Introduction to IT Governance, Risk, and Compliance

Course Description

As organizations become increasingly globalized and as legal environments quickly evolve, the importance of governance, risk management, and compliance continues to gain in importance. Regulatory compliance forces organizations to better manage their data as noncompliance can lead to penalties, fines, and worse. With the proper governance and risk management structures in place, an organization can better manage data and risk to improve business outcomes while adhering to regulations. This course is designed for IT professionals and other adult learners who are interested in furthering their knowledge of governance, risk management, and compliance as these relate to information technology.

Learning Outcomes

After completing this course, the learner should be able to:

• Explain the importance of information security governance, risk, and compliance (GRC)
• Differentiate between security program development and enterprise security frameworks
• Identify key themes in ethics and information security law
• Describe the importance of security awareness, training, and education
• Describe how an IS risk management program contributes to business success
• Conduct risk analysis and perform risk calculations
• Describe common IT risk controls
• Define the role of audits, reports, and log reviews and how these are used to maintain compliance
• Explain how business impact analysis and business continuity planning apply to risk
• List and describe the elements that comprise a compliance plan