Risk Management the SecuRetain Way
Instilling a logical, consistent, and disciplined approach to future uncertainties allowing organizations to work prudently and productively, building a resilient and trained workforce to mitigate risks.
Empower your organization to comply with Risk and Impact Assessment requirements under FFIEC, ISO 27001, NIST CSF, DPIA, DR
Affordable, versatile, and the most extensive Risk Management e-learning courses
Customize Risk Management courses to reflect your desired framework (COSO, OCTAVE, ISO 31000 and more), policies, procedures, and guidelines
Use the SecuRetain platform to distribute your training content along with SecuRetain courses in your own private space
Track progress and course completion for yourself or an entire enterprise with the SecuRetain platform
Ensure that organizations move forward strategically from their current state to their target state with the ability to identify gaps and prioritize those gaps based on risk assessments and mitigation strategies.
Preview e-Learning Courses
Comprehensive Risk Management Based
e-Learning Courses
Beneficial for all organizations, irrespective of their size, industry, and geography. SecuRetain will help organizations and employees grow personally and professionally.
Learning Outcomes from Risk Management Based e-Learning Courses
The best way to predict your future is to create it. Create granular, analytic risk management capabilities.The versatile knowledge of risk management practices within various frameworks, standards, and compliance requirements will help you design your own approach and predict your own future.
- Identify risk, assess risk, analyse risk, develop controls, treat risk, etc.
- Risk management elements, approach, and risk monitoring
- Vendor/third-party risk assessment, management (TPRM), and framework
- Cloud-based risk assessment
- Remote work risks assessment
- FedRAMP risk management requirement
- Risk-based cybersecurity framework (NIST CSF)
- Risk management and frameworks: COSO, ISO 31000, NIST CSF, NIST 800-53, HIPAA, HITRUST
- Privileged access risks and challenges
- Fraud and Audit Management Series
- Fraud risk management framework, fraud risk governance, and insider risk
- Fraud risk management basics, fraud risk management program, and planning for effective fraud risk assessments
- Risks covered by Disaster Recovery (DR), DR impact assessments, and risk management
- Data privacy impact assessments
- Information technology general controls and risk controls
- Perform TPRM, common concerns of TPRM, TPRM framework, and driving factors, best practices for a TPRM framework, and framework considerations
SecuRetain’s Risk Management e-Learning Courses
Browse all Risk Management category courses available for you on our SecuRetain platform
To search all courses on our SecuRetain platform. Click here!
Data Privacy and Privacy Regulations Part I
Objective
Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy awareness course provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.
The protection of US residents’ data is regulated by laws enacted on both the national and the state level. The examples of federal laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, e.g. example, California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Data Privacy and Privacy Regulations Part II
Objective
Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy courses provide all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.
The protection of US residents’ personal data is regulated by laws enacted on both the national and the state level. The examples of Federal Laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, for e.g., the California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Fraud Management Part II
FR00102
Fraud Management Part II
Objective
The Association of Certified Fraud Examiners (ACFE) published the results of the survey in its 2018 Report to the Nations on Occupational Fraud & Abuse. Organizations around the world lose an estimated 5% of their annual revenues to fraud, according to a survey of Certified Fraud Examiners (CFEs) who investigated cases between January 2016 and December 2017. Risk is any threat to the business and represents the uncertainty and inability of the corporation to achieve its goals. The organization needs to create an organizational culture and structure conducive to fraud risk management.
