g., implementation, timeline, effectiveness)
- Review and approve security plan/Information Security Management System (ISMS)
Domain 4: Implementation of Security and Privacy Controls
- Implement selected controls
- Document control implementation
Domain 5: Assessment/Audit of Security and Privacy Controls
- Prepare for assessment/audit
- Conduct assessment/audit
- Prepare the initial assessment/audit report
- Review initial assessment/audit report and perform remediation actions
- Develop final assessment/audit report
- Develop remediation plan
Domain 6: Authorization/Approval of Information Systems
- Compile security and privacy authorization/approval documents
- Determine information system risk
- Authorize/approve information system
Domain 7: Continuous Monitoring
- Determine impact of changes to information system and environment
- Perform ongoing assessments/audits based on organizational requirements
- Review supply chain risk analysis monitoring activities (e.g., cyber threat reports, agency reports, news reports)
- Actively participate in response planning and communication of a cyber event
- Revise monitoring strategies based on changes to industry developments introduced through legal, regulatory, supplier, security and privacy updates
- Keep designated officials updated about the risk posture for continuous authorization/approval
- Decommission information system