Top of Page
 

Online Training

Official ISC2 CBK Training Seminar for the Certified in Governance, Risk and Compliance (CGRC)

Course Description

< Return to Listing

Course Type:

Online Instructor Led (OIL) - Hands-on learning experience in a virtual environment with an authorized ISC2-certified instructor and other students. 

Language:

Course content is offered in English.

Course Summary

The Official ISC2 Certified in Governance, Risk and Compliance (CGRC) Training Seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the seven domains of the CGRC Common Body of Knowledge (CBK):  

  1. Information Security Risk Management Program
  2. Scope of the Information System 
  3. Selection and Approval of Security and Privacy Controls 
  4. Implementation of Security and Privacy Controls 
  5. Assessment/Audit of Security and Privacy Controls 
  6. Authorization/Approval of Information System 
  7. Continuous Monitoring

This training course is structured around the steps of the NIST Risk Management Framework version 2.0, as covered in NIST Special Publication 800-37 Revision 2. The previous version, Revision 1, will be covered throughout the course as it corresponds to the current revision. This course will help students review and refresh their information security knowledge as they pursue the CGRC certification. 

Who Should Take this Course

This course is for individuals planning to pursue the CGRC certification. The CGRC is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in federal government, military, civilian roles, local governments and private sector organizations. Roles include:

  • • ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues.
  • • Executives who must "sign off" on Authority to Operate (ATO).
  • • Inspector generals (IGs) and auditors who perform independent reviews.
  • • Program managers who develop or maintain IT systems.
  • • IT professionals interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management.

Prior to taking this course the learner should have the following experience, skills, or knowledge in:

  • • IT security
  • • Information assurance
  • • Information risk management
  • • Certification
  • • Systems administration
  • • One to two years of general technical experience
  • • Two years of general systems experience
  • • One to two years of database/systems development/network experience
  • • Information security policy
  • • Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
  • • Strong familiarity with NIST documentation

Official ISC2 Courseware Provides:

  • • Live virtual instruction from an ISC2 Authorized Instructor
  • • Virtual collaboration with classmates
  • • Official ISC2 CGRC Student Guide in printable electronic format – 365 day access.
  • • Access to official course content - 180 day access.
  • • Recordings of live virtual sessions
  • • End-of-chapter quizzes with answer feedback – 70 Questions
  • • Post-course Assessment with answer feedback – 142 questions
  • • Online interactive Flash Cards
  • • Glossary of terms
  • • 24x7x365 chat technical support
  • • Official ISC2 Certificate of Completion
  • • Course Completion Badge
  • • Exam Guarantee

What to Expect:

An ISC2 Authorized instructor will utilize official ISC2 course materials to guide you through the course in a virtual classroom setting. To broaden the understanding of material, Content will be taught utilizing a series of presentations, example system exercises and discussions. 

In addition to lecture-based instruction and classroom discussions learners will be asked to work individually or in small teams to complete the following activities. 

9 Example System Exercises

Designed to demonstrate the steps of the Risk Management Framework (RMF) 9 example system exercises teaching you how apply the steps of the RMF. 

13 Discussion Questions

Designed to generate deeper conversation among learners in the class around a given topic, these discussion questions encourage peer-to-peer interaction.

7 End-of-Chapter Quizzes

Each chapter concludes with a 10 question graded quiz, with feedback, to assess comprehension of the learning within the chapter.

142-Question Post-Course Assessment
The course concludes with a graded post-course assessment designed to validate learnings and identify areas for further study. The assessment includes answer feedback.

Exam Guarantee

ISC2 ® wants its candidates to successfully pass their certification exam and achieve their goal of earning an ISC2 ® credential.  Included with our Training Seminar is our education guarantee.  If you do not pass the exam after attending our Training Seminar, you can attend a second Training Seminar at no cost to you (within one year of taking the seminar).  The education guarantee covers the cost of the second seminar only. You will have to pay the full price for your second attempt of the exam.

Course Learning Objectives

At the end of this course, learners will be able to: 

  • • Identify and describe the steps and tasks within the NIST Risk Management Framework (RMF).
  • • Apply common elements of other risk management frameworks using the RMF as a guide.
  • • Describe the roles associated with the RMF and how they are assigned to tasks within the RMF.
  • • Execute tasks within the RMF process based on assignment to one or more RMF roles.
  • • Explain organizational risk management and how it is supported by the RMF.

Note: Chapter learning objectives are provided below. 

