Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
ISC2 Certified in Governance, Risk and Compliance (CGRC) Cert Prep

ISC2 Certified in Governance, Risk and Compliance (CGRC) Cert Prep

3h 16mIntermediate2026-03-13

Authors

Infosec Institute

Infosec Institute

Course details

The ISC2 Certified in Governance, Risk, and Compliance (CGRC) certification vets the skills of an information security practitioner who champions security risk management to secure the necessary information system authorization. This authorization is crucial for supporting an organization's operations and mission while ensuring strict adherence to all legal and regulatory requirements. A CGRC professional acts as a key advocate, bridging security practice with organizational and legal necessities. In this course, learn how to prepare for topics covered in the core domains of the exam: Security and Privacy Governance, Risk Management, and Compliance Program; Scope of the System; Selection, Approval, and Implementation of Controls; Assessment/Audit of Controls; and System Compliance. This CGRC is an ideal fit for IT, information security, and information assurance practitioners currently working in or aspiring to land a GRC role.

Learning objectives
Evaluate and apply the governance, risk management, and compliance (GRC) program structure across an enterprise, including the establishment of security and privacy policies and procedures.
Determine and scope the authorization boundary and system categorization to accurately define the security and privacy requirements for an information system.
Select and implement the appropriate security and privacy controls from established frameworks (for example, NIST RMF/CSF) and document their implementation details.
Perform or interpret assessments/audits of implemented security and privacy controls to determine their effectiveness and compliance with regulatory mandates, organizational policies, and the system's security plan.
Develop and execute strategies for system compliance and compliance maintenance throughout the system's lifecycle, including continuous monitoring, authorization, and managing control changes and updates.

Concepts

Certified Governance Risk Management and Compliance Overview

  • Course overview

Security and Privacy Governance, Risk Management, and Compliance Program

  • Security and privacy governance, risk management, and compliance program introduction
  • Principles of information security
  • Risk
  • Risk response
  • Security authorization process
  • NIST risk management framework
  • CGRC government documentation

Scope of the System

  • Prepare phase overview
  • Organization-level tasks - P-1 to P-3
  • Organization-level tasks - P-4 to P-7
  • Organization-level tasks review
  • System-level tasks
  • System-level tasks - P-8 to P-9
  • System-level tasks P-10 to P-11
  • Review the seven system-level data governance roles
  • System-level tasks - P-12 to P-13
  • System-level tasks - P-14 to P-17
  • System-level task - P-18
  • Review prepare tasks at system level

Categorization of a System

  • Phase 1 - Categorize overview
  • Security categorization organization and guidance
  • Security categorization process
  • Define and categorize a system
  • National security systems (NSS)
  • Security categorization review and approval
  • RMF to SDLC mapping

Selection of Security and Privacy Controls

  • Phase 2 - Select overview
  • Select phase guiding documentation
  • Baseline selection approach vs organization-generated selection approach
  • Control tailoring
  • Control allocation
  • Control documentation and continuous monitoring
  • Security and privacy plan approval process
  • Select phase document review

Implementation of Security and Privacy Controls

  • Implementation guides and other resources
  • Unofficial POA&M
  • Implementation phase review
  • Phase 3 - Implement overview
  • Control implementation, responsibility, and compliance

Assessment and Audit of Security and Privacy Controls

  • Phase 4 - Assess overview
  • Assessor selection
  • Develop, review, and approve assessment plans
  • Control assessment
  • SDLC phases to RMF steps mapping
  • SAR and PAR report preparation
  • Remediation options
  • POA&M preparation
  • Assessment phase review

System Compliance and Authorization

  • Phase 5 - Authorization overview
  • Authorization package assembly
  • Risk analysis and risk response
  • Authorization decision types
  • Authorization decisions drills
  • Authorization reporting
  • Phase 5 - Authorization review

Compliance Maintenance

  • Phase 6 - Monitor overview
  • Monitor and assess controls
  • Ongoing assessments and risk response
  • Authorization package updates and security and privacy reporting
  • Ongoing authorization and system disposal
  • Monitor review

CGRC Layout and Testing

  • CGRC layout and testing, certification process, exam and study prep, and post-exam

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal