Year-End Learning Carnival: Get Free Courses and Up to 50% off on Career Booster Combos!
D H M S
Get Placement Support & Resume Optimization
Rated the best Trustpilot 4.9/5 Read Reviews
Infosectrain Group Learner
Infosectrain Learner Point 700746+ Learners

Program Highlights

The CGRC: Certified in Governance, Risk, and Compliance (CGRC) Training Course, formerly recognized as the Certified Authorization Professional (CAP), offered by InfosecTrain, is designed to elevate your expertise in security and privacy governance, risk management, and regulatory compliance. This comprehensive updated program provides the tools and knowledge to effectively align security and privacy practices with organizational goals, empowering informed decision-making across critical areas such as data security, compliance management, and supply chain risk mitigation.

  • 40-Hour LIVE Instructor-led Training40-Hour LIVE Instructor-led Training
  • Career-oriented Skill-based CourseCareer-oriented Skill-based Course
  • Immersive LearningImmersive Learning
  • Highly Interactive and Dynamic SessionsHighly Interactive and Dynamic Sessions
  • Learn with Real-world ScenariosLearn with Real-world Scenarios
  • Industry Experts with 18+ Years of ExperienceIndustry Experts with 18+ Years of Experience
  • Career Guidance and MentorshipCareer Guidance and Mentorship
  • Extended Post Training SupportExtended Post Training Support
  • Access Recorded SessionsAccess Recorded Sessions

Learning Schedule

  • upcoming classes
  • corporate training
  • 1 on 1 training
Upcoming classes
10 Feb - 10 Mar Online Weekday 20:30 - 22:30 IST BATCH OPEN
corporate training

Why Choose Our Corporate Training Solution

  • Upskill your team on the latest tech
  • Highly customized solutions
  • Free Training Needs Analysis
  • Skill-specific training delivery
  • Secure your organizations inside-out

Seeking Corporate Training?

Discover Tailored Solutions for your unique needs. Request a Quote Today!

1-on-1 training

Why Choose 1-on-1 Training

  • Get personalized attention
  • Customized content
  • Learn at your dedicated hour
  • Instant clarification of doubt
  • Guaranteed to run

Desire Personalized Attention?

Request for exclusive batches that are tailored just for you, with flexible schedules.
Ask for 1-on-1 Training Now!

Can't Find a Suitable Schedule? Talk to Our Training Advisor

Offer|InfosecTrain
About Course

InfosecTrain’s CGRC: Certified in Governance, Risk, and Compliance Training Course is a comprehensive program designed to enhance your expertise in aligning security and privacy with organizational goals through effective governance, risk management, and compliance practices. The updated course content delves into critical areas, including defining system boundaries, selecting appropriate frameworks and controls, implementing security and privacy measures, auditing and assessing their effectiveness, and ensuring ongoing compliance.

This course equips participants with practical skills and theoretical knowledge to address real-world challenges in governance, risk management, and regulatory compliance. By mastering these principles, you’ll be empowered to make informed decisions, safeguard sensitive data, and establish a robust compliance framework within your organization, making this training a key milestone in your professional journey.

