Practical Foundations in Cybersecurity
  • 🖌️Practical Foundations in Cybersecurity
  • 1. IT career planning
    • Introduction - IT career planning
    • IT career paths – everything you need to know
    • Job roles in IT and cybersecurity
    • How to break into information security
    • The Security Operations Center (SOC) career path
    • The GRC analyst role
    • How to get CCNA certification
    • Job search strategy
  • 2. Introduction to cybersecurity
    • Introduction - Introduction to cybersecurity
    • Foundational cybersecurity concepts and practices
    • The cybersecurity threat landscape
    • Common cyber attacks
    • Risk mitigation methods
    • Network security risk mitigation best practices
  • 3. Cybersecurity GRC
    • Introduction - Cybersecurity GRC
    • Cybersecurity GRC
  • 4. Networking fundamentals
    • Introduction - Networking fundamentals
    • How data flow through the Internet
  • 5. Wireless security and cryptography
    • Introduction - Wireless security and cryptography
    • SSL/TLS cryptography
    • Wireless network security
  • 6. Practical foundations in ethical hacking
    • Introduction - Practical foundations in ethical hacking
    • Ethical assessment of teaching ethical hacking
    • The ethical teaching of ethical hacking
    • Professional ethical hacking body of knowledge
      • The ethics of ethical hackers
      • The penetration testing process
      • What do ethical hackers do?
    • Who are ethical hackers?
  • 7. Conclusion
    • Introduction - Conclusion
    • Final words
Powered by GitBook
On this page
  • Chapter 3: Cybersecurity GRC
  • Topics covered in this chapter
  1. 3. Cybersecurity GRC

Introduction - Cybersecurity GRC

This chapter introduces students to how organizations integrate cybersecurity into enterprise risk management through Governance, Risk, and Compliance (GRC) frameworks

Chapter 3: Cybersecurity GRC

This chapter explores how organizations integrate cybersecurity into enterprise risk management through Governance, Risk, and Compliance (GRC) frameworks. Students will learn how regulations, standards, and risk assessment methodologies align with business objectives to mitigate cyber risks.

This chapter will help students:

• Understand the strategic, ethical, and legal importance of cybersecurity regulations and standards for businesses.

• Define the concepts of Governance, Risk, and Compliance, and explain their role in IT governance.

• Understand how GRC can be used as a cybersecurity risk management framework (RMF).

• Become familiar with popular information security RMFs, including NIST SP 800-37, NIST CSF, and ISO/IEC 27001, and how they can be combined.

• Identify key cybersecurity regulations (e.g., GDPR and HIPAA) and industry standards (e.g., PCI DSS).

• Understand information security risk assessment and management phases and terminology.

Topics covered in this chapter

GRC terminology (governance, risk, compliance, controls, due diligence, policies, audits, reporting).

Salient cybersecurity regulations, such as GDPR (privacy), HIPAA (healthcare), and SOX (financial).

Key features of salient cybersecurity industry standards, such as PCI DSS (payment security), and SOC 2 (service providers).

Applying risk management frameworks, such as NIST SP 800-37 (RMF for federal systems), NIST Cybersecurity Framework (CSF) (Identify, Protect, Detect, Respond, Recover), and ISO/IEC 27001 (ISMS framework).

Risk assessment phases (risk identification, risk analysis, risk mitigation, and risk monitoring).

PreviousNetwork security risk mitigation best practicesNextIntroduction - Networking fundamentals

Last updated 10 days ago