Course Chapters

This course covers the following chapters:

Chapter 1: Prepare (10 Modules)

Learning Objectives:

After completing this chapter, the participant will be able to: 

  • • Explain the purpose and value of preparation.
  • • Identify references associated with the Prepare step.
  • • Identify other risk management frameworks and their relationship to RMF tasks. 
  • • Identify relevant security and privacy regulations. 
  • • List the references, processes and outcomes that define:
    • • RMF Task P-1: Risk Management Roles
    • • RMF Task P-2: Risk Management Strategy
    • • RMF Task P-3: Risk Assessment – Organization
    • • RMF Task P-14: Risk Assessment – System
    • • RMF Task P-4: Organizationally Tailored Control Baselines and Cybersecurity Framework Profiles
    • • RMF Task P-5: Common Control Identification
    • • RMF Task P-6: Impact-Level Prioritization
    • • RMF Task P-7: Continuous Monitoring Strategy – Organization
    • • RMF Task P-8: Mission or Business Focus
    • • RMF Task P-9: System Stakeholders
    • • RMF Task P-10: Asset Identification
    • • RMF Task P-11: Authorization Boundary
    • • RMF Task P-12: Information Types
    • • RMF Task P-13: Information Life Cycle
    • • RMF Task P-15: Requirements Definition
    • • RMF Task P-16: Enterprise Architecture
    • • RMF Task P-17: Requirements Allocation
    • • RMF Task P-18: System Registration
  • • Complete selected Prepare Tasks for the example system.

Chapter 2: Categorize (5 Modules)

Learning Objectives:

After completing this chapter, the participant will be able to: 

  • • Explain the purpose and value of categorization.
  • • Identify references associated with the Categorize step.
  • • List the references, processes, and outcomes that define Risk Management Framework (RMF) Task C-1: System Description.
  • • Describe a system’s architecture.
  • • Describe an information system’s purpose and functionality.
  • • Describe and document a system’s characteristics.
  • • List the references, processes and outcomes that define RMF Task C-2: Security Categorization.
  • • Categorize an information system.
  • • List the references, processes and outcomes that define RMF Task C-3: Security Categorization Review and Approval.
  • • Describe the review and approval process for security categorization.
  • • Categorize the example systems.

Chapter 3: Select (7 Modules)

Learning Objectives:

After completing this chapter, the participant will be able to: 

  • • Explain the purpose and value of control selection and allocation.
  • • Identify references associated with the Select step.
  • • Relate the ISO 27001 Statement of Applicability to the NIST RMF.
  • • List the references, processes and outcomes that define RMF Task S-1: Control Selection.
  • • List the references, processes and outcomes that define RMF Task S-2: Control Tailoring.
  • • Select appropriate security control baselines based on organizational guidance.
  • • Tailor controls for a system within a specified operational environment.
  • • List the references, processes and outcomes that define RMF Task S-3: Control Allocation.
  • • List the references, processes and outcomes that define RMF Task S-4: Documentation of Planned Control Implementations.
  • • Allocate security and privacy controls to the system and to the environment of operation.
  • • Document the controls for the system and environment of operation in security and privacy plans.
  • • List the references, processes and outcomes that define RMF Task S-5: Continuous Monitoring Strategy - System.
  • • Develop and implement a system-level strategy for monitoring control effectiveness that is consistent with and supplements the organizational continuous monitoring strategy.
  • • List the references, processes and outcomes that define RMF Task S-6: Plan Review and Approval.
  • • Review and approve the security and privacy plans for the system and the environment of operation.
  • • Allocate security controls for the example system.
  • • Tailor security controls for the example system.
  • • Draft a continuous monitoring plan for the example system.

Chapter 4: Implement (5 Modules)

Learning Objectives

After completing this chapter, the participant will be able to: 

  • • Explain the purpose and value of implementation.
  • • Identify references associated with the Implement step.
  • • List the references, processes and outcomes that define RMF Task I-1: Control Implementation. 
  • • Identify appropriate implementation guidance for control frameworks.
  • • Integrate privacy requirements with system implementation. 
  • • List the references, processes and outcomes that define RMF Task I-2: Update Control Implementation Information.
  • • Update a continuous monitoring strategy.
  • • Update a control implementation plan. 

Chapter 5: Assess (6 Modules)

Learning Objectives

After completing this chapter, the participant will be able to: 

  • • Explain the purpose and value of assessment.
  • • Identify references associated with the Assess step.
  • • Understand and identify common elements of the NIST process that are included in other frameworks and processes.
  • • List the references, processes and outcomes that define RMF Task A-1: Assessor Selection.
  • • List the references, processes and outcomes that define RMF Task A-2: Assessment Plan.
  • • List the references, processes and outcomes that define RMF Task A-3: Control Assessment.
  • • List the references, processes and outcomes that define RMF Task A-4: Assessment Reports.
  • • List the references, processes and outcomes that define RMF Task A-5: Remediation Actions. 
  • • List the references, processes and outcomes that define RMF Task A-6: Plan of Action and Milestones.
  • • Develop an assessment plan for identified controls in the example system.
  • • Develop a remediation plan for unsatisfied controls in the example system.