CGRC Exam Domains

Old CGRC Domains New CGRC Domains
Domain 1: Information Security Risk Management Program (16%) Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program (16%)
Domain 2: Scope of the Information System (11%) Domain 2: Scope of the System (10%)
Domain 3: Selection and Approval of Security and Privacy Controls (15%) Domain 3: Selection and Approval of Framework, Security, and Privacy Controls (14%)
Domain 4: Implementation of Security and Privacy Controls (16%) Domain 4: Implementation of Security and Privacy Controls (17%)
Domain 5: Assessment/Audit of Security and Privacy Controls (16%) Domain 5: Assessment/Audit of Security and Privacy Controls (16%)
Domain 6: Authorization/Approval of Information Systems (10%) Domain 6: System Compliance (14%)
Domain 7: Continuous Monitoring (16%) Domain 7: Compliance Maintenance (13%)
Course Curriculum
  • Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program (16%)
    • 1.1 – Demonstrate knowledge in security and privacy governance, risk management, and compliance program
      • Principles of governance, risk management, and compliance
      • Risk management and compliance frameworks using national and international standards and guidelines for security and privacy requirements (e.g., National Institute of Standards and Technology (NIST), cybersecurity framework, Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC))
      • System Development Life Cycle (SDLC) (e.g., requirements gathering, design, development, testing, and operations/maintenance/disposal)
      • Information lifecycle for each data type processed, stored, or transmitted (e.g., retaining, disposal/destruction, data flow, marking)
      • Confidentiality, integrity, availability, non-repudiation, and privacy concepts
      • System assets and boundary descriptions
      • Security and privacy controls and requirements
      • Roles and responsibilities for compliance activities and associated frameworks
    • 1.2 – Demonstrate knowledge in security and privacy governance, risk management, and compliance program processes
      • Establishment of compliance program for the applicable framework 1.3 – Understand regulatory and legal requirements
    • 1.3 – Demonstrate knowledge of compliance frameworks, regulations, privacy, and security requirements
      • Familiarity with compliance frameworks (e.g., International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), Federal Risk and Authorization Management Program (FedRAMP), Payment Card Industry Data Security Standard (PCI-DSS), Cybersecurity Maturity Model Certification)
      • Familiarity with other national and international laws and requirements for security and privacy (e.g., Federal Information Security Modernization Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), executive orders, General Data Protection Regulation (GDPR))
  • Domain 2: Scope of the System (10%)
    • 2.1 – Describe the system
      • System name and scope documented
      • System purpose and functionality
    • 2.2 – Determine security compliance required
      • Information types processed, stored, or transmitted
      • Security objectives outlined for each information type based on national and international security and privacy compliance requirements (e.g., Federal Information Processing Standards (FIPS), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), data protection impact assessment)
      • Risk impact level determined for system based on the selected framework
  • Domain 3: Selection and Approval of Framework, Security, and Privacy Controls (14%)
    • 3.1 – Identify and document baseline and inherited controls
    • 3.2 – Select and tailor controls
      • Determination of applicable baseline and/or inherited controls
      • Determination of appropriate control enhancements (e.g., security practices, overlays, mitigating controls)
      • Specific data handling/marking requirements identified
      • Control selection documentation
      • Continued compliance strategy (e.g., continuous monitoring, vulnerability management)
      • Control allocation and stakeholder agreement
  • Domain 4: Implementation of Security and Privacy Controls (17%)
    • 4.1 – Develop implementation strategy (e.g., resourcing, funding, timeline, effectiveness)
      • Control implementation aligned with organizational expectations, national or international requirements, and compliance for security and privacy controls
      • Identification of control types (e.g., management, technical, common, operational control)
      • Frequency established for compliance documentation reviews and training
    • 4.2 – Implement selected controls
      • Control implementation consistent with compliance requirements
      • Compensating or alternate security controls implemented
    • 4.3 – Document control implementation
      • Residual security risk or planned implementations documented (e.g., Plan of Action and Milestones (POA&M), risk register)
      • Implemented controls documented consistent with the organization’s purpose, scope, and risk profile (e.g., policies, procedures, plans)
  • Domain 5: Assessment/Audit of Security and Privacy Controls (16%)
    • 5.1 – Prepare for assessment/audit
      • Stakeholder roles and responsibilities established
      • Objectives, scope, resources, schedule, deliverables, and logistics outlined
      • Assets, methods, and level of effort scoped
      • Evidence for demonstration of compliance audited (e.g., previous assessments/audits, system documentation, policies)
      • Assessment/audit plan finalized
    • 5.2 – Conduct assessment/audit
      • Compliance capabilities verified using appropriate assessment methods: interview, examine, test (e.g., penetration, control, vulnerability scanning)
      • Evidence verified and validated
    • 5.3 – Prepare the initial assessment/audit report
      • Risks identified during the assessment/audit provided
      • Risk mitigation summaries outlined
      • Preliminary findings recorded
    • 5.4 – Review initial assessment/audit report and plan risk response actions
      • Risk response assigned (e.g., avoid, accept, share, mitigate, transfer) based on identified vulnerabilities or deficiencies
      • Risk response collaborated with stakeholders
      • Non-compliant findings with newly applied corrective actions reassessed and validated
    • 5.5 – Develop final assessment/audit report
      • Final compliance documented (e.g., compliant, non-compliant, not applicable)
      • Recommendations documented when appropriate
      • Assessment report finalized
    • 5.6 – Develop risk response plan
      • Residual risks and deficiencies identified
      • Risk prioritized
      • Required resources identified (e.g., financial, personnel, and technical) to determine time required to mitigate risk
  • Domain 6: System Compliance (14%)
    • 6.1 – Review and submit security/privacy documents
      • Security and privacy documentation required to support a compliance decision by the appropriate party (e.g., authorizing official, third-party assessment organizations, agency) compiled, reviewed, and submitted
    • 6.2 – Determine system risk posture
      • System risk acceptance criteria
      • Residual risk determination
      • Stakeholder concurrence for risk treatment options
      • Residual risks defined in formal documentation
    • 6.3 – Document system compliance
      • Formal notification of compliance decision
      • Formal notification shared with stakeholders
  • Domain 7: Compliance Maintenance (13%)
    • 7.1 – Perform system change management
      • Changes weigh the impact to organizational risk, operations, and/or compliance requirements (e.g., revisions to baselines)
      • Proposed changes documented and approved by authorized personnel (e.g., Change Control Board (CCB), technical review board)
      • Deploy to the environment (e.g., test, development, production) with rollback plan
      • Changes to the system tracked and compliance enforced
    • 7.2 – Perform ongoing compliance activities based on requirements
      • Frequency established for ongoing compliance activities review with stakeholders
      • System and assets monitored (e.g., physical and logical assets, personnel, change control)
      • Incident response and contingency activities performed
      • Security updates performed and risks remediated/tracked
      • Evidence collected, testing performed, documentation updated (e.g., service level agreements, third party contracts, policies, procedures), and submission/communication to stakeholders when applicable
      • Awareness and training performed, documented, and retained (e.g., contingency, incident response, annual security, and privacy)
      • Revising monitoring strategies based on updates to legal, regulatory, supplier, security and privacy requirements
    • 7.3 – Engage in audit activities based on compliance requirements
      • Required testing and vulnerability scanning performed
      • Personnel interviews conducted
      • Documentation reviewed and updated
    • 7.4 – Decommission system when applicable
      • Requirements for system decommissioning reviewed with stakeholders
      • System removed from operations and decommissioned
      • Documentation of the decommissioned system retained and shared with stakeholders

