Hero Banner

Certified in Governance Risk Management & Compliance (Part 2)

Emerge as a well-rounded GRC professional with this intensive training covering all globally-accepted Governance, Risk & Compliance frameworks

Sign Up Now Talk To A Consultant

We have trained over 750 organizations including:

One course that covers everything from fundamentals to advanced concepts

45 learning sessions with several hours of hands-on practice with live projects and labs

More than just a technical course. Also covers critical cybersecurity consulting skills

Comprehensive study material to bolster self-learning & reinforce fundamentals

Governance, Risk Management, and Compliance (GRC) are the three main pillars for reliably achieving organisational objectives, addressing uncertainty and acting with integrity.

This extremely comprehensive course helps delegates understand how these pillars can be applied to drive higher levels of business performance and improve short, medium and long-term business sustainability. It covers all the globally-accepted GRC frameworks, allowing those who finish the course to upskill as well-rounded GRC professionals. 

Benefits of the Certified in Governance Risk Management & Compliance (Part 2) Course

  • Helps you build the ability to perform SOC responsibilities - a highly lucrative career avenue.

  • Covers all functional areas including Communications, Network Security Monitoring, Threat Intelligence, Incident Response and Forensics.

  • An in-depth course covering fundamentals as well as advanced topics like attack methodologies, SIEM and log management 

CGRC Part 2 (1)

 

CGRC Course (Part 2) Learning Objectives:

After completing the CGRC Part 2 course, you will be able to:

  • Articulate the basics of Risk Assessment, Risk Management and associated Methodologies and guidelines.
  • Offer a detailed explanation of the need and requirements of ISMS, PCI-DSS and ISO 27001:2013.
  • Properly understand what is Business Continuity Planning and Disaster Recovery Planning .
  • Explain what HIPAA is, its applicability, rules and requirements.
  • Understand and explain the basics of ITIL and its implementation.
  • Articulate the importance of GDPR, its objectives, definitions, principles, the rights of data subjects and what are the violations and penalties involved.
  • Comprehend the fundamentals of Web Application architecture, OWASP, ESAPI security, Threat Modelling and Source Code Analysis in detail.
  • Enhance your knowledge of the Cyber Crime and Information Technology Act, Offences covered under it with relevant case studies.
  • Understand and explain the importance and application of the Sarbanes Oxley Act, its extent and relevance.

Feedback and Testimonials for our Courses

Kevin Hayes
The playbooks training course was a good 'part-2' to the CIPR and went into greater depth in a number of areas. The day was fun and Amar kept us moving along at a good pace.
Kevin Hayes
CISO, Cyber Risk Associates
Russ Smith

Enjoyed the course. Good mix of attendees and plenty of lively conversation. Amar steered us through it all admirably.

Russ Smith
CISO, EOL IT
Kim Rose

Overall the course was very good. I would strongly recommend this training to anyone who is involved in Cyber Security or has control of information assets.

Kim Rose
Information Governance Officer, Wye Valley NHS Trust
Philipp Scheiwiler

It was a great workshop with a lot of interesting people and a great learning experience.

Philipp Scheiwiler
System Engineer
Andrew Lock
This was a very helpful day and opportunity to speak with a number of operational incident responders to discuss what really works in practice and not just in theory. I gained a great deal from the day, particularly around the construction of bespoke playbooks and also a variety of useful resources to inform my learning. A really good day.
Andrew Lock
Information Security Consultant

CGRC (Part 2) Course Modules 

Module 1 - Risk Management & Governance
  • Introduction to Risk & Definitions. IT Risk & IT Risk Categories. Risk Management & Risk Management Considerations. Risk Management Principles, Framework, Process and Approach. 

  • Risk Assessment & Risk Identification. Risk Analysis & Risk Evaluation. Risk Treatment. Monitoring & Review. Residual Risk. 

  • NIST Cybersecurity Framework.

  • Governance. 

  • CISO & CISO's Responsibilities.

  • Policies, Procedures & Information Security Strategy
Module 2 - Information Security Management System (ISMS)
  • Introduction to ISMS. Need for an ISMS and its Benefits.

  • Introduction to ISO 27001:2013 standard. Understanding the Structure of the Standard. ISO 27001:2013 Domains. 
    Overview of Controls and Control Objectives.

  • Overview of ISMS implementation. Risk Assessment & Treatment. ISMS Documentation Review and ISMS Training.

  • Audit, Certification, IAF, LI, LA, Audit Programmes, Activities, Plan and Checklist. Audit Findings and Audit Report. 
Module 3 - General Data Protection Regulation (GDPR)
  • Introduction to GDPR. Subject Matter, Objectives, Scope. GDPR Structure & Applicability. 

  • GDPR Principles. Data Subject Rights. 

  • Responsibility of Controller & Data Protection by Design & Default.

  • Data Protection Impact Assessment (DPIA).

  • Codes of Conduct and Certification.

  • Transfer of Personal Data to Third Country. General Principles for Transfers.

  • Personal Data Beach, Liabilities & Penalties. 

