Agile and State-of-the-Art Compliance Training Transforming the Future of Compliance
SecuRetain’s compliance courses drive a culture of governance and compliance throughout the organization and demonstrate conformity for all required Compliances & Frameworks.
Meet regulatory compliance requirements and prove security control enforcement
Affordable compliance courses will educate employees to implement regulatory compliance requirements
Track progress and course completion for yourself or an entire enterprise with the SecuRetain Platform
Customize compliance courses to reflect your strategies, frameworks, guidelines, policies, and procedures
Use this platform to distribute your training content along with SecuRetain courses in your own private space
Corporations can save more than 15% by developing in-house skills to implement SOC, ISO, NIST, CSF, & more. The series of courses aim to enhance end to end knowledge.
Preview e-Learning Courses
Comprehensive Compliance Based e-Learning Courses
Beneficial for all organizations, irrespective of their size, industry, and geography. SecuRetain will help employees grow personally and professionally.
Learning Outcomes from Compliance Based e-Learning Courses
Transform your Cybersecurity talent pool with fundamental learning and with in-depth knowledge in PCI, FCPA, GDPR, HIPPA, HITRUST, ISO 27001, SSAE18 SOC, FFIEC, FedRAMP, NIST, and more.- Anti Money Laundering, PCI - Basics, Consequences, Penalties, Applicable Laws, Insider Trading
- GDPR – Global set of Rules and Regulations pertaining to Individual Privacy
- HIPAA & HITRUST - Introduction, Frameworks, Governance, Controls, Regulations, Penalties pertaining to Healthcare industry
- ISO 27001 - ISO 27000 compliance family, benefits of compliance, standard and certification, implementing ISMS and ISO 27001, ISMS mandatory processes, ISO 27001 Annex A controls Checklist
- FFIEC - FFIEC risk and maturity, maturity levels, how to interpret and analyze assessment results, application of principles, create rating summary, cybersecurity maturity level calculation, and maturity results based on the maturity input
- Fraud and Audit Management Series
- SOC - Learn to implement SOC by training on series of 7 courses - SOC 2 vs. SOC 1, compliance frameworks, the difference between a Type I and Type II audit, decide the type of SOC report the organization's needs, driving the audit scope, foundation of SOC 1®, SOC 2®, and SOC 3® Reports, SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cybersecurity. and SOC for Supply Chain Reports
- SOC, NIST, ITGC – Introduction, Frameworks, Governance, Controls, Criteria, Regulations, Consequences, Penalties, Ratings
- FCPA – Key concepts, Compliances, Implications, Enforcements, Penalties
- FedRAMP – Strategy and plan, certification process, program steps to become FedRAMP compliant, Independent Verification and Validation, certification authorities, governance, and stakeholders
SecuRetain’s Compliance e-Learning Courses
Browse all Compliance category courses available for you on our SecuRetain platform
To search all courses on our SecuRetain platform. Click here!
Anti Money Laundering Awareness
CO00103
Anti Money Laundering Awareness
Objective
Money laundering is any act or attempted act to conceal or disguise the source, ownership, or control of money or assets derived from criminal activity. The Bank Secrecy Act of 1970 (BSA) and many other laws internationally requires financial institutions to assist government agencies to detect and prevent money laundering. This awareness and professional development online course will provide an overview of the requirements imposed on those persons subject to the Anti-Money Laundering Law, including information relating to currency transaction reports, suspicious activity reports, and customer identification programs.
The course is intended to drive a culture of compliance from the top down and demonstrate to regulators and examiners their dedication to a standardized risk-based approach for protecting against money laundering threats and financial crime risks. The course is useful for organizations to satisfy mandatory training requirements within certain industries.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- What it is and how does it work?
- Why people and organizations launder money?
- How money laundering works: basic process
- Legal consequences for money laundering, including state and federal (U.S.) penalties
- Applicable laws and regulation
- Insider trading
Data Privacy and Privacy Regulations Part I
Objective
Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy awareness course provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.
The protection of US residents’ data is regulated by laws enacted on both the national and the state level. The examples of federal laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, e.g. example, California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Data Privacy and Privacy Regulations Part II
Objective
Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy courses provide all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.