Target Audience
  • Cybersecurity Auditors
  • Cybersecurity Compliance Officers
  • GRC Architects
  • GRC Managers
  • Cybersecurity Risk and Compliance Project Managers
  • Cybersecurity Risk and Controls Analysts
  • Cybersecurity Third-Party Risk Managers
  • Enterprise Risk Managers
  • GRC Analysts
  • GRC Directors
  • Information Assurance Managers
Pre-requisites
  • Minimum Requirement: Two years of full-time experience in one or more domains of the CGRC exam outline.
  • Alternative Experience: Part-time work and internships can contribute to the experience requirement.
  • Associate Path: Without the required experience, pass the CGRC exam to become an Associate of (ISC)².
  • Timeframe for Associates: Associates must gain two years of experience within three years.

Note:

  • CGRC® is a registered mark of The International Information Systems Security Certification Consortium (ISC)².
  • We are not an authorized training partner of (ISC)².
Exam Details

Exam Format Multiple-choice
Number of Questions 125
Exam Duration 180 minutes
Passing Score 700 out of 1000
Exam Language English
Testing center Pearson VUE Testing Center
Course Objectives

You will be able to:

  • Grasp the principles of security and privacy governance, risk management, and compliance to align organizational objectives with regulatory standards.
  • Identify and establish clear system boundaries and objectives to meet organizational and regulatory requirements.
  • Analyze, select, and gain approval for appropriate security and privacy frameworks and controls tailored to mitigate organizational risks.
  • Apply practical skills to implement and integrate effective security and privacy controls within organizational operations.
  • Develop the expertise to evaluate and audit the effectiveness of implemented security and privacy controls to ensure compliance and operational integrity.
Still unsure?
We're just a click away
For
loader-infosectrain