  • Steps to comply with GDPR, Documents Required for GDPR & GDPR compliance.
Module 3; Part 2 - Health Information Portability And Accountability Act (HIPAA)
  • Introduction to HIPAA. 

  • Who is Covered by Privacy Rule?

  • Protected Health Information (PHI) and Electronic Protected Health Information (ePHI). 

  • Health Information Exchange (HIE) & eHealth exchange.

  • Administrative Safeguards, Physical Safeguards, Technical Safeguards.

  • HIPAA Violations. HIPAA Dos and Don'ts. 

  • Documentation and HIPAA Requirements
Module 4 -Payment Card Security Data Security Standards (PCI DSS)
  • Introduction to PCI DSS. Need and Application of PCI DSS. Steps for Adhering to PCI DSS. 

  • Common terms related to PCI DSS. 

  • Compliance Requirements for PCI DSS.Levels of PCI Compliance. Consequences of Compromised Payment Card Data.

  • PA-DSS and its Requirements.

  • Pin Transaction Security (PTS). 

  • Payment Card Data Breaches and Myths. 
Module 5 - Business Continuity Management System (BCM)
  • Business Continuity Planning. Issues in BCM. Risk Control Options. Disaster Recovery Plan. Maintenance of BCM Plan. 

  • Business Impact Analysis. 

  • Backup Sites. Backup Considerations and Backup Types. 

  • ISO 22301 and ISO 22301 Requirements. Mandatory Documents of ISO 22301 and Benefits. 
Module 6 - Information Technology Infrastructure Library (ITIL)
  • Introduction to ITIL. ITIL History, Versions and Objectives. Service & Process.

  • Service Design - Service Level Management. Availability & Capacity Management. Information Security & IT Service Continuity Management. Supplier Management.

  • Service Transition - Change Management.

  • Service Operation - Incident & Event Management. Demand & Patch Management. Problem Management. Request & Access Management.

  • Functions - Service Desk. Technical Management. Application Management. Operation Management.
Module 7 - IT Act & SOX Act
  • Introduction to Cyber Crime & Information Technology Act - Definitions, Offenses, Case Studies. 

  • Introduction to Sarbanes Oxley Act. Titles of Sarbanes Oxley Act. Sections of SOX Act. Audit & Penalties.

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Upcoming Playbooks courses:

Elearning Instant Access  Click Here
Virtual Class TBC Click Here

What people say:
  • clear-img.png

    I found the course to be very interesting. It not the usual bookish theoretical type, of course, it was quite interactive.."

    Sanjay Khanna

    CIO, Rak Bank, Dubai

  • clear-img.png

    Amar Singh brings a wealth of personal experience and knowledge.”

    Hariprasad Chede

    President ISACA UAE

  • clear-img.png

    The course was excellent. Not the typical core text book training but giving valuable insights and experiences.”                                 

    Youssef Karroum

    Head of IT, Bank of Sharjah, UAE

  • clear-img.png

    This was the most interesting and attractive courses I have ever attended. A lot of inside knowledge was shared.

    Saptorshi Datta

    Head of Audit, Emirate Global Aluminium, UA

  • clear-img.png

    "I wish all Senior Executives attend this course. It’s the most practical course I have ever attended. It teaches you not just how to understand but also how to respond to a Cyber Attack. ."                              

    K.S.Ramakrishn

  • clear-img.png

    "The information we learnt provoked plenty of conversation both around personal experiences with the challenges that I face in the business  and also backing up what was said in the course with real-life examples"

    Aaron Townsend

  • clear-img.png

    "The training was very informative and well knowledgable and i would recommend this course to anyone who wishes to explore cyber security even further."

    Frank Manoharan

    IT Director, Christ the King Sixth Form Colleges London

  • clear-img.png

    "It’s been a great two days of learning. We drilled down, we simplified how an incident should be detected and how an incident should be handled. One of the key learnings I have taken is define normal. ."

    Sanjoy John

  • clear-img.png

    "The overall training was good, it was quite informative. I highly recommend this training session to at least the CXO level people because it is something very meaningful for them and it can be very beneficial for organisations."

    Anuj Jain

  • clear-img.png

    "Amar is a good mentor because he did more than just teaching. The checklist and mind maps are a really good part of the course. ."

    Vimal Rama

    IT Manager, HLB HAMT, Dubai UAE

  • clear-img.png

    "Amar is an excellent tutor and mentor also. The key aspects of the training is interactive sessions. Everyone has shared their experiences. I gained much knowledge which will be useful for my day to day activities."

    BGK Vikram

  • clear-img.png

    "I really learnt a lot from this course as it was the first cyber security course I have been on. What I liked the most was the mind-mapping."

    Krishna Raghupati

    Paramount Computer Services,  Dubai UAE

  • clear-img.png

    "I recommend everyone to attend this course whether your business is at the beginning or whether you have already implemented some of the IT security procedures. Even if you think you are protected but in fact it is not protected.."

    Bir Lama
VIEW MORE
New call-to-action

Book a call to discuss or ask any questions about the course. Please don't forget to change your location first.

Building and Optimising Incident Response Playbooks

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422
Simply fill in your details to request a FREE callback