The protection of US residents’ personal data is regulated by laws enacted on both the national and the state level. The examples of Federal Laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, for e.g., the California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
FedRAMP Fundamentals Part I
CO00801
FedRAMP Fundamentals Part I
Objective
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs). A CSP must have a FedRAMP Authority to Operate (ATO) to provide services to the federal as well as state agencies.
The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government. Since these assessments are also based on NIST SP 800-53 Rev 4, FedRAMP can be thought of as “FISMA for the cloud” as it inherits the NIST baseline of controls and is tailored for cloud computing initiatives.
The course is divided into three parts (Part I to Part III) and each covers the various aspect of the FedRAMP program. The users will learn about FedRAMP history, program governance, and administration, Office of Management and Budget (OMB) responsibilities, benefits of the program, how to implement information security controls (NIST SP 800-53) using a federal risk-based (NIST SP 800-37) approach, FedRAMP certification, steps to become FedRAMP compliant, FedRAMP standard operating procedure, initial review SOP/checklists, detailed review checklists, review and approve the procedure, an authorization process, FedRAMP Security Assessment Framework, NIST Special Publications Overview, Implementing NIST 800-53, NIST Special Publications Explained, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Understand FedRAMP
- Learn about the importance of FedRAMP
- Learn the FedRAMP Strategy and Plan
- Understand FedRAMP Preparations
- Understand cloud security opportunities and FedRAMP Benefits
- Study about FedRAMP certification process
- Learn the program steps to become FedRAMP compliant
- Study the Independent Verification and Validation Requirement
- Learn about certification authorities, governance and stakeholders
FedRAMP Fundamentals Part II
CO00802
FedRAMP Fundamentals Part II
Objective
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs). A CSP must have a FedRAMP Authority to Operate (ATO) to provide services to the federal as well as state agencies.
The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government. Since these assessments are also based on NIST SP 800-53 Rev 4, FedRAMP can be thought of as “FISMA for the cloud” as it inherits the NIST baseline of controls and is tailored for cloud computing initiatives.
The course is divided into three parts (Part I to Part III) and each covers the various aspect of the FedRAMP program. The users will learn about FedRAMP history, program governance, and administration, Office of Management and Budget (OMB) responsibilities, benefits of the program, how to implement information security controls (NIST SP 800-53) using a federal risk-based (NIST SP 800-37) approach, FedRAMP certification, steps to become FedRAMP compliant, FedRAMP standard operating procedure, initial review SOP/checklists, detailed review checklists, review and approve the procedure, an authorization process, FedRAMP Security Assessment Framework, NIST Special Publications Overview, Implementing NIST 800-53, NIST Special Publications Explained, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Overview of FedRAMP process
- Study about FedRAMP certification process
- Understand the FedRAMP from an agency’s perspective
- Understand the FedRAMP Standard Operating Procedures
- Learn about the initial review SOP/checklists
- Learn about the detailed review checklists
- Understand the review and approve procedure
- Understand the authorization process
FedRAMP Fundamentals Part III
CO00803
FedRAMP Fundamentals Part III
Objective
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs). A CSP must have a FedRAMP Authority to Operate (ATO) to provide services to the federal as well as state agencies.
The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government. Since these assessments are also based on NIST SP 800-53 Rev 4, FedRAMP can be thought of as “FISMA for the cloud” as it inherits the NIST baseline of controls and is tailored for cloud computing initiatives.
The course is divided into three parts (Part I to Part III) and each covers the various aspect of the FedRAMP program. The users will learn about FedRAMP history, program governance, and administration, Office of Management and Budget (OMB) responsibilities, benefits of the program, how to implement information security controls (NIST SP 800-53) using a federal risk-based (NIST SP 800-37) approach, FedRAMP certification, steps to become FedRAMP compliant, FedRAMP standard operating procedure, initial review SOP/checklists, detailed review checklists, review and approve the procedure, an authorization process, FedRAMP Security Assessment Framework, NIST Special Publications Overview, Implementing NIST 800-53, NIST Special Publications Explained, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Understand the FedRAMP
- Study the FedRAMP Security Assessment Framework
- Categorize
- Select
- Implement
- Assess
- Authorize
- Monitor
- Learn about NIST Special Publications history
- Understand NIST 800-53, 800-18, 800-30, 800-37, 800-70, 800-60
- Learn about implementing NIST 800-53 Special Publications
Foreign Corrupt Practices Act (FCPA) and UK Bribery Act 2010 Part II
Objective
The U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) in 1977 in response to findings that companies had been making hundreds of millions of dollars of questionable payments to foreign government officials, politicians, and political parties. The purposes of this act are to halt the bribery of foreign officials and restore public confidence in the integrity of the American business system. The head of the DOJ's Criminal Division recently described the agency's focus on FCPA enforcement and warned executives and employees of personal accountability for FCPA violations.
