Compliance in Depth
- Codice corso: SEC_Compliance
- Durata corso: 3gg
INTRODUCTION
This course gives you the background needed to understand the key cybersecurity compliance and industry standards. Students are introduced to the field of cyber security with a focus on the domain of security compliance, governance & risk management. Topics include the fundamental concepts and goals of cybersecurity (the CIA triad), security compliance and governance design, relevant laws and regulations, and the roles of policies, strategies, and procedures in cybersecurity governance.
LEARNING OBJECTIVES
Explain how the fundamental goals of cybersecurity, as outlined by the CIA triad, apply to novel security threats;
- Define cyber security compliance and governance and their roles in the overall map of cybersecurity
- Apply best practices of security governance design including strategic alignment and management
- Discuss the structure and use of the NIST CSF
- Explain the role of ISO and the IEC in establishing international standards for Cybersecurity
- Explain the NIST and ISO Approach to Risk Management
- Describe the Payment Card Industry Data Security Standard (PCI DSS)
- Design governance strategies centered around the "main thing" a business does
REQUIREMENTS
Information Security, Cyber Security Governance & Risk Management, Cybersecurity Roles and Technologies.
CONTENTS
Students are introduced to the field of cyber security with a focus on the domain of security compliance, governance & risk management. Topics include the fundamental concepts and goals of cybersecurity (the CIA triad), security compliance and governance design, relevant laws and regulations, and the roles of policies, strategies, and procedures in cybersecurity governance.
Module 1: Compliance Basics
Cybersecurity fundamentals
Information security Terms and Concepts
Compliance and regulation for Cybersecurity
Standards overview
Module 2: NIST CSF
CSF Components
NIST Risk Management Framework
Module 3: NIST CSF
CSF Core Functions
CSF Categories
CSF 7-Step process
Module 4: ISMS family of standards
ISO 27001 – main classes
ISO 31000 standard
ISO 27005 standard
Module 5: PCI DSS
Overview of PCI Requirements
Security Controls and Processes for PCI DSS Requirements
How to comply with PCI DSS
How to design an integrated compliance & governance framework