Security Frameworks

Master industry-standard compliance and governance frameworks including ISO 27001, SOC 2, and NIST guidelines. Learn to implement and audit security controls effectively.

Enroll Now
Security Frameworks
Back to Security Courses

Security Frameworks Curriculum

  • Introduction to GRC: Aligning Information Security with Business Goals
  • Security Governance: Roles of Board, CISO, Security Team & Auditors
  • Developing Security Policies: Acceptable Use, Incident Response & Data Classification
  • Security Standards vs Procedures vs Guidelines: Understanding the Hierarchy
  • The Role of Frameworks: Why Organizations Adopt Security Standards
  • Legal & Regulatory Landscape: International & Domestic Requirements
  • Building a Security Program from Scratch: Roadmap & Milestones
  • Project: Creating a Security Policy Framework for a Mid-size Organization
  • ISMS Overview: What is an Information Security Management System
  • ISO 27001 Structure: Clauses 4-10 & Their Requirements
  • Annex A Controls: Organizational, People, Physical & Technological Controls
  • Statement of Applicability (SoA): Documenting Control Selection & Justification
  • Risk Assessment Process: Asset Identification, Threat Analysis & Risk Evaluation
  • Certification Journey: Stage 1 & Stage 2 Audits Explained
  • Transitioning to ISO 27001:2022: Key Changes & New Control Categories
  • Project: Building an ISMS Documentation Package with SoA & Risk Register
  • NIST CSF Core: Identify, Protect, Detect, Respond & Recover Functions
  • CSF Categories & Subcategories: Detailed Control Mapping
  • Implementation Tiers: Measuring Organizational Maturity (Partial → Adaptive)
  • Framework Profiles: Current State vs Target State Gap Analysis
  • NIST SP 800-53: Security & Privacy Controls Catalog
  • NIST Risk Management Framework (RMF): 7-step Process
  • Integrating NIST CSF with Other Frameworks (ISO 27001, CIS Controls)
  • Project: Conducting a NIST CSF Gap Assessment for a Sample Organization
  • Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity & Privacy
  • SOC 2 Type I vs Type II: Point-in-time vs Period-of-time Reporting
  • Designing Controls That Map to AICPA Trust Criteria
  • Evidence Collection: Building an Audit-ready Evidence Repository
  • SOC 2 Gap Analysis: Identifying & Remediating Deficiencies
  • Third-party Risk Management: How SOC Reports Influence Vendor Selection
  • SOC 2 Automation Tools: Vanta, Drata & Secureframe
  • Project: Preparing a SOC 2 Type II Readiness Assessment with Control Mapping
  • GDPR Core Principles: Lawfulness, Purpose Limitation, Data Minimization & Transparency
  • Data Subject Rights: Access, Rectification, Erasure (Right to be Forgotten) & Portability
  • Data Protection Impact Assessments (DPIA): When & How to Conduct Them
  • International Data Transfers: SCCs, Adequacy Decisions & Binding Corporate Rules
  • CCPA/CPRA: California Consumer Privacy Act Requirements & Comparison with GDPR
  • Privacy by Design & Default: Embedding Privacy into System Architecture
  • Global Privacy Landscape: LGPD (Brazil), POPIA (South Africa) & India's DPDP Act
  • Project: Conducting a DPIA for a Customer Data Processing Application
  • Quantitative vs Qualitative Risk Assessment: Choosing the Right Approach
  • NIST SP 800-30: Guide for Conducting Risk Assessments
  • ISO 31000: International Standard for Risk Management
  • Building a Risk Register: Asset Inventory, Threats, Vulnerabilities & Risk Scores
  • Risk Treatment: Accept, Avoid, Transfer (Insurance) & Mitigate
  • Risk Appetite & Tolerance: Setting Organizational Risk Thresholds
  • Communicating Risk to Executives: Heatmaps, Dashboards & Financial Metrics
  • Project: Building a Risk Register & Risk Treatment Plan for a Cloud Infrastructure
  • PCI-DSS v4.0: 12 Requirements for Securing Payment Card Data
  • PCI Compliance Levels: SAQs vs Report on Compliance (ROC)
  • HIPAA Security Rule: Safeguarding Electronic Protected Health Information (ePHI)
  • HIPAA Privacy Rule: Patient Rights & Covered Entity Obligations
  • Cloud Security: Shared Responsibility Model for AWS, Azure & GCP
  • CIS Controls: 18 Critical Security Controls for Cyber Defense
  • Cross-framework Mapping: Aligning PCI-DSS, HIPAA & ISO 27001 Controls
  • Project: Creating a Cross-framework Compliance Matrix for a Healthcare Organization
  • Internal Audit Program Design: Scope, Methodology & Testing Procedures
  • Continuous Compliance Monitoring: GRC Platforms (Archer, ServiceNow, OneTrust)
  • Third-party Risk Management (TPRM): Vendor Security Assessments & Questionnaires
  • Automated Evidence Collection: Using APIs & Scripts for Audit Readiness
  • Audit Report Writing: Findings, Risk Ratings & Remediation Recommendations
  • Managing Audit Findings: Remediation Tracking & Closure Verification
  • Building a Compliance Calendar: Scheduling Audits, Reviews & Renewals
  • Project: Building a Multi-framework Compliance Roadmap for a Global Enterprise