top of page
Image by fabio

Cyber Security Governance and Risk Management

Join the Program

Image by fabio

Cyber Security Governance & Risk Management

Cyber Security Governance & Risk Management is the monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks.

There is a wide variety of possible roles, depending on the mix of governance and risk management responsibilities and the level of responsibility.

In an entry level role in GRC (Governance, Risk & Compliance), you undertake a broad mixture of duties focused on the practicalities of managing risks: you draft policies, carry out risk assessments, and verify compliance with the agreed policies. You do this under the supervision of a senior manager which, in a small organisation, may be the Chief Information Security Officer (CISO).

In a GRC role with more responsibility for ensuring compliance and establishing and validating governance systems, you probably have at least three years of cyber security experience, and the confidence to manage the responsibility.

For those focused on risk management, there may be two cycles of work: the periodic carrying-out of large-scale assessments/reassessments of cyber security risks

On the program learners will receive knowledge and skills relating to the following areas:

  • Cyber Security Management

  • Legal and Regulatory Environment

  • Governance

  • Common Standards and Frameworks

  • NIST Cyber Security Framework

  • NIST 800-53

  • NIST 800-171

  • ISO/IEC 27001

  • Risk Management

  • Asset Management

  • Authentication, Authorisation and Accountability

  • Human Factors

  • Physical Security

  • Network Security

  • Secure Development Lifecycle

  • Supply Chain Security

  • Incident Management and Forensics

  • Monitoring System Performance

  • Audit

  • Security Policy and Procedure

  • Awareness training and delivery

  • Malware and Attack Technologies

to the whole organisation or to particular systems; and frequent updates to specific risk assessments as the nature and scale of threats and vulnerabilities change.

When you identify potential risks, you need to understand the organisation’s assets and their value, so you need to have regular conversations with general managers and other relevant stakeholders across the organisation. You know how the organisation’s data is stored and how it flows between systems. Likewise, when you assess the likelihood and impact of a risk affecting a system or a set of information you work closely with colleagues with other types of cyber security responsibilities, particularly in Vulnerability Management and Cyber Threat Intelligence. 

Much of the work requires you to work very methodically on interpreting and applying standards and legislation, whether you're working on policies or monitoring compliance or using standard tools and techniques to assess risks. You write a fair amount, such as when maintaining a risk register or drafting policies.

 

If your responsibilities extend beyond identifying and assessing risks to determining the most appropriate approaches to managing them, you will be creative in using your understanding of the organisation’s business and values, the scale of the risks and the effectiveness of the available risk control options.

Entry Level Program
£10,000.00 (ex VAT)

Learners will receive...

  • Digital Trust Professional® (DTP®) Foundation Certificate – 2-days Instructor led with Certificate of Completion

  • PECB Certified ISO 31000 Risk Manager – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Implementer – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Auditor – self-paced, eLearning with exam voucher

  • NIST Cybersecurity Professional® (NCSP®) Foundation Certificate – 2-days instructor led

 

  • NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate – 3-days instructor led

  • Cyber Incident Planning and Response (CIPR) Certificate – self-paced, eLearning with exam voucher

Practitioner Level Program
£15,000.00 (ex VAT)

Learners will receive...

  • Digital Trust Professional® (DTP®) Foundation Certificate – 2-days Instructor led with Certificate of Completion

  • PECB Certified ISO 31000 Risk Manager – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Implementer – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Auditor – self-paced, eLearning with exam voucher

  • NIST Cybersecurity Professional® (NCSP®) Foundation Certificate – 2-days instructor led

 

  • NIST Cybersecurity Professional® (NCSP®) 800-53 Practitioner Certificate – 3-days instructor led

  • Cyber Incident Planning and Response (CIPR) Certificate – self-paced, eLearning with exam voucher**

  • PECB Certified ISO/IEC 22301 Lead Implementer – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 22301 Lead Auditor – self-paced, eLearning with exam voucher

bottom of page