Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
D H M S

CGRC – Governance, Risk and Compliance Training
Read Reviews

The CGRC: Certified in Governance, Risk, and Compliance (CGRC) , previously known as the Certified Authorization Professional (CAP) Training Course offered by InfosecTrain effectively showcases your expertise in blending governance, performance management, risk management, and regulatory compliance in your organization. This course employs various frameworks to incorporate security and privacy in line with organizational goals, thus empowering stakeholders to make knowledgeable choices about data security, compliance, managing risks in the supply chain, and other related areas.

CGRC Course Highlights

  • 40 Hrs of Instructor-led Training
  • Access to Recorded Sessions
  • Accredited Instructors
  • 4 Hrs/Day Session

Accredited By

CGRC TRAINING CALENDAR

Want undivided attention? Choose 1-on-1 Training

Why Choose 1-on-1 Training

  •   Focused attention and face to face instructor support
  •   Custom Calendar & Training Schedule
  •   Highly interactive environment
  •   Learn via labs, mock tests, case studies, Q&A sessions
  •   On-spot doubt clearing opportunity
  •   Interview Support and Free Career Guidance

InfosecTrain Learning Bonanza Offer Buy 1 Get 4*

Register for any Course and get 4 eLearning (Worth USD 199 Self-paced Learning) Courses 100% free. Don't miss this offer Enroll Now

  • Cyber Security Engineer Masterclass
  • Cyber Security Fundamentals (JCP)
  • Introduction of Data Privacy
  • Red Team Ethical Hacking Masterclass

*All 4 free courses are eLearning modules, providing self-paced learning through instructional videos. Offer valid till February 29th, 2024.

Choose your Preferred Learning Mode

1-TO-1 TRAINING

1-TO-1 TRAINING

Customized schedule
Learn at your dedicated hour
Instant clarification of doubt
Guaranteed to run

Get Started
ONLINE TRAINING

ONLINE TRAINING

Flexibility, Convenience & Time Saving
More Effective
Learning Cost Savings

Classes starting from

5th Sep: Weekend

15th Sep: Weekday

ENROLL NOW Preferred
CORPORATE TRAINING

CORPORATE TRAINING

Anytime, Anywhere – Across The Globe
Hire A Trainer
At Your Own Pace
Customized Corporate Training

Contact US For Business
customized training

Looking for a customized training?

REQUEST A BATCH

CGRC Course Description

Overview

InfosecTrain’s CGRC: Certified in Governance, Risk, and Compliance Training Course is a comprehensive program tailored to showcase participant’s competence in effectively integrating governance, performance management, risk management, and regulatory compliance into the organization’s operations. This course comprehensively covers seven essential domains, initiating the development of a robust information security risk management program. Following this, it thoroughly explores defining the scope of the information system. Participants are then skillfully guided through the processes of selection and approval of security and privacy controls, along with their effective Implementation. A significant emphasis is placed on the assessment and audit of these controls to ensure their efficacy.

The course further delves into the authorization and approval processes pertinent to information systems and concludes with detailed strategies for continuous monitoring. This curriculum is meticulously crafted to provide participants with a holistic understanding of how governance, risk, and compliance are integrated within an organizational framework, making it an indispensable course for professionals striving to master these critical domains.

Why CGRC Course with InfosecTrain?

InfosecTrain is a leading IT security training and consulting organization offering best-in-class yet cost-effective, customized training programs to enterprises and individuals across the globe. We offer role-specific certification training programs and prepare professionals for the future. Our CGRC: Certified in Governance, Risk, and Compliance Training Course employs various frameworks to incorporate security and privacy in line with organizational goals, thus empowering stakeholders to make knowledgeable choices about data security, compliance, managing risks in the supply chain, and other related areas.

