GRC (Governance, Risk & Compliance) | Ingress Academy

Этот материал пока недоступен на языке Русский — показан на другом доступном языке. Доступно на: EN

Network Security & Ethical Hacking

GRC (Governance, Risk & Compliance)

The GRC (Governance, Risk & Compliance) program is a 3-month training course designed to build practical knowledge in information security governance, risk management, compliance, and audit processes. Participants learn how to develop security policies, conduct risk assessments, create risk registers, manage compliance requirements, and understand internationally recognized frameworks such as ISO 27001, NIST CSF, CIS Controls, and COBIT. Through hands-on exercises and real-world case studies, the program prepares learners for entry-level GRC roles and internationally recognized certifications, including ISO/IEC 27001, COBIT, CRISC, CISM, and CISA.

Средний Очно 12 недель 48 часов

О курсе

The GRC (Governance, Risk & Compliance) program is designed for individuals who want to build a career in information security governance, risk management, compliance, and auditing. Participants learn how to develop security policies, assess and manage risks, implement compliance controls, and align security practices with internationally recognized frameworks such as ISO 27001, NIST CSF, CIS Controls, and COBIT.

Through practical exercises, case studies, and real-world scenarios, learners gain the skills required to support governance initiatives, conduct risk assessments, manage compliance requirements, and contribute to audit and certification processes. The program also provides a strong foundation for internationally recognized certifications, including ISO/IEC 27001, COBIT, CRISC, CISM, and CISA.

Чему вы научитесь

  • Upon successful completion of this program, participants will be able to:
  • Understand the core principles of Governance, Risk, and Compliance (GRC).
  • Develop and manage information security policies, standards, and procedures.
  • Conduct risk assessments and create risk registers.
  • Identify, evaluate, and treat organizational risks.
  • Implement and monitor compliance requirements and internal controls.
  • Apply governance frameworks such as ISO 27001, NIST CSF, CIS Controls, and COBIT.
  • Support audit activities, collect evidence, and document audit findings.
  • Develop governance models and security metrics (KPI/KRI).
  • Contribute to ISO 27001 implementation and certification readiness projects.
  • Prepare for internationally recognized certifications such as ISO/IEC 27001, COBIT, CRISC, CISM, and CISA

Требования

  • To get the most out of this program, participants should have:
  • Basic knowledge of information technology and business processes.
  • Familiarity with fundamental cybersecurity concepts.
  • Basic understanding of organizational structures and risk management principles.
  • Interest in governance, compliance, auditing, and information security management.
  • Strong analytical and problem-solving skills.

Программа обучения

Скачать программу
  1. 1 GRC nədir? Governance, Risk, Compliance anlayışları
  2. 2 Information Security fundamentals (CIA, risk, controls)
  3. 3 Security Governance modeli
  4. 4 Roles & Responsibilities (Board, Management, IT, Security)
  5. 5 Policies, Standards, Procedures, Guidelines
  6. 6 Policy writing basics
  7. 7 Security Frameworks overview ISO 27001 CIS Controls NIST CSF
  8. 8 COBIT giriş və governance objectives
  1. 1 Threat, Vulnerability, Risk
  2. 2 Risk appetite, tolerance, ownership
  3. 3 Risk Assessment methods; Qualitative , Quantitative
  4. 4 Risk Matrix hazırlanması
  5. 5 Risk Register necə qurulur
  6. 6 Risk treatment plans
  7. 7 Compliance nədir?
  8. 8 Regulatory requirements, internal controls
  1. 1 ISO 27001 ISMS əsasları
  2. 2 Annex A controls overview
  3. 3 Audit fundamentals
  4. 4 Evidence collection, findings writing
  5. 5 KPI / KRI / Metrics
  6. 6 Third-party risk management
  7. 7 Certification prep session: ISO 27001, COBIT , CRISC / CISM overview ,