This FCPA training course explains the major principles of U.S. anti-corruption laws, persons subject to FCPA, implications, consequences, etc. This interactive FCPA training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, FCPA resources, and hallmarks of an effective compliance program.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Overview of the FCPA
- Study the implications of the FCPA
- Learn about the enforcement and penalties
- Study the U.S. Sentencing guidelines
- Understand the SEC and DOJ FCPA guidance
- Study the DOJ and SEC hallmarks of an effective compliance program
- Learn about the DOJ’s evaluation of compliance programs
- Learn about UK Bribery Act 2010
- Study the UK Bribery Act 2010 provisions
- Study the consequences of non-compliance with the Bribery Act 2020 – Case Study
Foreign Corrupt Practices Act Awareness (FCPA) Part I
Objective
The U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) in 1977 in response to findings that companies had been making hundreds of millions of dollars of questionable payments to foreign government officials, politicians, and political parties. The purposes of this act are to halt the bribery of foreign officials and restore public confidence in the integrity of the American business system.
The head of the DOJ's Criminal Division recently described the agency's focus on FCPA enforcement and warned executives and employees of personal accountability for FCPA violations. This FCPA training course explains the major principles of U.S. anti-corruption laws, persons subject to FCPA, implications, consequences, etc. The course is based on the FCPA Resource Guide released by the DOJ and SEC. This interactive FCPA training course will ensure employees at all levels understand their roles and responsibilities in protecting your company from the risk of bribery and corruption. The section ‘Consequences of Non-Compliance’ will educate employees on the ‘do’s and don’ts of FCPA’.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Foreign Corrupt Practices Act (FCPA) Global Perspective
- Overview of the FCPA and UK Bribery Act
- FCPA Key Concepts
- Anything of Value
- Foreign Officials
- Persons Subject to the FCPA
- Implications of the FCPA
- Consequences of Non-Compliance
- Enforcement and Penalties
- Effective Compliance Program & amp; Red Flags
- DOJ’s Evaluation of Compliance Programs
General Data Protection Regulation (GDPR) Part I
Objective
With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. EU law protects all personal data, regardless of who collects it or how it is processed.
EU data protection law provides data subjects with a wide range of rights that can be enforced against enterprises that process personal data. The course content in Part I is focused on understanding GDPR driving factors, PII data types, the concept of identifiable personal information, and GDPR basics. The study includes learning about GDPR principle, controller and processor definitions, roles and responsibilities and lawful basis of data processing.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Understand the GDPR driving factors
- Learn about different type of PII data
- Learn about identifiable personal information
- Understand GDPR basics
- Learn about the controllers and processor
- Study GDPR principles
- Understand the six lawful bases for processing
General Data Protection Regulation (GDPR) Part II
Objective
With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. The GDPR applies to ‘personal data’, which means any information relating to an identified or identifiable person. The information can help directly or indirectly identify a person.
The GDPR applies to the process carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU. The course content in Part II provides an understanding of the data subject rights, GDPR accountability and governance principles, and data protection officer role. It explains the very important concepts of privacy by design, code of conduct principle, and data protection impact assessment.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about data Subject Rights
- Learn about Accountability and Governance principle
- Understand Privacy by Design
- Learn about the Data Protection Officer Role
- Study the privacy Codes of Conduct principle
- Understand Data Protection Impact Assessments (DPIA)
General Data Protection Regulation (GDPR) Part III
Objective
With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
The course content in Part III answers the most important question in the implementation of GDPR: Where to start? How to implement GDPR security principal requirements? The course explains the Data Protection Officer roles and responsibilities, GDPR security principal requirements, exemptions rules, data breach communication rules, penalties for violation of GDPR requirements, use of data for law enforcement purposes, protection of children data, and 10 step compliance checklist.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about the Data Protection Officer’s (DPO) – Appointing DPO, DPO responsibilities, etc.
