CSC 210 - Information Security Governance, Risk Management and Asset Security

Course Description

Learn foundational topics of building and managing a risk-based information security program. Effectively apply and enforce asset security. Study topics related to understanding an organization's mission, strategy, goals, and business objectives. Evaluate how to satisfy the business needs securely.

Explore risk management concepts in information security will be introduced along with relevant legal, regulatory, and compliance requirements. Students will learn how to apply and enforce asset security effectively. Additionally, the strategies to identify, categorize, secure, and monitor assets throughout the information lifecycle.

This course covers the following domains of the CISSP Common Body of Knowledge:

• Domain One: Security and Risk Management
• Domain Two: Asset Security

Course Details

Course Learning Outcomes

By the completion of this course, successful learners will be able to:

• Describe and apply security concepts, security governance principles, and Business Continuity (BC) requirements
• Determine legal compliance and regulatory requirements and describe methods and techniques to maintain a security awareness, education, and training program
• Apply risk management concepts, threat modeling methodologies, and Supply Chain Risk Management (SCRM) concepts
• Identify and classify information assets and establish information and asset handling requirements
• Explain the data lifecycle management process, including the determination of data security controls and compliance requirements

Topics

• Cybersecurity Governance
  • Fundamental cybersecurity concepts
  • Security governance principles
  • Security policies, standards, procedures, and guidelines
  • Personnel security policies and procedures
  • Security awareness, education, and training
• Risk Management
  • Assessing risks, responding to risks, monitoring risks
  • Supply chain risk management
  • Business continuity
• Compliance
  • Regulations, laws, and crimes involving computers
  • Intellectual property
  • Data breaches
  • Compliance requirements
  • Investigations
• Frameworks
  • Overview of frameworks
  • Risk frameworks
  • Information security frameworks
  • Enterprise architecture frameworks
  • Other frameworks
• Assets
  • Identification and classification of information and assets
  • Information and asset handling requirements
  • Secure resource provisioning
  • The data life cycle
  • Data Compliance requirements
• Data Security
  • Data states
  • Data security controls
  • Data protection methods

Who is this course for?

This course will help you to acquire the knowledge covered in the following domains of the CISSP CBK:

• Domain One: Security and Risk Management
• Domain Two: Asset Security

Individuals in different roles and at various stages in their careers can benefit from this course. The course is designed for:

• Recent graduates (degree, associate degree, diploma) in IT or Computer Science who plan to challenge the CISSP exams to become Associate of (ISC)2
• Experienced IT professionals who are keen to move up the career ladder entering senior positions (e.g. manager, director, senior specialist, chief information security officer)
• Individuals who want to learn the technical skills to a career change into cyber security or information security
• IT infrastructure or Cyber Security professionals looking to upskill and learn new in-demand skills

Applies Towards the Following Program(s)

• Information Systems Security : Required