The tone at the top should reflect the perception of fraud detection and prevention. The course is designed to ensure employees understand fraud risk management basics, how to develop a fraud risk management program and fraud risk governance. The course is Part II in the ten-part series of fraud management courses designed to educate employees, managers, and management.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Understand Fraud Basics
- Learn Fraud Risk Management Basics
- Understand How to Document Roles and Responsibilities
- Understand the Objectives of Fraud Risk Management Program
- Learn How to Develop a Fraud Risk Management Program
- Understand Fraud Risk Management Framework Basics
- Understand the Importance of Fraud Risk Governance
- Learn How to Plan for Fraud Risk Assessments
- Learn About Effective Fraud Risk Assessment Requirements
Fraud Management Part III
FR00103
Fraud Management Part III
Objective
Committee of Sponsoring Organizations of the Treadway Commission (COSO) along with the Association of Certified Fraud Examiners (ACFE) published the Fraud Risk Management Guide (guide), intended to serve as best practices guidance for organizations to follow in addressing the fraud risk assessment principles. Risk is any threat to business and represents uncertainty and inability of the corporation to achieve its goals. The organization needs to create an organizational culture and structure conducive to fraud risk management. The tone at the top should reflect the perception of fraud detection and prevention.
The course is designed to ensure employees understand the fraud risk assessment framework, how to execute fraud risk assessment, implement anti-fraud strategy, and features of the whistleblower program. The course is Part III in the ten-part series of fraud management courses.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn How to Develop the Fraud Risk Management Program
- Learn How to Plan for Fraud Risk Assessments
- Learn How to Execute Fraud Risk Assessments
- Section I - Fraud Risk Assessment Framework
- Step 1 - Identify Potential Inherent Fraud Risks
- Step 2 - Assess the Likelihood and Impact
- Step 3 - Evaluate Department Likely to Commit Fraud
- Section II - Analysis
- Section III - Reporting the Results
- Understand Fraud Risk Assessment with Practical Examples
- Learn about Prevention, Detection, and Respond Programs for Fraud
- Understand Antifraud Strategy Key Elements
- Learn about Sound Internal Control System Requirements
- Understand Typical Features of the Practical and User-Friendly Hotline and Whistleblower Program
- Learn about Investigations Basics, Enforcement, and Corrective Actions
General Data Protection Regulation (GDPR) Part II
Objective
With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. The GDPR applies to ‘personal data’, which means any information relating to an identified or identifiable person. The information can help directly or indirectly identify a person.
The GDPR applies to the process carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU. The course content in Part II provides an understanding of the data subject rights, GDPR accountability and governance principles, and data protection officer role. It explains the very important concepts of privacy by design, code of conduct principle, and data protection impact assessment.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about data Subject Rights
- Learn about Accountability and Governance principle
- Understand Privacy by Design
- Learn about the Data Protection Officer Role
- Study the privacy Codes of Conduct principle
- Understand Data Protection Impact Assessments (DPIA)
General Data Protection Regulation (GDPR) Part IV
Objective
With the General Data Protection Regulation (GDPR), the European Union has set the rules and become the focal point of the global dialogue on individual data privacy. The GDPR applies to the process carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
The course content in Part IV walks you through the GDPR articles, ten steps compliance checklist, GDPR implementation approach, project planning, and key GDPR concepts such as data mapping, readiness assessment, gap assessment, data protection by default, and by design. The course explains the third party contract review and amendment procedure to comply with GDPR and how to handle the privacy data breaches.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Understand the GDPR articles
- Learn the 10 steps compliance checklist
- Study the GDPR implementation approach
- Learn how to prepare for the project and key concepts
- Learn about data mapping
- Study the readiness assessment, gap assessment, and privacy assessment process
- Learn about data protection by design and by default a key concept
- Learn to implement data subject rights
- Understand the Data Protection Impact Assessment (DPIA) Process
- Learn to amend third-party contracts and review third party procedures
- Study the different steps to ensure the security of personal and sensitive data
- Understand how to handle data breaches
- Study the GDPR compliance audit and training requirement
Health Insurance Portability and Accountability Act (HIPAA) Awareness
Objective
HIPAA (Health Insurance Portability and Accountability Act) is a 1996 U. S. law that provides privacy standards to protect patients’ medical records and other health
information provided to health plans, doctors, hospitals, and other health care providers. Covered Entities, Business Associates, and Business Associate Subcontractors are all responsible for complying with HIPAA regulations. Section 164.308 (a)(5)(i) Security Awareness and Training Standard requires organization to implement a awareness training program.