- Learn how to implement GDPR security principal requirements
- Understand rules related to international transfers
- Learn about exemptions rules
- Learn about GDPR data breach communication requirements
- Understand the penalties for violation of GDPR requirements
- Study the principles applicable to use of data for law enforcement purposes
- Learn how to protect children data and GDPR requirements
- Study the GDPR 10 step compliance checklist
General Data Protection Regulation (GDPR) Part IV
Objective
With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. The GDPR applies to the process carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
The course content in Part IV walks you through the GDPR articles, ten steps compliance checklist, GDPR implementation approach, project planning, and key GDPR concepts such as data mapping, readiness assessment, gap assessment, data protection by default, and by design. The course explains the third party contract review and amendment procedure to comply with GDPR and how to handle the privacy data breaches.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Understand the GDPR articles
- Learn the 10 steps compliance checklist
- Study the GDPR implementation approach
- Learn how to prepare for the project and key concepts
- Learn about data mapping
- Study the readiness assessment, gap assessment, and privacy assessment process
- Learn about data protection by design and by default a key concept
- Learn to implement data subject rights
- Understand the Data Protection Impact Assessment (DPIA) Process
- Learn to amend third-party contracts and review third party procedures
- Study the different steps to ensure the security of personal and sensitive data
- Understand how to handle data breaches
- Study the GDPR compliance audit and training requirement
Health Insurance Portability and Accountability Act (HIPAA) Awareness
Objective
HIPAA (Health Insurance Portability and Accountability Act) is a 1996 U. S. law that provides privacy standards to protect patients’ medical records and other health
information provided to health plans, doctors, hospitals, and other health care providers. Covered Entities, Business Associates, and Business Associate Subcontractors are all responsible for complying with HIPAA regulations. Section 164.308 (a)(5)(i) Security Awareness and Training Standard requires organization to implement a awareness training program.
The course is designed for the organizations that must comply with HIPAA requirements. The employees will learn about HIPAA, HITECH, Omnibus Rule and Chapter 181 - Texas Medical Records Privacy Act requirements for protecting Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) data.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about HIPAA and HITECH
- The Security Rule, The Privacy Rule, The Breach Notification Rule, Omnibus
- Rule. Chapter 181, Texas Medical Records Privacy Act
- Understand How Health Care Privacy Laws affect your organization
- Understand HIPAA IT Security Risk Assessment
- Learn about Administrative, Technical and Physical Safeguards
- Learn about Covered Entities
- Learn about Use and Disclosure of PHI
- Understand How HIPAA and HITECH are Related
- Learn about HITECH and Breach Notification
HITRUST Foundation Part I
CO00601
HITRUST Foundation Part I
Objective
HITRUST Alliance is composed of leaders from the healthcare industry in the pursuit of a more coherent approach to healthcare security. The HITRUST security maturity evaluation and points process awards healthcare providers a certification. This certification verifies that the company followed the Common Security Framework (CSF). The latest version, CSF 9.3, consolidates multiple regulations. The HITRUST series of courses are incredibly useful for the organization in the right scoping, selection of risk factor-based controls level, correctly applying HITRUST scoring, planning for certification, and more.
The HITRUST Foundation Part I course is designed to ensure employees understand the importance of HITRUST and fulfill the HITRUST training requirements. The series of HITRUST courses are useful for compliance, cybersecurity, information technology, and audit professionals to enhance security and compliance skills.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand HITRUST basics
- Learn about HITRUST framework
- Understand the HITRUST driving factors
- Study the HITRUST maturity model
- Understand the HITRUST scoring model
- Learn about the implementation and certification process
- Study how to certify
- Understand the criteria for certification
HITRUST Implementation Part II
CO00602
HITRUST Implementation Part II
Objective
The HITRUST security maturity evaluation and points process awards healthcare providers a HITRUST certification. This certification verifies that the company followed the Common Security Framework (CSF). The latest version, CSF 9.3, consolidates multiple regulations. The HITRUST Foundation Part II course is detailed guidance for the organization in the right scoping, selection of risk factor-based controls level, correctly applying HITRUST scoring, planning for certification, and certification.