Chapter 6: Authorize (6 Modules)

Learning Objectives

  • • Explain the purpose and value of authorization.
  • • Identify references associated with the Authorize step.
  • • Relate system approvals under organizational processes to the concepts applied in the NIST RMF.
  • • List the references, processes and outcomes that define RMF Task R-1: Authorization Package.
  • • List the references, processes and outcomes that define RMF Task R-2: Risk Analysis and Determination.
  • • List the references, processes and outcomes that define RMF Task R-3: Risk Response.
  • • List the references, processes and outcomes that define RMF Task R-4: Authorization Decision.
  • • List the references, processes and outcomes that define RMF Task R-5: Authorization Reporting.
  • • Develop a risk determination for the example system on the system risk level.
  • • Authorize the system for operation.
  • • Determine appropriate elements for the Authorization decision document for the example system.

Chapter 7: Monitor (8 Modules)

Learning Objectives

After completing this Chapter, the participant will be able to: 

  • • Explain the purpose and value of monitoring.
  • • Identify references associated with the Monitor step.
  • • List the references, processes and outcomes that define RMF Task M-1: System and Environment Changes. 
  • • (Coordinate) Integrate cybersecurity risk management with organizational change management. 
  • • List the references, processes and outcomes that define RMF Task M-2: Ongoing Assessments.
  • • Monitor risks associated with supply chain.
  • • List the references, processes and outcomes that define RMF Task M-3: Ongoing Risk Response.
  • • Understand elements for communication surrounding a cyber event.
  • • List the references, processes and outcomes that define RMF Task M-4: Authorization Package Updates.
  • • List the references, processes and outcomes that define RMF Task M-5: Security and Privacy Reporting. 
  • • List the references, processes and outcomes that define RMF Task M-6: Ongoing Authorization.
  • • List the references, processes and outcomes that define RMF Task M-7: System Disposal. 
  • • Discuss Monitor step activities in the example system.

Chapter 8: CGRC Certification Information

This chapter covers important information about the experience requirements for the Certified in Governance, Risk and Compliance (CGRC) certification and ISC2 exam policies and procedures. Details were based on information as of August 2021. It is recommended that learners go to the ISC2 website www.isc2.org for the most up-to-date information on certification requirements and the exam process.

Note: Throughout this course, exam domains may be covered in several chapters. Included in the course is a table indicating where the exam outline objectives are covered in this course. Unique icons are also used throughout the course materials to identify exam outline objectives.

Requirements for Completion

In order to complete the course, receive a certificate of completion learners and earn continuing professional education (CPE) credits learners must:

  • • Complete all learning activities within the course.
  • • Complete a course evaluation.
  • • Score 70% or higher on end of chapter quizzes and final assessment

Technology Requirements

The following are system requirements needed to enhance your overall learning experience.

A stable and continuous internet connection is required. In order to record your completion of the online learning courses, please ensure you are connected to the internet at all times while taking the course.

Hardware Specifications

  • • Processor 2 GHz +
  • • RAM 4 GB +
  • • Monitor minimum resolution (1024 x 768)
  • • Video Card
  • • Keyboard and Mouse or other assitive technology.

Computer Peripherals (Recommended)

  • • Speakers/Headphones – (Noise-cancelling headset is recommended)
  • • Microphone
  • • Camera

Supported Operating Systems

  • • Macintosh OS X 10.10 to present
  • • Windows 10 to present

Supported Browsers

  • • Google Chrome
  • • Microsoft Edge
  • • Mozilla Firefox

Application Software

Access Certificate of Completion

An electronic Certificate of Completion will be provided once you have completed the course by meeting all the requirements. We recommend that you download and retain the certificate of completion as proof of credits earned.

To download a PDF version of the certificate, go to the “Awards” tab of ISC2 Learn (top menu), select the course and then “Generate Certificate”.

CPE Credits

40 CPE Credits

CPE Reporting

 

CPEs for ISC2 credentials must be self-reported by members and associates through the ISC2 CPE Portal accessible via www.isc2.org using your member login credentials.

CPEs earned for this course may be eligible for continuing professional education credits for non-ISC2 certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.

For specific questions related to your CPEs or the CPE portal please contact member support - membersupport@isc2.org.

Cancellation Policy

Refunds for any ISC2 courses will not be provided

Access Period

Access to course recordings and content 180 days. Access to Student Guide 365 days.

Price:

Pricing available at checkout. 

Have Questions About Purchasing?

Interested in purchasing this course on behalf of someone, or want to learn about team discounts? Please contact your regional office:

ISC2 Americas Regional Office
Email: training@isc2.org 
Phone: +1-866-331-ISC2 (4722) ext. 2

ISC2 EMEA Regional Office
Email: info-emea@isc2.org
Phone: +44 (0)203.960.7800

ISC2 APAC Regional Office
Email: isc2asia@isc2.org
Phone: +852.2850.6951

Return to Catalog