Level

Governance, Risk, and Compliance for CompTIA Security+

By Christopher Rees

Proper governance, compliance, and risk assessment are an important part of any organization’s overall success. This course will teach you how to implement proper controls, assess risk, and limit your company’s exposure.

See Pricing

2.7 hours

108 Lessons

About the course

Regulations, privacy, compliance, and ensuring your customer’s data is secure are becoming increasingly important while at the same time becoming increasingly complex. As new regulations are introduced, a company’s responsibilities continue to increase. In this course, Governance, Risk, and Compliance for CompTIA Security+, you’ll learn to properly assess your company’s risk across all facets of the organization. First, you’ll explore the various types of controls that can be put in place to limit exposure. Next, you’ll discover several methodologies, frameworks, and best practices needed to develop policy and ensure compliance. Finally, you’ll learn how to create a business impact analysis and properly classify data, along with the technologies required to safeguard that data. When you’re finished with this course, you’ll have the skills and knowledge of risk management and compliance needed to ensure your organization is properly governing employee and customer data, complying with local, state, and federal regulations, and properly assessing risk.

Recommended order of completion:

Attacks, Threats, and Vulnerabilities for CompTIA Security+
Architecture and Design for CompTIA Security+
Implementation of Secure Solutions for CompTIA Security+
Operations and Incident Response for CompTIA Security+
Governance, Risk, and Compliance for CompTIA Security+
CompTIA Security+: Exam Briefing

Contact Sales See Pricing

Chapter 1 1 Lesson Course Overview 1:52

Course Overview
1:52
Chapter 2 9 Lessons Comparing and Contrasting Various Types of Controls 8:01

Module Overview
1:01

Goals of the Module
1:22

Threat Types
0:59

Types of Access Control Managerial Operational and Physical
1:03

Deterrent
0:28

Preventive
0:36

Detective
0:33

Corrective Recovery and Compensating
1:29

Module Review
0:30
Chapter 3 17 Lessons Applicable Regulations Standards or Frameworks that Impact a Security Organization 31:26

Module Overview
0:36

Privacy and Compliance Challenges
5:24

GDPR and Key Terminology
1:50

GDPR Key Terms and Data Processing Principles
2:11

Six Legal Grounds for Processing Personal Data
1:18

GDPR Compliance and Penalties
0:44

Compliance Frameworks
2:32

NIST and the Cyber security Framework CSF
1:06

PCI DSS
1:05

Enterprise Security Framework ESF
1:15

NIST SP 800 53 and ISO 27001
3:11

Cloud Security Alliance CSA
0:50

SSAE 18 SOC 1 2 and 3
2:49

Benchmarks and Secure Configuration Guides
1:56

Systems Hardening
2:39

Vendor and Control Diversity
1:35

Module Review
0:25
Chapter 4 34 Lessons Implementing Policies within Organizational Security 37:47

Module Overview
0:44

Importance-of-Policies-in-Reducing-Risk
0:30

Job Rotation
1:37

Mandatory Vacations
0:37

Separation of Duties
0:31

Least Privilege
0:43

Clean Desk Policies
1:15

Background Checks NDAs and Role based Awareness Training
1:50

Use Cases for Monitoring
2:02

Things Typically Monitored
1:37

Balancing Whats Reasonable
0:52

New Tools Are Constantly Developed
0:54

Monitoring Social Media
0:38

Employee Protections
0:42

Onboarding Offboarding
0:44

Culture and Creating a Culture of Security
1:45

Setting the Stage
1:07

Awareness Training
0:45

Skills Training
1:35

Funding and Executive Buy in
1:02

Continuous Improvement
0:44

Wired Brain Coffees Approach to Training
1:53

Technology Diversity
0:48

Vendor Diversity
0:40

Service level Agreement SLA
0:34

Memorandum of Understanding MOU and Master Services Agreement MSA
1:46

Business Partner Agreement BPA
0:34

EOL EOS
1:45

Data Retention
0:37

User Account
0:40

Shared Generic Guest and Service Accounts
1:41

Privileged Accounts
0:57

Change Management
1:53

Asset Management
1:45
Chapter 5 32 Lessons Review the Risk Management Process and Concepts 59:07