The HITRUST Implementation Part II course is designed to provide the information to the management decision making and cost management by right-sizing the project and right implementation. The course is designed to ensure employees understand the importance of HITRUST and fulfill the HITRUST training requirements. The series of HITRUST courses are useful for compliance, cybersecurity, information technology, and audit professionals to enhance security and compliance skills.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand what is HITRUST
- Learn about the HITRUST CSF components
- Learn how to calculate HITRUST scores
- Understand the steps in certification plan and plan considerations
- Understand HITRUST Implementation Planning use case and learn to implement
- Learn to calculate risk rating as per HITRUST
- Understand the corrective action plan (CAP) and documentation
- Learn how to calculate the CAP risk rating and prioritization
Information Security and Privacy Awareness
Objective
Your enterprise's data is at risk. Your own employees may be pawns in the next threat from a highly skilled hacktivist, criminal, or nation-state. A security-aware workforce is a vital component in enterprise protection and is necessary to protect the company and its partners, customers, and employees. Additionally, you want to make sure that security is both a board-level and executive-level priority.
The objective of an effective Cyber Security and Privacy Awareness Training program is to empower employees to be proactive and aware of cybersecurity threats. The process starts with the training of new employees and it is an important opportunity to instill a security mindset into all roles early on. The course includes cybersecurity and privacy knowledge test as users progress through the training. Cyber Security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. The training is designed to protect and preserve the confidentiality, integrity, and availability of information owned by or in the care of the corporation.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn How to Protect Information
- Understand the Key Security Terms
- Learn about Insider Risk
- Learn about Privately Identifiable Information and Privately Healthcare Information
- Learn about Physical Security, Facility Security and Clean Desk Policies
- Learn about Social Engineering and Phishing
- Learn about Acceptable Personal Use of Corporate Property and Email
- Learn about Malicious Software and Incident Reporting
- Learn about User Id and Password Protection
- Understand Your Responsibility as a User
Information Security Management System (ISMS) Part I
Objective
Incident management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents with the objective to ensure smooth business operations with minimal to no downtime.
The IM programs are designed to train the employees and professionals to develop a better understanding of incidents and how they impact businesses. The program is in three parts. IM Part I is for all employees to help them understand their roles and how quickly an incident can escalate to become a major issue if not managed properly. The employees will learn key concepts, understand different terminologies, etc. The course is designed to ensure employees understand the importance of acting quickly and to make sure they are aware of the basic requirements.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Brief about Incident and Incident Management (IM)
- Incident Management Objectives
- What is a Security Incident Management?
- Incident, Problem, and Service Request
- Incident Management Key Concepts
- Incident Management Process and ITIL
- Incident Management Process Workflow Examples
- Incident Management Process
- Incident Management Process Steps Discussed in Detail
Information Security Management System (ISMS) Part II
Objective
Incident Management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents to ensure smooth business operations with minimal to no downtime.
Part II of the course will enhance your understanding of the incident management process. It starts with identifying incidents, critical success factors, and key performance indicators specific to IM. You will also learn about the ITIL framework based IM Process Workflow.
The course is designed to ensure practitioners understand the importance of acting quickly and to make sure they are aware of the basic requirements. The course includes knowledge tests as users progress through the training.
Course Details
What you will learn?
- Learn about Incident and Incident Management (IM)
- Understand Critical Success Factors (CSF)
- Understand Key Performance Indicators (KPI) Specific to Incident Management
- Understand Other Process Interfacing with Incident Management
- Learn about ITIL Framework Based Incident Management Process Workflow
- Implementing Incident Management - Detailed Guidance
Payment Card Industry Awareness
CO00201
Payment Card Industry Awareness
Objective
PCI DSS is meant to protect the cardholders (credit and debit) data to minimize or eliminate data breaches and other security incidents. Payment Card Industry (PCI) Awareness training is for employees working with the organizations that must comply with PCI Data Security Standard (PCI DSS) as well as anyone interested in learning more about PCI. Personnel responsible for PCI DSS compliance have specific training needs exceeding that which is typically provided by general security awareness training. In addition to the general awareness of information security, PCI training focuses on specific security topics, skills, processes, or methodologies that must be followed by the individuals to perform their compliance responsibilities effectively. PCI DSS requirement 12.6 states that organizations implement a formal security awareness program.
