Unit 1: Governance, Risk & Compliance
- Definition, Scope, and Objectives – IT Governance
- Metrics & Framework – BASEL – OECD
Unit 2: Best Practices for IT Governance
- ITIL
- ISO/IEC 27001
- Control Objectives of Information and Related Technology (COBIT)
- The Information Security Management Maturity Model
- Capability Maturity Model
- Any other latest standards and compliance technologies
Unit 3: Information Security Governance
- Effective Information Security Governance
- Importance of Information Security Governance
- Outcomes of Information Security Governance
- Strategic alignment
- Value Management
- Risk Management
- Performance Measurement
- Information System Strategy
- Strategic Planning
- Steering Committee
- Policies and Procedures
Unit 4: Information Security Management Practices
- Personnel Management
- Financial Management
- Quality Management
- Information Security Management
- Performance Optimization
- Roles and Responsibilities
- Auditing IT Governance Structure
- Evaluation Criteria & Benchmark
- Assessment Tools
- Case Study Analysis
- Risk Management Process
- Developing a Risk Management Program
- Risk Analysis Methods – Qualitative, Semi-Quantitative, Quantitative
- Risk Management Framework – COSO
- The Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information & Communication
- Monitoring – NIST
- Risk Assessment
- Risk Mitigation
- Evaluation & Assessment
- Case Study Analysis
Unit 5: Compliance – Introduction
- Information Technology and Security
- Evolution of Information Systems
- Roles and Responsibilities
- Audit, Assessment, and Review
- The Role of the Compliance Officer
- The Duties and Responsibilities of the Compliance Officer and the Function of Compliance
- Compliance Officer Activities
- The Requirements of a Compliance Officer
- Drafting Compliance Reports
- Designing an Internal Compliance System
- Regulatory Principles – Issues
- Developing High-Level Compliance Policies
- Defining Responsibility for Compliance
- The Compliance Function
- Specific Internal Compliance Control Issues – Information System Audit
- Scope of System Audit
- Audit Planning
- Audit Manual
- Audit Checklists
- Audit Reports
- Best Practices for IT Compliance and Regulatory Requirements
- IT Compliance Requirements under Clause 49 of SEBI Listing Agreement
- IT Compliance Requirements under Sarbanes Oxley Act of USA
- Control Objectives in Information Technology of ISACA