The course is designed for the organizations that must comply with HIPAA requirements. The employees will learn about HIPAA, HITECH, Omnibus Rule and Chapter 181 - Texas Medical Records Privacy Act requirements for protecting Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) data.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about HIPAA and HITECH
- The Security Rule, The Privacy Rule, The Breach Notification Rule, Omnibus
- Rule. Chapter 181, Texas Medical Records Privacy Act
- Understand How Health Care Privacy Laws affect your organization
- Understand HIPAA IT Security Risk Assessment
- Learn about Administrative, Technical and Physical Safeguards
- Learn about Covered Entities
- Learn about Use and Disclosure of PHI
- Understand How HIPAA and HITECH are Related
- Learn about HITECH and Breach Notification
National Institute of Standards and Technology Part I
Objective
National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to apply the principles of the NIST Cyber Security Framework (NIST CSF) to your organization.
A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The course outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about CSF fundamentals
- Learn how to develop a risk-based cybersecurity framework
- Understand the CSF framework core and design
- In-depth knowledge on how to use functions, categories, and subcategories
- Use of risk management principles, best practices, and methodologies
- Understand the CSF implementation tiers and implementation
- Learn about framework profile implementation
- Learn about improving resiliency
Risk Assessment Awareness Part I
RM00103
Risk Assessment Awareness Part I
Objective
Risk management is the responsibility of all employees within an organization aiming towards building a risk-aware and responsible culture.Risk is defined as the potential for loss or damage when a threat exploits a vulnerability. Risk management is more complex today than ever. A gap in risk awareness across the three lines of defense creates disconnects and delays in handling the risk issues.
The course provides your employees with competence in risk management vital to protecting your institution and achieving compliance. The course provides in-depth knowledge of risk management concepts and fundamentals. The course improves risk awareness, promotes an open risk culture, and inclusion of risk in decision-making process.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Risk Identification – Learn to identify risk
- Risk Assessment - How to assess risk?
- Risk Analysis – How to analyze risk?
- Controls – Learn to develop controls
- Risk Treatment – How to treat risk?
- Risk Management Elements – What are the risk management elements?
- Risk Monitoring – How to monitor risk?
- Risk Management Approach – Learn the process?
- Issue Management Remediation
System & Organization Controls (SOC) Part V
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC.
The training will help organizations to have the in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. Part V will further enhance your skills in key areas of writing system description which includes system overview, infrastructure details, relevant aspects of controls, and complementary user-entity controls. You will learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand what a system description is
- Understand the driving factors
- Learn to write system description essentials
- Learn to write:o System overview
- Infrastructure details
- Relevant Aspects of Controls
- Complementary User-Entity Controls
- Learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process
- Learn the step by step approach to the writing system description
System & Organization Controls (SOC) Part VII
Objective
SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC DIY training series is designed to educate learners in implementing SOC. The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify.
Part VII trains the learner on how to prepare SOC Trust Service Criteria Control Documentation and how to write corporate SOC controls using suggested controls for each service criteria and category:
Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy
Category: Control Environment, Communication, and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
You will learn the real-life example of how to write the controls.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about trust service criteria and SOC reports
- Learn how trust service criteria is organized
- Learn how to prepare SOC Trust Service Criteria Control Documentation
- Detailed understanding of requirements
- Learn how to write controls using suggested controls for each service criteria and category
- Security, Availability, Processing Integrity, Confidentiality, Privacy
- Control Environment, Communication and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
- Study the real-life example on how to write controls
The Federal Financial Institutions Examination Council (FFIEC) Awareness Part I
Objective
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The level of cybersecurity inherent risk varies significantly across financial institutions. It is important for management to understand the financial institution’s inherent risk to cybersecurity threats and vulnerabilities when assessing cybersecurity preparedness. The areas of cyber importance include Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience.
