Nov 21, 2024  
2024-2025 Catalog & Student Handbook 
    
2024-2025 Catalog & Student Handbook

Certification in Governance, Risk & Compliance


Students are guided to create effective security and governance systems through analysis, negotiation, systematic approaches, and utilization of feedback, and be prepared to take the CGRC certification exam. They will gain skills to generate robust security reports, construct comprehensive ATO packages, and develop actionable plans with identified remediation tasks. They will learn to apply critical thinking in problem-solving, especially in risk management, and will be able to enhance processes using research findings effectively. Additionally, they will understand how to design governance structures that align with an organization’s objectives and interpret laws and regulations for effective compliance program implementation. They will also learn to integrate and monitor governance, risk management, and compliance activities effectively, and report their effectiveness to stakeholders. Additionally, they’ll master effective communication and negotiation skills, crucial in professional settings.  

Upon completing this course, students will be expected to be able to: 

  • Synthesize an effective Security Assessment Plan (SAP) using comprehensive analysis of the System Security Plan (SSP) and negotiation with a third-party assessor. 

  • Generate a robust Security Assessment Report (SAR) using collated on-site testers’ feedback and interview outcomes. 

  • Formulate an actionable Plan of Action and Milestones (POA&M) using a systematic approach to remediation task identification and timeline establishment. 

  • Construct a comprehensive Authorization to Operate (ATO) package through critical evaluation, use of essential tools, and application of effective business writing skills. 

  • Execute Information Security Continuous Monitoring (ISCM) processes through understanding of security assessment roles and awareness of audit triggers. 

  • Amend the Systems Security Plan (SSP) through continuous evaluation and consideration of proposed system changes during monitoring. 

  • Develop a transition strategy to the NIST Risk Management Framework (RMF) and FedRAMP using secondary research and application of risk management knowledge. 

  • Employ critical thinking to create innovative solutions to risk management issues across various disciplines. 

  • Apply gathered research effectively to enhance risk management processes. 

  • Utilize effective communication and negotiation skills within professional settings. 

  • Understand and design effective governance structures that align with an organization’s strategy and objectives. 

  • Identify, assess, and manage risks to the organization, and develop strategies to mitigate these risks. 

  • Understand and interpret relevant laws, regulations, and industry standards to design and implement effective compliance programs. 

  • Develop the skills to integrate governance, risk management, and compliance activities across the organization for better alignment and effectiveness. 

  • Implement processes to monitor ongoing risk and compliance management activities, and report on their effectiveness to stakeholders. 

Provided through Virgina’s FastForward, FANTIC and G3 programs that provide full financial aid for qualified Virginia residents.