Here’s what you get when you choose InfosecTrain as your learning partner:

  • Flexible Schedule: Training sessions to match your schedule and accommodate your needs.
  • Post Training Support with No Expiry Date: Ongoing assistance and support until the learners achieve their certification goals.
  • Recorded Sessions: Access to LMS or recorded sessions for post-training reference.
  • Customized Training: A training program that caters to your specific learning needs.
  • Knowledge Sharing Community: Collaborative group discussions to facilitate knowledge sharing and learning.
  • Certificate: Each candidate receives a certificate of participation as a testament to their accomplishment.
  • Expert Career Guidance: Free career guidance and support from industry experts.
CGRC Exam Domains
  • Domain 1: Information Security Risk Management Program (16%)
  • Domain 2: Scope of the Information System (11%)
  • Domain 3: Selection and Approval of Security and Privacy Controls (15%)
  • Domain 4: Implementation of Security and Privacy Controls (16%)
  • Domain 5: Assessment/Audit of Security and Privacy Controls (16%)
  • Domain 6: Authorization/Approval of Information Systems (10%)
  • Domain 7: Continuous Monitoring (16%)

Target Audience

  • Cybersecurity Auditor
  • Cybersecurity Compliance Officer
  • GRC Architect
  • GRC Manager
  • Cybersecurity Risk and Compliance Project Manager
  • Cybersecurity Risk and Controls Analyst
  • Cybersecurity Third-Party Risk Manager
  • Enterprise Risk Manager
  • GRC Analyst
  • GRC Director
  • Information Assurance Manager

Pre-requisites

  • Minimum Requirement: Two years of full-time experience in one or more domains of the CGRC exam outline.
  • Alternative Experience: Part-time work and internships can contribute to the experience requirement.
  • Associate Path: Without the required experience, pass the CGRC exam to become an Associate of (ISC)².
  • Timeframe for Associates: Associates must gain two years of experience within three years.

Note: 

  • CGRC® is a registered mark of The International Information Systems Security Certification Consortium (ISC)².
  • We are not an authorized training partner of (ISC)².

Exam Information

Exam Duration 3 Hours
Number of Questions 125
Exam Format Multiple-choice
Passing Score 700 out of 1000
Exam Language English

GET A FREE DEMO CLASS

For
Captcha*
6 + 64 =
loader-infosectrain

CGRC Course Objectives

You will be able to:

  • Understand foundational principles, risk management frameworks, system development life cycle, and roles in authorization processes.
  • Define system scope architecture and categorize information types and impact levels.
  • Identify baseline controls, tailor controls to systems, develop continuous monitoring strategies, and review security plans.
  • Implement and document selected controls, ensuring alignment with organizational architecture.
  • Prepare and conduct assessments/audits, analyze results, propose remediation actions, and develop final reports and action plans.
  • Compile authorization documentation, assess system risk, and formalize the authorization process.
  • Monitor system changes, conduct ongoing assessments, review supply chain risks, participate in response planning, update monitoring strategies, and report on risk posture.

CGRC Course Content

Domain 1: Information Security Risk Management Program (16%)

1.1: Understand the Foundation of an Organization Information Security Risk Management Program

  • Principles of information security
  • Risk management frameworks (e.g., National Institute of Standards and Technology (NIST), cyber security framework, Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO) 27001, International Organization for Standardization (ISO) 31000)
  • System Development Life Cycle (SDLC)
  • Information system boundary requirements
  • Security controls and practices
  • Roles and responsibilities in the authorization/approval process

1.2: Understand Risk Management Program Process

  • Select program management controls
  • Privacy requirements
  • Determine third-party hosted information systems

1.3: Understand Regulatory and Legal Requirements

  • Familiarize with governmental, organizational, and international regulatory security and privacy requirements (e.g., International Organization for Standardization (ISO) 27001, Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA))
  • Familiarize with other applicable security-related mandates

Domain 2: Scope of the Information System (11%)

2.1: Define the Information System

  • Determine the scope of the information system
  • Describe the architecture (e.g., data flow, internal and external interconnections)
  • Describe the information system’s purpose and functionality

2.2: Determine Categorization of the Information System

  • Identify the information types processed, stored, or transmitted by the information system
  • Determine the impact level on confidentiality, integrity, and availability for each information type (e.g., Federal Information Processing Standards (FIPS) 199, International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27002, data protection impact assessment)
  • Determine information system categorization and document results

Domain 3: Selection and Approval of Security and Privacy Controls (15%)

