IBM: Cybersecurity Compliance and Framework

• Define fundamental concepts of cybersecurity, including governance, risk management, compliance, AI ethics, and the audit process.
• Identify cybersecurity laws and regulations, both at a national and international level, and comprehend their implications for organizations.
• Explore industry standards and their significance in cybersecurity practices and gain insights into the COBIT framework and SOC reports.
• Apply cybersecurity industry standards and best practices to mitigate risks, enhance security, and ensure compliance through audit processes.

Module 1: Introduction to Information Security and Compliance

• Module Introduction and Learning Objectives
• Video: Governance, Risk, and Compliance (GRC)
• Video: Governance Components
• Reading: GRC Tools
• (Lab) Match Activity: Applying GRC Concepts
• Video: NIST Cybersecurity Framework
• Reading: Aligning to the NIST Cybersecurity Framework
• Activity: Align to the NIST Cybersecurity Framework
• Video: Elements of Effective Security Compliance
• Video: Standardize Processes
• Video: Automation and Orchestration
• Video: Change Management
• Reading: Asset Management
• Module 1 Summary: Introduction to Information Security and Compliance
• Module 1 Glossary: Introduction to Information Security and Compliance
• Module 1 Graded Quiz: Introduction to Information Security and Compliance
• Discussion Prompt: (Optional) CSF Implementation

Module 2: Foundations of IT Service Management and Risk Governance

• Module Introduction and Learning Objectives
• Video: Information Technology Infrastructure Library (ITIL) Overview
• Video: Key ITIL Processes
• Activity: Identify the ITIL Phases
• Reading: ITIL Process Implementation
• Video: Risk Management
• Reading: Risk Analysis
• (Lab) Matching: Accept, Transfer, Avoid, or Mitigate?
• Video: Third-Party Risk Assessment and Management
• Video: AI Ethics
• Reading: EU AI Act
• Video: How to Implement AI Ethics
• Activity: Apply AI Ethics
• Module 2 Summary: Foundations of IT Service Management and Risk Governance
• Module 2 Glossary: Foundations of IT Service Management and Risk Governance
• Module 2 Graded Quiz: Foundations of IT Service Management and Risk Governance
• Discussion Prompt:(Optional) Foundations of IT Service Management and Risk Governance

Module 3: Understanding Cybersecurity Laws and Regulations

• Module Introduction and Learning Objectives
• Video: Overview of US Cybersecurity Laws and Regulations
• Video: HIPAA Security Rule
• Reading: HIPAA Cybersecurity Guidance
• Activity: Apply HIPAA Guidelines
• Reading: US Laws and Regulations Cheat Sheet
• Video: Overview of Global Cybersecurity Laws and Regulations
• Reading: Applying Global Cybersecurity Laws and Regulations
• Activity: Apply global cybersecurity laws and regulations
• Reading: Global Cybersecurity Laws and Regulations Cheat Sheet
• Module 3 Summary: Understanding Cybersecurity Laws and Regulations
• Module 3 Glossary: Understanding Cybersecurity Laws and Regulations
• Module 3 Graded Quiz: Understanding Cybersecurity Laws and Regulations
• Discussion Prompt: (Optional) Cybersecurity Laws

Module 4: Understanding Cybersecurity Standards and Audits

• Module Introduction and Learning Objectives
• Video: Industry Standards
• Reading: OWASP Use Cases
• Activity: Apply OWASP Standards
• Video: NIST, ISO, and IEEE Overview
• Reading: NIST Standards
• Reading: ISO Standards
• Reading: IEEE Standards
• Video: Security Control Audits
• Video: Performing a Security Audit
• Video: ISACA Standards
• Reading: COBIT
• Video: SOC Reports
• Module 4 Summary: Understanding Cybersecurity Standards and Audits
• Module 4 Glossary: Understanding Cybersecurity Standards and Audits
• Module 4 Graded Quiz: Understanding Cybersecurity Standards and Audits
• Discussion Prompt: (Optional) Conducting Security Audits
• Module Introduction and Learning Objectives
• Final Project Overview
• Final Project Scenarios
• Final Project

Module 5: Course summary

• Congratulations & Next Steps
• Thanks from the Course Team