Certified in Governance Risk Management & Compliance (Part 1)

Accelerate your cybersecurity career with the definitive course in Compliance, Governance and Risk Management

We have trained over 750 organizations including:

One of the most detailed GRC courses in the market assuring immediate skill enhancement

A highly detailed training course with 4 modules and 14 sections within those modules

Access to an impressive wealth of practical training with 84 hands-on lab sessions

Comprehensive study material for each module to ensure enhanced learning and reinforcement

Compliance, Governance and Risk Management or GRC are the cornerstones of organisational risk management and overall improved leadership.

GRC helps align business operations and IT security with the larger organisational goals, mitigates expenditure, helps you stay on top of compliance requirements and improves decision-making. GRC is more important than ever today as the risk landscape becomes more and more complex.

This intensive Certified in Governance, Risk Management & Compliance course (CGRC Part 1) will help any IT security and cyber professional to evolve in their career with a better grasp of GRC concepts.

Benefits of the Certified in Governance, Risk Management & Compliance (CGRC Part 1) Course

  • Demonstrate your knowledge of GRC and your ability to apply its principles in your organisation.

  • Widen your avenues in the field of cybersecurity by acquiring knowledge of strategy, governance, risk, compliance, ethics, internal control, security, privacy, and audit activities. 

  • Equip yourself with the skills and knowledge required to become a well-rounded GRC professional and launch your career in one of the most lucrative fields today.

CGRC Part 1 (1)


CGRC (Part 1) Course Course Learning Objectives:

After completing this intensive course, you will have a robust understanding of the following concepts in Compliance, Governance and Risk Management:  

  • Fundamentals of Information Technology, CISC-CIA Triad
  • Ethical Hacking concepts, types of hackers, different types of testing
  • Essential Information Security Legislations and Regulations
  • Network Fundamentals and Components of Data Communication
  • Computer Network Architecture, Network Topology and Network Cables
  • Subnetting, Supernetting, Routing, VLAN, VPN, Firewalls and IP Tables
  • Windows Fundamentals, Windows NT Architecture and Windows 10 Architecture  
  • Basics of Unix and Linux; Kali and various Linux commands
  • Fundamentals of Network Security - Reconnaissance, Packet Crafting, Nmap, Metasploit
  • Framework, Netcat and Ncat
  • The fundamental concepts behind database systems
  • Key components within a database deployment
  • The integration of databases into business solutions
  • The process of thorough database assessment, including tools and methodologies
  • Techniques used by hackers to exploit database flaws and vulnerabilities
  • Practical assessment and attack vector considerations, through hands-on experience
  • Web Application Security - Secure Coding Techniques, Threat Modelling, Secure Coding Methods
  • OWASP Top 10, Risk-Based Security Testing, and Source Code Analysis

Feedback and Testimonials for our Courses

The playbooks training course was a good 'part-2' to the CIPR and went into greater depth in a number of areas. The day was fun and Amar kept us moving along at a good pace.
Kevin Hayes
CISO, Cyber Risk Associates

Enjoyed the course. Good mix of attendees and plenty of lively conversation. Amar steered us through it all admirably.

Russ Smith

Overall the course was very good. I would strongly recommend this training to anyone who is involved in Cyber Security or has control of information assets.

Kim Rose
Information Governance Officer, Wye Valley NHS Trust

It was a great workshop with a lot of interesting people and a great learning experience.

Philipp Scheiwiler
System Engineer
This was a very helpful day and opportunity to speak with a number of operational incident responders to discuss what really works in practice and not just in theory. I gained a great deal from the day, particularly around the construction of bespoke playbooks and also a variety of useful resources to inform my learning. A really good day.
Andrew Lock
Information Security Consultant

CGRC (Part 1) Course Modules 

Module 1 - Fundamentals
  • Introduction to Information Security. Introduction to CISC-CIA Triad. Types of Hackers. Essential Terms.

  • Penetration Testing versus Ethical Hacking. Different Types of Testing. 

  • Career opportunities in Information Security.

  • Legislation and Regulations.

  • Introduction to Network Fundamentals. Components of Data Communication. Network Topology and Network Cables. Computer Network Architecture. Internet and Protocol. OSI and TCP IP Models. Understanding ICMP and an ICMP Ping.

  • Introduction to Subnetting and Supernetting. Routing, Router Security and Network Address Translation.

  • Virtual Local Area Network (VLAN) and Virtual Private Network (VPN). Firewall and IP tables. Packet Capture and Wireshark.

  • Windows NT Architecture and Windows 10 Architecture. Windows Basic Commands. 

  • File Permissions. Password Hashing.

  • Unix and Linux. Kali and Linux Commands
Module 2 - Network Security
  • Reconnaissance. Packet Crafting.

  • Network Mapper Nmap.

  • Testing a firewall. Hacking Servers.

  • Netcat and Ncat. Testing Common services and protocols.

  • Hacking Passwords using Hydra, John the Ripper, Crunch and Mimikatz.

  • Metasploit Framework.

  • PowerShell. MITM ARP Poisoning, SYN Flood, Smurf Attack and Fraggle Attack.

  • Wireless Hacking Methodology.

  • Authentication Methods and Types of WLAN Attacks. WEP, WPA/WPA-2.
Module 3 - Server Security
  • Introduction to Database and Database Security.

  • Understanding SQL Statements, DDL Statements, DML Statements.

  • Introduction to Oracle. Securing Oracle Parameters.

  • User and Profiles. Roles and Privileges.

  • Big Data. MongoDB. Hadoop.

  • Windows Security. Security Policies. Event Log.

  • Linux Security. Linux Security Model. Linux Operating System Hardening. 

  • IIS Server Security. Apache Server Security.
Module 4 - Web Application Security
  • Introduction to Web Applications. HTML and JavaScript.

  • Introduction to OWASP TOP 10.

  • Injection and Error-based Injection. Authentication Bypass using SQL Injection. Blind Injection using SQLMap. Command Injection. 

  • Broken Authentication. Brute Force. Session Management. Insufficient Transport Layer Security. Broken Access Control IDOR and MFLAC.

  • Security Misconfiguration. Cross Site Scripting (XSS). Using Components with Known Vulnerabilities. Insufficient Logging and Monitoring.

  • Web Application Security OWASP10. 

  • Browser-based Vulnerabilities. Clickjacking. POODLE. Content Spoofing. Fingerprinting. 

  • Advanced Recon.

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Building and Optimising Incident Response Playbooks

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422