The awareness course is designed to help employees recognize and avoid everyday security threats while ensuring that sensitive payment card data is continuously secure. The course includes knowledge test as users progresses through the training. The further topics covered in this series of PCI training revolve around the essential elements of PCI DSS. These are basically the why, what, how, and who and consist of 12 essential requirements or elements.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Need for PCI DSS training
- PCI data security
- Relationship between PCI DSS and PA DSS
- PCI DSS scope
- PCI DSS requirement explained with examples
- Control costs and gain tangible, real-world insights on best practices
- Understand PCI compliance before going through an assessment
- Apply PCI DSS security principles across business
System & Organization Controls (SOC) Part I
Objective
SOC stands for “System and Organization Controls” and is the agreed upon control procedures set by the American Institute of Certified Public Accountants (AICPA).
These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learner in implementing SOC.
The training will help organizations to have in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills and type of controls required to certify. The Part I is about basic understanding of SOC1, SOC2 and SOC3; SOC2 driving factors; difference between Type I and Type II SOC; factors driving the audit scope; foundation of SOC report; and trust service principles.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about the System and Organization Controls (SOC) - SOC 1, SOC 2 and SOC3
- Understand the businesses that should think about SOC 2
- Learn about the driving factors for SOC compliance
- Learn how SOC 2 is different from SOC 1 and other compliance frameworks
- Understand the difference between a Type I and Type II audit
- Learn to decide the type of SOC report the organizations needs to have
- Learn about the factors driving the audit scope
- Understand the foundation of SOC 1®, SOC 2®, and SOC 3® Reports
- Learn about the SOC 2® and SOC 3® Trust Services Principles
System & Organization Controls (SOC) Part II
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC. Part II explains the SOC2 audit requirements, who can perform the audit, and applying relevant SSAE 18 standards.
The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. You will learn about SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security, SOC for Supply Chain, and SOC 2 + Additional Subject Matter Reports as well as the scope and use of these reports. The study contains case studies for SOC for Cyber Security and SOC for the supply chain. You will learn about mapping Trust Service Criteria to other standards and frameworks.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- SOC evolution
- Learn about SOC 2 audit and who can perform the audit
- Learn how to apply relevant SSAE 18 AICPA Standards
- SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security and SOC for Supply Chain Reports
- Understand scope and use
- Learn about the purpose and relevant standards
- Learn about the subject matter and components of the report
- Understand the use case for SOC for Cyber Security and SOC for Supply Chain
- Learn about SOC 2 + Additional Subject Matter Reports
- Learn the about TSC Mapping to Standards and Frameworks
System & Organization Controls (SOC) Part III
Objective
SOC stands for “System and Organization Controls” and is the agreed upon control procedures set by the American Institute of Certified Public Accountants (AICPA).
These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on "Do it yourself" ("DIY") concept. T
he SOC DIY training series is designed to educate learner in implementing SOC. The training will help organizations to have in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills and type of controls required to certify. The Part III provides in-depth knowledge of Trust Service, Criteria, Common Criteria and Supplemental criteria. You will learn to select the Trust Service Criteria for your organization, understand the underlying expectations under each Trust Service Criteria and the importance of Security criteria and why it is mandatory.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- SOC evolution
- Learn about SOC Report Options
- In-depth knowledge of:
- Trust Service Criteria
- Common Criteria
- Supplemental Criteria
- Point of Focus
- Learn to select the Trust Service Criteria for your organization
- Understand the underlying expectations under each Trust Service Criteria
- Understand the importance of Security criteria and why it is mandatory
System & Organization Controls (SOC) Part IV
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC.
The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. Part IV provides practical implementation knowledge of Common Criteria and Supplemental Criteria. You will learn about Generally Accepted Privacy Principles (GAPP), what’s included in the SOC report, what’s included in Management Assertions, and Description of the System. You will also learn about the latest AICPA guidelines - Description Criteria 200 (DC 200).
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand SOC evolution
- Practical implementation knowledge of:
- Common Criteria
- Supplemental Criteria
- Learn about Generally Accepted Privacy Principles (GAPP)
- Understand what’s included in SOC report
- Understand what’s included in Management Assertions and Description of the System
- Understand the AICPA new guidelines - Description Criteria 200 (DC 200)
System & Organization Controls (SOC) Part V
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC.
The training will help organizations to have the in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. Part V will further enhance your skills in key areas of writing system description which includes system overview, infrastructure details, relevant aspects of controls, and complementary user-entity controls. You will learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand what a system description is
- Understand the driving factors
- Learn to write system description essentials
- Learn to write:o System overview
- Infrastructure details
- Relevant Aspects of Controls
- Complementary User-Entity Controls
- Learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process
- Learn the step by step approach to the writing system description
System & Organization Controls (SOC) Part VI
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC. The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify.
