Governance, Risk, and Compliance

Course

Cybersecurity

Subjects

Career & Technical Education

Cybersecurity

Grade Levels

Duration (hours)

Already have a Canvas account? Log In

Overview

In this unit, students will implement and summarize risk management best practices

Standards

CompTIA Security+ (SYO-601) Objectives 5.1 – 5.5

Cyber Connections

Threats and Vulnerabilities

Hardware and Software

Cyber Hygiene

Digital Citizenship

Networks and Internet

Lessons

5.1 - Compare and contrast various types of controls

5.2 - Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture

Regulations, standards, and legislation
- General Data Protection Regulation (GDPR)
- National, territory, or state laws
- Payment Card Industry Data Security Standard (PCI DSS)
Key frameworks
- Center for Internet Security (CIS)
- National Institute of Standards and Technology (NIST) RMF/CSF
- International Organization for Standardization (ISO) 27001/27002/27701/31000
- SSAE SOC 2 Type I/II
- Cloud security alliance
- Cloud control matrix
- Reference architecture
Benchmarks /secure configuration guides
- Platform/vendor-specific guides
- Web server
- OS
- Application server
- Network infrastructure devices

5.3 – Explain the importance of policies to organizational security

5.4 – Summarize risk management processes and concepts

5.5 – Explain privacy and sensitive data concepts in relation to security

Organizational consequences of privacy breaches
- Reputation damage
- Identity theft
- Fines
- IP theft
Notifications of breaches
- Escalation
- Public notifications and disclosures
Data types
- Classifications
- Public
- Private
- Sensitive
- Confidential
- Critical
- Proprietary
- Personally identifiable information (PII)
- Health information
- Financial information
- Government data
- Customer data
Privacy enhancing technologies
- Data minimization
- Data masking
- Tokenization
- Anonymization
- Pseudo-anonymization
Roles and responsibilities
- Data owners
- Data controller
- Data processor
- Data custodian/steward
- Data protection officer (DPO)
Information life cycle
Impact assessment
Terms of agreement
Privacy notice