3.1: Identify and Document Baseline and Inherited Controls

3.2: Select and Tailor Controls to the System

  • Determine the applicability of recommended baseline and inherited controls
  • Determine appropriate use of control enhancements (e.g., security practices, overlays, countermeasures)
  • Document control applicability

3.3: Develop a Continuous Control Monitoring Strategy (e.g., Implementation, Timeline, Effectiveness)

3.4: Review and Approve Security Plan/Information Security Management System (ISMS)

Domain 4: Implementation of Security and Privacy Controls (16%)

4.1: Implement Selected Controls

  • Determine mandatory configuration settings and verify implementation in accordance with current industry standards (e.g., Technical Security Standard for Information Technology (TSSIT), Technical Guideline for Minimum Security Measures, United States Government Configuration Baseline (USGCB), National Institute of Standards and Technology (NIST) checklists, Security Technical Implementation Guides (STIGs), Center for Internet Security (CIS) benchmarks, General Data Protection Regulation (GDPR))
  • Ensure that the implementation of controls is consistent with the organizational architecture and associated security and privacy architecture
  • Coordinate implementation of inherited controls with control providers
  • Determine and implement compensating/alternate security controls

4.2: Document Control Implementation

  • Document inputs to the planned controls, their expected behavior, and expected outputs or deviations
  • Verify the documented details of the controls meet the purpose, scope, and risk profile of the information system
  • Obtain and document implementation details from appropriate organization entities (e.g., physical security, personnel security, privacy)

Domain 5: Assessment/Audit of Security and Privacy Controls (16%)

5.1: Prepare for Assessment/Audit

  • Determine assessor/auditor requirements
  • Establish objectives and scope
  • Determine methods and level of effort
  • Determine necessary resources and logistics
  • Collect and review artifacts (e.g., previous assessments/audits, system documentation, policies)
  • Finalize the assessment/audit plan

5.2: Conduct Assessment/Audit

  • Collect and document assessment/audit evidence
  • Assess/audit implementation and validate compliance using approved assessment methods (e.g., interview, test, and examine)

5.3: Prepare the Initial Assessment/Audit Report

  • Analyze assessment/audit results and identify vulnerabilities
  • Propose remediation actions

5.4: Review the Initial Assessment/Audit Report and Perform Remediation Actions

  • Determine risk responses
  • Apply remediations
  • Reassess and validate the remediated controls

5.5: Develop Final Assessment/Audit Report

5.6: Develop Remediation Plan

  • Analyze identified residual vulnerabilities or deficiencies
  • Prioritize responses based on risk level
  • Identify resources (e.g., financial, personnel, and technical) and determine the appropriate time frame/schedule required to remediate deficiencies

Domain 6: Authorization/Approval of Information Systems (10%)

6.1: Compile Security and Privacy Authorization/Approval Documents

  • Compile required security and privacy documentation to support authorization/approval decisions by the designated official

6.2: Determine Information System Risk

  • Evaluate information system risk
  • Determine risk treatment options (i.e., accept, avoid, transfer, mitigate, share)
  • Determine residual risk

6.3: Authorize/Approve Information System

  • Determine terms of authorization/approval

Domain 7: Continuous Monitoring (16%)

7.1: Determine the Impact of Changes to the Information System and Environment

  • Identify potential threats and impact on the operation of information systems and the environment
  • Analyze risk due to proposed changes accounting for organizational risk tolerance
  • Approve and document proposed changes (e.g., Change Control Board (CCB), Technical Review Board)
  • Implement proposed changes
  • Validate changes have been correctly implemented
  • Ensure change management tasks are performed

7.2: Perform Ongoing Assessments/Audits Based on Organizational Requirements

  • Monitor network, physical, and personnel activities (e.g., unauthorized assets, personnel, and related activities)
  • Ensure vulnerability scanning activities are performed
  • Review automated logs and alerts for anomalies (e.g., security orchestration, automation, and response)

7.3: Review Supply Chain Risk Analysis Monitoring Activities (e.g., Cyber Threat Reports, Agency Reports, News Reports)

7.4: Actively Participate in Response Planning and Communication of a Cyber Event

  • Ensure response activities are coordinated with internal and external stakeholders
  • Update documentation, strategies, and tactics incorporating lessons learned