The FFIEC Cybersecurity training ensures personnel has the necessary knowledge and skills to support security awareness and strengthen compliance. Also, management's behavior and priorities heavily influence employee awareness and policy compliance, so training and the commitment to security should start with management.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- What is FFIEC?
- Learn about FFIEC Cybersecurity Priorities
- Understand FFFIEC CAT Inherent Risk Profile Assessment Categories
- Understand FFIEC Risk Levels• Learn about Inherent Risk Categories and Ratings
- Understand in detail the FFIEC CAT Maturity Assessment Categories
- Domain 1: Cyber Risk Management and Oversight
- Domain 2: Threat Intelligence and Collaboration
- Domain 3: Cybersecurity Controls
- Domain 4: External Dependency Management
- Domain 5: Cyber Incident Management and Resilience Domains, Assessment
- Factors, Components, and Declaration
The Federal Financial Institutions Examination Council (FFIEC) Part II
Objective
The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. The level of cybersecurity inherent risk varies significantly across financial institutions. It is important for management to understand the financial institution’s inherent risk to cybersecurity threats and vulnerabilities when assessing cybersecurity preparedness.
The areas of cyber importance include Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience. The FFIEC Cybersecurity Part II ensures personnel has the necessary knowledge and skills to implement FFIEC principles and perform maturity assessments with the help of a detailed case study.
The course includes ready templates useful for assessments and reporting. Also, the course includes knowledge tests as users progress through the training.
Course Details
What you will learn?
- Role of internal audit in FFIEC risk and maturity
- Understand FFIEC maturity levels
- Learn on how to interpret and analyze assessment results
- Complete case study to provide in-depth understanding and application of principles
- How to calculate risk for technology and connection type
- How to create rating summary
- Learn how to create an inherent risk profile
- Understand cybersecurity maturity level calculation
- Learn to document maturity results based on the maturity input
- Learn to prepare target maturity and maturity result charts
- Learn to prepare a chart of components
- Learn to develop roles and responsibilities of the internal audit function
- Learn to evaluate the cybersecurity maturity assessment
Vendor Risk Management Awareness Part I
Objective
The use of third-party services has become a valuable business practice in virtually every industry these days. By outsourcing services, corporations can reduce costs and allow management to sharpen their focus on core business activities. The use of outsourced services introduces an element of risk as vendors could have access to sensitive customer data, which elevates the cybersecurity threat or vendor services can directly impact corporate objectives.
Vendor risk management (VRM) is a comprehensive plan for identifying and decreasing potential business uncertainties and legal liabilities. Increased regulatory focus on vendor management has placed a greater burden on institutions to build a compliant program. For e.g., FFIEC, GLBA 501(b), etc.The VRM course is in two parts. The part I provide the knowledge of the fundamentals of vendor risk assessment, factors driving risk assessment, introduction to third-party risk management frameworks, etc.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- What is vendor/third-party risk management (TPRM)?
- What are third parties?
- What are the common concerns of TPRM?
- Why perform a third-party risk assessment?
- What are the factors driving third-party risk assessment?
- Why do I need a Third-party Risk Management Framework?
- Why do I need a TPRM framework?
Vendor Risk Management Framework Development Part II
Objective
The use of third-party services has become a valuable business practice in virtually every industry these days. The use of outsourced services introduces an element of risk as vendors could have access to sensitive customer data, which elevates the cybersecurity threat or vendor services can directly impact corporate objectives.
The organization should formulate explicit third-party risk management (TPRM) framework, including a clear definition of ownership and governance, standardized workflows, and articulation of risk appetite in respect of third parties, which aims at creating alignment among the internal stakeholders. The TPRM course is in two parts. Part II provides knowledge of the TPRM frameworks and how to build and implement a TPRM framework. The course includes knowledge test as users progress through the training.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Why do Organizations need a TPRM framework?
- What are the third-party risk categories and common third-party risks?
- What are the Best Practices for a TPRM Framework?
- What are the TPRM Framework Considerations?
- How to build a TPRM framework?
- How to implement a TPRM framework?