GRC Intermediate CH-GC-201

Cybersecurity Compliance: ISO 27001 & NIST

Master cybersecurity with industry-leading curriculum, hands-on labs, and expert instruction. Complete this course to earn your certification and advance your security career.

JO

James O'Brien

Compliance & Risk Director

★★★★★ 4.7 (678 reviews)
2,156 students enrolled
$399

One-time payment · Lifetime access

ENROLL NOW START FREE TRIAL
35 hours of content
9 Modules · 48 Lessons
4 Hands-on Labs
Certificate Included
Lifetime Updates

Course Overview

This course equips you with the knowledge and skills to implement and manage leading cybersecurity policy frameworks. You will master ISO 27001, NIST CSF, and GDPR compliance, conduct risk assessments, and lead security audits.

Through 4 hands-on labs, you will build a complete Information Security Management System (ISMS), map controls to the NIST CSF, and conduct a mock compliance audit. This course prepares you for ISO 27001 Lead Implementer and NIST-related certifications.

What You’ll Learn

Implement ISO 27001 ISMS from scratch
Map controls to the NIST Cybersecurity Framework
Conduct information security risk assessments
Prepare organizations for compliance audits
Manage GDPR data protection requirements
Develop governance, risk, and compliance programs

Prerequisites

  • Understanding of basic security concepts
  • 1+ years in IT or security role
  • Management or audit experience (helpful)

Target Audience

Compliance Officers Risk Managers Security Auditors CISOs & Security Leaders GRC Consultants

Course Curriculum

9 Modules · 48 Lessons · 35 hours · 4 Hands-on Labs

  • Why Compliance Matters
  • Major Frameworks Overview: ISO 27001, NIST, COBIT
  • Governance, Risk, Compliance (GRC)
  • Regulatory Landscape
  • Lab: Mapping Your Organization to Frameworks
  • ISO 27001 Clauses & Annex A Controls
  • Scoping the ISMS
  • Risk Assessment & Treatment
  • Policies, Procedures & Documentation
  • Internal Audit & Management Review
  • Lab: Building an ISMS
  • NIST CSF Core Functions
  • Implementing Identify, Protect, Detect
  • Implementing Respond, Recover
  • NIST Maturity Assessment
  • Lab: NIST CSF Gap Analysis
  • Risk Assessment Methodologies
  • Qualitative vs Quantitative Risk
  • Risk Register & Treatment Plans
  • Third-Party Risk Management
  • Lab: Enterprise Risk Assessment
  • GDPR Principles & Rights
  • Data Protection Impact Assessments (DPIA)
  • Cross-Border Data Transfers
  • Breach Notification Requirements
  • Lab: Conducting a DPIA
  • Internal vs External Audits
  • Audit Planning & Checklists
  • Evidence Collection & Interviews
  • Audit Reporting & Remediation
  • Lab: Mock Compliance Audit
  • Security Policy Hierarchy
  • Acceptable Use & Access Control Policies
  • Incident Response Policies
  • Vendor & Supply Chain Security
  • Lab: Policy & Governance Workshop
  • Cloud Shared Compliance Responsibility
  • SOC 2 & CSA STAR
  • Vendor Due Diligence
  • Lab: Cloud Compliance Assessment
09

Capstone Project

Full compliance program · 4 hours

Capstone
JO

James O'Brien

Compliance & Risk Director

Industry expert with extensive experience in GRC. Taught thousands of students and helped professionals advance their cybersecurity careers through practical, hands-on training approaches.

GRC Specialist Hands-on Labs Certification Prep

Industry Expert · 2,156+ students taught

4.7
★★★★★

678 reviews

5
85%
4
10%
3
3%
2
1%
1
1%
★★★★★2 weeks ago

"Excellent course! The hands-on labs and real-world scenarios provided practical skills I could immediately apply. Highly recommend for intermediate level professionals."

— Verified Learner

★★★★★1 month ago

"Outstanding content and structure. The GRC modules are comprehensive and well-explained. Great investment for career advancement."

— Security Professional

★★★★★2 months ago

"Great course that covers 35 hours of material effectively. The practical labs reinforce the concepts well. Would recommend to anyone in cybersecurity."

— Industry Practitioner

Related Courses