Can't wait? Get in touch now

Toll Free Numbers

How We Help You Succeed

Vision

Vision

Goal

Goal

Skill-Building

Skill-Building

Mentoring

Mentoring

Direction

Direction

Support

Support

Success

Success

Career Transformation

Career Transformation

1.8 Million

Projected increase in roles related to Governance, Risk, and Compliance (GRC)

Up to 55%

Risk Mitigation in organizations implementing GRC frameworks

To tackle the skills shortage
72%

Organizations plan to hire professionals skilled in GRC to enhance their risk management and compliance strategies.

68%

Organizations committed to training existing staff on GRC principles and practices to strengthen their governance and risk management capabilities.

Demand across industries
Technology

Technology

Healthcare

Healthcare

Retail

Retail

Government

Government

Manufacturing

Manufacturing

Finance

Finance

Career Transformation
Career Transformation

Your Trusted Instructors

Words Have Power

Success Speaks Volumes

Success Story

Get a Sample Certificate

Sample Certificate

Frequently Asked Questions

What is the CGRC certification, and how is it different from CAP?

CGRC (Certified in Governance, Risk, and Compliance) is the updated version of the Certified Authorization Professional (CAP). It focuses on security and privacy governance, risk management, and compliance practices, aligning with modern organizational needs.

Who is the targeted audience for the CGRC certification?

The targeted audience for the CGRC certification includes:

  • Cybersecurity Auditor
  • Cybersecurity Compliance Officer
  • GRC Architect
  • GRC Manager
  • Cybersecurity Risk & Compliance Project Manager
  • Cybersecurity Risk & Controls Analyst
  • Cybersecurity Third-party Risk Manager
  • Enterprise Risk Manager
  • GRC Analyst
  • GRC Director
  • Information Assurance Manager

What are the prerequisites for enrolling in the CGRC training course?

The prerequisites for enrolling in the CGRC training course are:

  • Minimum Requirement: Two years of full-time experience in one or more domains of the CGRC exam outline.
  • Alternative Experience: Part-time work and internships can contribute to the experience requirement.
  • Associate Path: Without the required experience, pass the CGRC exam to become an Associate of ISC2.
  • Timeframe for Associates: Associates must gain two years of experience within three years.

What are the domains covered in the latest CGRC course?

The latest course includes the following domains:

  • Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program (16%)
  • Domain 2: Scope of the System (10%)
  • Domain 3: Selection and Approval of Framework, Security, and Privacy Controls (14%)
  • Domain 4: Implementation of Security and Privacy Controls (17%)
  • Domain 5: Assessment/Audit of Security and Privacy Controls (16%)
  • Domain 6: System Compliance (14%)
  • Domain 7: Compliance Maintenance (13%)

Is the CGRC certification program accredited or recognized by industry associations or organizations?

The CGRC certification program is recognized and follows standards like ANAB and ISO/IEC 17024.

Are there any exams or assessments associated with the CGRC certification program?

The CGRC exam is a 180-minutes test with 125 multiple-choice questions. The passing score is 700 out of 1000 points, and the exam is conducted in English at Pearson VUE Testing Centers.

What is the pass score for the CGRC certification exam?

The passing score is 700 out of 1000 points.

Can I access course materials and resources after completing the CGRC certification program?

Yes, you can access course materials and resources after completing the CGRC certification training.

Is there a renewal or recertification process for the CGRC certification, and how often is it required?

The CGRC certification is valid for three years. Holders must comply with Continuing Professional Education (CPE) policies and pay a yearly maintenance fee. The renewal process involves satisfying the CAP CPE requirement and paying the annual maintenance fee (AMF), which is $125 for members and $50 for associates.

How can I contact the course administrators or instructors for further questions or assistance?

For further questions or assistance regarding the CGRC certification program, you can contact the service and support team of InfosecTrain. ​

TOP
whatsapp