1. Home
  2. Training Library
  3. Module 3 - Governance and Risk

Introduction to governance and risk

Developed with
QA

The course is part of this learning path

Foundation Certificate in Cyber Security
course-steps 5 certification 21 description 1
play-arrow
Introduction to governance and risk
Overview
DifficultyBeginner
Duration1h 26m
Students4

Description

Course Description 

This course takes a deeper look at the governance and risk elements of cybersecurity. It starts with a focus on cyber and legal frameworks, then moves into information assurance. After this, it moves into risk management and treatment, followed by service assurance and standards. Finally the course ends with software security assurance and threat modelling.

 

Learning Objectives 

The objectives of this course are to provide you with and understanding of: 

  • Legislation, chain of custody, reporting and assurance within the context of a legal framework. Inc. overview of Data Protection Act (DPA 2018) and the EU General Data Protection Regulation (GDPR) 
  • The drivers for UK Information Assurance, initiatives and programmes, risk assessment vs risk management, risk components 
  • Business context and risk management approach, risk management lifecycle, who delivers risk management - where in the lifecycle, understanding the context, legal and regulatory. Risk Treatment - Identify the ways of treating risks, methods of gaining assurance, understanding the nature of residual risk, collecting evidence that supports decisions, risk management decisions 
  • Assurance perspective – including CPA, CAPS, FIPS, CE, Common Criteria, SPF. Summary of common industry standards. (Inc. OWASP, ISO27001, PCI-DSS) 
  • Principles for software security, (securing the weakest link, defence in depth, failing securely, least privilege, separation of privilege), IA design principles 
  • What is threat modelling, threat modelling processes 
  • Risk mitigation options 

 

Intended Audience 

This course is ideal for members of cybersecurity management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications. 

  

Prerequisites  

There are no specific pre-requisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous. 

 

Feedback 

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started. 

Transcript

Welcome to the governance and risk learning path. This learning path will guide your through the various cyber and legal frameworks that impact cyber security. You will also learn about information assurance, risk management and treatment, service assurance & standards, software security assurance and threat modelling. The learning path is made up of 6 videos, and each is supported by a quick quiz to help you check your understanding as you work through them. 

About the Author

Students134
Courses5
Learning paths1

Paul began his career in digital forensics in 2001, joining the Kent Police Computer Crime Unit. In his time with the unit, he dealt with investigations covering the full range of criminality, from fraud to murder, preparing hundreds of expert witness reports and presenting his evidence at Magistrates, Family and Crown Courts. During his time with Kent, Paul gained an MSc in Forensic Computing and CyberCrime Investigation from University College Dublin.

On leaving Kent Police, Paul worked in the private sector, carrying on his digital forensics work but also expanding into eDiscovery work. He also worked for a company that developed forensic software, carrying out Research and Development work as well as training other forensic practitioners in web-browser forensics. Prior to joining QA, Paul worked at the Bank of England as a forensic investigator. Whilst with the Bank, Paul was trained in malware analysis, ethical hacking and incident response, and earned qualifications as a Certified Malware Investigator, Certified Security Testing Associate - Ethical Hacker and GIAC Certified Incident Handler. To assist with the teams malware analysis work, Paul learnt how to program in VB.Net and created a number of utilities to assist with the de-obfuscation and decoding of malware code.

Covered Topics