Part VI educates the user about vendor due to deligence and use of SOC2 reports. You will learn how user organizations can adopt the SOC report, identify the relevant report user organization will need from a vendor, understand the report content and different types of SOC reports. You will learn to interpret and evaluate the SOC report content (explained with the report examples):
- Independent Service Auditor Report
- Management Assertions
- Overview of Operations
- Relevant Aspects of the Control Environment
- Description of the System
- Description of Control Objectives, Control, and Results of Testing
- Complementary User Entity Controls
- Other Information Provided by Management
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn how user organization can adopt SOC report
- Learn to identify the relevant report user organization will need from a vendor
- Vendor management, due diligence, and SOC report
- Understand the report content
- Understand different types of SOC reports
- Report fundamentals and report content
- Trust service criteria
- What’s included in the SOC report (explained with the report examples):
- Independent Service Auditor Report
- Management Assertions
- Overview of Operations
- Relevant Aspects of the Control Environment
- Description of the System
- Description of Control Objectives, Control, and Results of Testing
- Complementary User Entity Controls
- Other Information Provided by Management
- Learn to identify the type of report vendor shared
- Understand how to evaluate the report content
System & Organization Controls (SOC) Part VII
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC. The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify.
Part VII trains the learner on how to prepare SOC Trust Service Criteria Control Documentation and how to write corporate SOC controls using suggested controls for each service criteria and category:
Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy
Category: Control Environment, Communication, and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
You will learn the real-life example of how to write the controls.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about trust service criteria and SOC reports
- Learn how trust service criteria is organized
- Learn how to prepare SOC Trust Service Criteria Control Documentation
- Detailed understanding of requirements
- Learn how to write controls using suggested controls for each service criteria and category
- Security, Availability, Processing Integrity, Confidentiality, Privacy
- Control Environment, Communication and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
- Study the real-life example on how to write controls
The Federal Financial Institutions Examination Council (FFIEC) Awareness Part I
Objective
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The level of cybersecurity inherent risk varies significantly across financial institutions. It is important for management to understand the financial institution’s inherent risk to cybersecurity threats and vulnerabilities when assessing cybersecurity preparedness. The areas of cyber importance include Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience.
The FFIEC Cybersecurity training ensures personnel has the necessary knowledge and skills to support security awareness and strengthen compliance. Also, management's behavior and priorities heavily influence employee awareness and policy compliance, so training and the commitment to security should start with management.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- What is FFIEC?
- Learn about FFIEC Cybersecurity Priorities
- Understand FFFIEC CAT Inherent Risk Profile Assessment Categories
- Understand FFIEC Risk Levels• Learn about Inherent Risk Categories and Ratings
- Understand in detail the FFIEC CAT Maturity Assessment Categories
- Domain 1: Cyber Risk Management and Oversight
- Domain 2: Threat Intelligence and Collaboration
- Domain 3: Cybersecurity Controls
- Domain 4: External Dependency Management
- Domain 5: Cyber Incident Management and Resilience Domains, Assessment
- Factors, Components, and Declaration
The Federal Financial Institutions Examination Council (FFIEC) Part II
Objective
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The level of cybersecurity inherent risk varies significantly across financial institutions. It is important for management to understand the financial institution’s inherent risk to cybersecurity threats and vulnerabilities when assessing cybersecurity preparedness.
The areas of cyber importance include Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience. The FFIEC Cybersecurity Part II ensures personnel has the necessary knowledge and skills to implement FFIEC principles and perform maturity assessments with the help of a detailed case study.
The course includes ready templates useful for assessments and reporting. Also, the course includes knowledge tests as users progress through the training.
Course Details
What you will learn?
- Role of internal audit in FFIEC risk and maturity
- Understand FFIEC maturity levels
- Learn on how to interpret and analyze assessment results
- Complete case study to provide in-depth understanding and application of principles
- How to calculate risk for technology and connection type
- How to create rating summary
- Learn how to create an inherent risk profile
- Understand cybersecurity maturity level calculation
- Learn to document maturity results based on the maturity input
- Learn to prepare target maturity and maturity result charts
- Learn to prepare a chart of components
- Learn to develop roles and responsibilities of the internal audit function
- Learn to evaluate the cybersecurity maturity assessment