7.5: Revise Monitoring Strategies Based on Changes to Industry Developments Introduced Through Legal, Regulatory, Supplier, Security and Privacy Updates

7.6: Keep Designated Officials Updated About the Risk Posture for Continuous Authorization/Approval

  • Determine ongoing information system risk
  • Update risk register, risk treatment, and remediation plan

7.7: Decommission Information System

  • Determine information system decommissioning requirements
  • Communicate decommissioning of information system
  • Remove information system from operations

Need customized curriculum? Talk to Advisor

CGRC Course Advisor

CGRC Course Benefits

cgrc-course-benifits

Here's What people are saying about InfosecTrain

Benefits You Will Access Why Infosec Train

Student-infosectrain Certified & Experienced Instructors
24x71-infosectrain Post Training Support
tailor-infosectrain Customized Training
flexible-infosectrain Flexible Schedule
video1-infosectrain Access to Recorded Sessions

CGRC FAQs

1. What is the CGRC certification program?
The CGRC certification program focuses on enhancing expertise in Governance, Risk, and Compliance (GRC). It equips professionals with skills in integrating governance, risk management, and compliance into organizations, enabling informed decisions about data security and other critical aspects.
2. Are the Certified Authorization Professional (CAP) and CGRC the same?

Yes, CGRC (Certified in Governance, Risk, and Compliance) previously known as the Certified Authorization Professional (CAP) certification.

3. Who is the targeted audience for the CGRC certification?

The targeted audience for the CGRC certification includes

  • Cybersecurity Auditor
  • Cybersecurity Compliance Officer
  • GRC Architect
  • GRC Manager
  • Cybersecurity Risk and Compliance Project Manager
  • Cybersecurity Risk and Controls Analyst
  • Cybersecurity Third-Party Risk Manager
  • Enterprise Risk Manager
  • GRC Analyst
  • GRC Director
  • Information Assurance Manager
4. What are the prerequisites for enrolling in the CGRC training course?

The prerequisites for enrolling in the CGRC training course are

  • Minimum Requirement: Two years of full-time experience in one or more domains of the CGRC exam outline.
  • Alternative Experience: Part-time work and internships can contribute to the experience requirement.
  • Associate Path: Without the required experience, pass the CGRC exam to become an Associate of ISC2.
  • Timeframe for Associates: Associates must gain two years of experience within three years.
5. What are the key topics covered in the CGRC course curriculum?

The CGRC course curriculum covers 7 key domains, which include:

  • Domain 1: Information Security Risk Management Program (16%)
  • Domain 2: Scope of the Information System (11%)
  • Domain 3: Selection and Approval of Security and Privacy Controls (15%)
  • Domain 4: Implementation of Security and Privacy Controls (16%)
  • Domain 5: Assessment/Audit of Security and Privacy Controls (16%)
  • Domain 6: Authorization/Approval of Information Systems (10%)
  • Domain 7: Continuous Monitoring (16%)
6. Is the CGRC certification program accredited or recognized by industry associations or organizations?

The CGRC certification program is recognized and follows standards like ANAB and ISO/IEC 17024.

7. Are there any exams or assessments associated with the CGRC certification program?

The CGRC exam is a 3-hour test with 125 multiple-choice questions. The passing grade is 700 out of 1000 points, and the exam is conducted in English at Pearson VUE Testing Centers.

8. What is the pass score for the CGRC certification exam?

The passing score is 700 out of 1000 points.

9. Can I access course materials and resources after completing the CGRC certification program?

Yes, you can access course materials and resources after completing the CGRC certification training.

10. Is there a renewal or recertification process for the CGRC certification, and how often is it required?

The CGRC certification is valid for three years. Holders must comply with Continuing Professional Education (CPE) policies and pay a yearly maintenance fee. The renewal process involves satisfying the CAP CPE requirement and paying the annual maintenance fee (AMF), which is $125 for members and $50 for associates.

11. How can I contact the course administrators or instructors for further questions or assistance?

For further questions or assistance regarding the CGRC certification program, you can contact the service and support team of the InfosecTrain.

Latest Blog Posts

TOP
whatsapp