Module Overview
0:35

Risk Types
3:27

Managing Risk
0:43

Risk Management Defined
1:07

Risk Management Concepts
2:36

Strategic Options
1:57

Risk Register Risk Matrix and Heat Map
1:07

Risk Control Self assessment RCSA
2:33

Risk Awareness-Inherent Residual Control and Risk Appetite
1:24

Regulatory Examples
0:42

Gramm Leach Bliley Act GLBA
1:26

HIPAA
1:15

HITECH Act
2:01

Sarbanes Oxley Act SOX
3:12

GDPR
0:57

Qualitative and Quantitative Analysis
2:41

Risk Calculation
1:26

Likelihood of Threat
0:45

Impact of Threat
0:37

Loss Calculation Terms ALE SLE and ARO
2:43

Threat Assessment Disaster
1:55

Additional Risk Calculation Terms MTBF MTTF and MTTR
1:17

Business Impact Analysis Key Terminology
5:14

Mission Essential Functions
2:02

Identification of Critical Systems
2:27

Single Point of Failure SPOF
2:16

Order of Restoration
1:40

Phased Approach
1:21

Identifying Most Critical Systems First
2:28

Risk Assessment
1:04

Continuity of Operations
1:04

IT Contingency Planning
3:05
Chapter 6 15 Lessons Privacy and Sensitive Data Concepts and Considerations 21:25

Module Overview
0:43

Company Obligations to Protect Security
1:50

Potential Damages from Mishandled Data
1:24

Incident Notification and Escalation
1:56

Notifying Outside Agencies
1:29

Data Classification
2:46

Privacy enhancing Technologies Data Masking and Tokenization
1:48

Anonymization and Pseudo anonymization
0:52

Data Owner
0:38

Data Controller and Processor
0:25

Data Steward Custodian
1:24

Privacy Officer
0:32

Information Lifecycle
1:59

Privacy Impact Assessment
1:43

Terms of Agreement and Privacy Notice
1:56

Practice alongside courses in Cloud Playground

What is Cloud Playground? Cloud Playground lets you build skills in real-world AWS, Google Cloud, and Azure environments. Spin up risk-free Sandboxes, Servers and Terminals and follow along with courses, test a new idea or prepare for exams.

Governance, Risk, and Compliance for CompTIA Security+

About the course

Course Overview

Module Overview

Goals of the Module

Threat Types

Types of Access Control Managerial Operational and Physical

Deterrent

Preventive

Detective

Corrective Recovery and Compensating

Module Review

Module Overview

Privacy and Compliance Challenges

GDPR and Key Terminology

GDPR Key Terms and Data Processing Principles

Six Legal Grounds for Processing Personal Data

GDPR Compliance and Penalties

Compliance Frameworks

NIST and the Cyber security Framework CSF

PCI DSS

Enterprise Security Framework ESF

NIST SP 800 53 and ISO 27001

Cloud Security Alliance CSA

SSAE 18 SOC 1 2 and 3

Benchmarks and Secure Configuration Guides

Systems Hardening

Vendor and Control Diversity

Module Review

Module Overview

Importance-of-Policies-in-Reducing-Risk

Job Rotation

Mandatory Vacations

Separation of Duties

Least Privilege

Clean Desk Policies

Background Checks NDAs and Role based Awareness Training

Use Cases for Monitoring

Things Typically Monitored

Balancing Whats Reasonable

New Tools Are Constantly Developed

Monitoring Social Media

Employee Protections

Onboarding Offboarding

Culture and Creating a Culture of Security

Setting the Stage

Awareness Training

Skills Training

Funding and Executive Buy in

Continuous Improvement

Wired Brain Coffees Approach to Training

Technology Diversity

Vendor Diversity

Service level Agreement SLA

Memorandum of Understanding MOU and Master Services Agreement MSA

Business Partner Agreement BPA

EOL EOS

Data Retention

User Account

Shared Generic Guest and Service Accounts

Privileged Accounts

Change Management

Asset Management

Module Overview

Risk Types

Managing Risk

Risk Management Defined

Risk Management Concepts

Strategic Options

Risk Register Risk Matrix and Heat Map

Risk Control Self assessment RCSA

Risk Awareness-Inherent Residual Control and Risk Appetite

Regulatory Examples

Gramm Leach Bliley Act GLBA

HIPAA

HITECH Act

Sarbanes Oxley Act SOX

GDPR

Qualitative and Quantitative Analysis

Risk Calculation