IT Governance, Risk and Compliance (GRC)

Course Curriculum

Chapter 1: Introduction

Lecture 1: Introduction

Chapter 2: Why Governance, Risk and Compliance (GRC)?

Lecture 1: Key takeaway – Good GRC is a good idea!

Lecture 2: IT plays a business-critical role

Lecture 3: Data breaches and cybersecurity incidents on the rise

Lecture 4: 10 billion pound project failure at NHS

Lecture 5: Technology is the backbone of business

Lecture 6: Maintaining a health IT backbone – hello GRC!

Lecture 7: The 3 pillars of GRC

Lecture 8: GRC must be tailored to each organisation

Chapter 3: Compliance and Regulation – Start Here!

Lecture 1: Key takeaway – compliance is a must-have not a nice-to-have!

Lecture 2: The digital imperative

Lecture 3: Example – compliance requirements by Securities Commission Malaysia

Lecture 4: Breakdown of the SCM's IT risk management guidelines

Lecture 5: Understand the compliance landscape

Lecture 6: Example – compliance requirements by Monetary Authority of Singapore (MAS)

Lecture 7: Example – examining requirements from MAS in detail

Lecture 8: HIPAA compliance

Lecture 9: Comply or die

Chapter 4: Data Protection and Privacy – What You Need to Know

Lecture 1: Key takeaway – protecting data is a priority in this digital age

Lecture 2: Equifax data breach 2017

Lecture 3: Razer not even aware of data breach!

Lecture 4: 3 reasons why data breaches are at an all time high – MIT study

Lecture 5: Data protection is a business priority

Lecture 6: EU's General Data Protection Regulation (GDPR)

Lecture 7: 7 principles of GDPR

Lecture 8: Data protection and privacy policies

Lecture 9: Best practices for data security

Chapter 5: Dangerous World of Cybersecurity

Lecture 1: Key takeaway – cybersecurity is about people, not just tech!

Lecture 2: WannaCry ransomware (2017)

Lecture 3: Netflix phishing incident (2017)

Lecture 4: Regulator takes Optus to court (2024)

Lecture 5: Cybersecurity is a people issue, not just a tech issue!

Lecture 6: 7-hour disruption caused by DDOS attack

Lecture 7: EY's top 10 cyberthreats

Lecture 8: 50% of cyberthreats from own employees!

Lecture 9: 7 layers of cybersecurity

Lecture 10: SingHealth data breach (2018)

Lecture 11: NCSC's 10 steps to cybersecurity

Lecture 12: Introducing the NIST cybersecurity framework

Lecture 13: Examples of best cybersecurity practice

Lecture 14: Cybersecurity tools

Chapter 6: IT Resilience and Business Continuity – Keeping the Lights On

Lecture 1: Key takeaway – things will go wrong!

Lecture 2: Even big companies have outages

Lecture 3: Case – DBS bank in Singapore lacking digital resilience

Lecture 4: Outages caused by IT maintenance

Lecture 5: Impact of IT disruptions is far-reaching

Lecture 6: Business resilience is the ability to withstand disruptions

Lecture 7: The agility vs stability balance

Lecture 8: Business continuity regulation

Lecture 9: Key metrics – MTD, MAO and RTO

Lecture 10: BCM strategies and best practice

Lecture 11: ISO 22301 standard

Lecture 12: ISO 22301 clauses

Chapter 7: Managing IT Risk – Being Proactive

Lecture 1: Key takeaway – no such thing as 100% risk-free!

Lecture 2: Risk everywhere in the digital landscape

Lecture 3: Do I really need IT risk management? Yes!

Lecture 4: Case: Delta Airlines grounded

Lecture 5: Understanding compliance requirements for IT risk management

Lecture 6: IT threat landscape

Lecture 7: Understanding risk

Lecture 8: Risk = probability X impact

Lecture 9: Conducting a risk assessment

Lecture 10: 4 general strategies for managing risk

Lecture 11: Risk controls

Lecture 12: Being proactive in managing risk

Lecture 13: Some general advice

Lecture 14: ISO 31000 standard

Chapter 8: IT Governance – How Do We Make IT Decisions?

Lecture 1: Key takeaway – IT governance is about the effective and efficient use of IT

Lecture 2: How do we make decisions?

Lecture 3: What would happen without governance?

Lecture 4: IT governance is a subset of corporate governance

Lecture 5: Some definitions of IT governance

Lecture 6: Common themes

Lecture 7: Business and IT misalignment

Lecture 8: Who's got the steering wheel?

Lecture 9: 4 dimensions of IT governance

Lecture 10: Decision domains

Lecture 11: Who's making the decisions?

Lecture 12: Example – IT governance at MIT

Lecture 13: 6 governance styles

Lecture 14: Governance mechanisms

Lecture 15: Considerations in governance design

Lecture 16: Governance pitfalls

Chapter 9: COBIT and ISO frameworks

Lecture 1: Key takeaway – if you have nothing, start with COBIT or ISO!

Lecture 2: Introduction to COBIT

Lecture 3: COBIT governance system principles

Lecture 4: COBIT core – 40 objectives

Lecture 5: ISO/IEC 38500

Lecture 6: 6 principles of ISO 38500

Chapter 10: IT Project Governance

Lecture 1: Key takeaway – choose your projects wisely