Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P, distance learning and online certification program
Cybersecurity has become a major challenge for companies and organizations around the world. They need managers and professionals equipped with the knowledge, skills, and abilities to cope with evolving threats and vulnerabilities.
In almost all companies and organizations, the C-Level executives and the board believe that they are impacted by the cybersecurity skills shortage, and have difficulties to stay ahead of, and to cope with, evolving threats and vulnerabilities. They search for cybersecurity experts that are adequately trained, including those from nontraditional backgrounds. Unfortunately, there are not enough cybersecurity professionals available for hire, so entities are fighting for the same talent.
Additionally, there is an acute shortage of cybersecurity skills like counterintelligence analysis and defense, to deal with the intelligence collection and attacks by foreign adversaries.
Foreign intelligence entities and the state-sponsored groups they support are actively targeting information, assets, and technologies that are vital to the public and the private sector. Cybersecurity professionals must raise awareness about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard their assets.
The CC(GRC)P program has been designed to provide with the knowledge and skills needed to understand and support firms and organizations in cyber risk and compliance management. The course provides with the skills needed to pass the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P exam.
The CC(GRC)P certification program is beneficial to:
- Managers and employees working at the strategic, tactical, and operational levels of information security, IT and risk management.
- Information security managers, employees, auditors, and consultants.
- Threat analysts.
- Vulnerability assessment managers, employees, auditors, and consultants.
- Risk and compliance managers, employees, auditors, and consultants.
- IT managers, employees, auditors, and consultants.
- Network, systems, and security administrators.
- Senior managers involved in risk and compliance management.
- Data protection and privacy managers, employees, auditors, and consultants.
- IT, information security, risk and compliance management vendors, suppliers, and service providers.
- The CC(GRC)P exam.
- Cyber risks today, and what is different for organizations and employees.
Who is attacking us? How?
- Professional criminals and information warriors.
- Attacks on the critical infrastructure.
- No evidence of a problem is no evidence of no problem.
- From the U.S. National Infrastructure Protection Plan (NIPP).
- Attacks on the internet infrastructure.
- Widespread automated attacks.
- Threats, harassment, and other criminal offences.
- The Necurs botnet.
- The ZeuS Trojan.
- Forgery and misrepresentation.
- Technology, intellectual property, trade secrets and proprietary information.
- The 2018 Foreign Economic Espionage in Cyberspace, from the National Counterintelligence and Security Center.
- Travel security.
- Hardware attacks.
- Case studies.
- Software attacks.
- The WannaCry Ransomware Virus.
- Worm Nimda.
- Tiny Banker Trojan.
- Mobile Malware.
- Metamorphic and polymorphic malware.
- Weaponized pdfs.
- Packet Sniffing.
- Social Engineering.
- Reverse Social Engineering.
- Common social engineering techniques.
- Clone phishing.
- Case Study: The Carbanak gang.
- Whaling, phishing for executives.
- Smishing and vishing attacks.
Deep web, dark web, and the false sense of privacy.
- The deep web.
- The dark web.
- Darknet and overlay networks.
- The Onion Router.
- Tor and anonymity.
- De-anonymizing Tor users.
- Tor “hidden” services.
- Step 1 – Collecting information about persons and systems.
- Who has signed a confidentiality agreement?
- Vendors, suppliers, service providers.
- Marketing and cyber security.
- Example or publicly available information: EDGAR.
- Attacking systems and persons.
- Ideologies and cyber risk.
- Blackmailing employees, the art and the science.
- Employee collusion with external parties.
- Employees and their weaknesses and vulnerabilities.
- You have an affair?
- Romance fraudsters and criminals.
- Webcam blackmail.
- Case studies.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment, and testing.
- Testing the asset.
- Sleeper agents in the private sector.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and stakeholders.
- Step 6 – Critical infrastructure.
- Case study: Operation Aurora.
- Case study: Sony Pictures.
From Warfare to Cyber Warfare.
- Clausewitz, the paradoxical trinity.
- Cyberspace, a domain of war.
- Jus ad bellum, jus in bello, jus post bellum.
- Article 2(4) and Article 51, United Nations (UN) Charter.
- Is a cyber attack an armed attack?
- From the G7 Finance Ministers and Central Bank Governors.
- US Department of Defense (DoD) Law of War manual (2015), Cyber Operations.
- Government Accountability Office (GAO), Weapon Systems Cybersecurity.
- Information Operations (IO).
- Electronic Warfare (EW).
- Electromagnetic Spectrum Targets.
- Computer Network Operations (CNO).
- Psychological Operations (PSYOP).
- Military Deception (MILDEC).
- Operations Security (OPSEC).
- Information assurance (IA).
- Physical security.
- Defensive Information Operations.
- Net-centric warfare.
- Cyberspace and national security.
- Hackers, Spies, or Hybrid Warfare?
- Case studies.
- Challenges to Security in Space, Defense Intelligence Agency (DIA).
- Camouflage for the digital domain (2020), NATO Strategic Communications Centre of Excellence.
- Espionage, Intelligence.
- Political, Economic, Military Intelligence.
- Competitive Intelligence vs. Economic or Industrial Espionage.
- Espionage, UK Centre for the Protection of National Infrastructure (CPNI).
- Espionage and other intelligence activities, Bundesamt für Verfassungsschutz (BfV, the Federal Office for the Protection of the Constitution).
- Cyber attacks controlled by intelligence services, Bundesamt für Verfassungsschutz (BfV).
- Counterintelligence (CI).
- Cyber Espionage.
- Open-Source Intelligence (OSINT).
- Case studies.
- Case study, Danish assessment of the cyber threat against Denmark.
- Office of Intelligence & Analysis Strategic Plan for Fiscal Years 2020-2024.
The attribution problem.
- A Guide to Cyber Attribution, Director of National Intelligence (DNI).
- Plausible Deniability.
- Misinformation, disinformation, deception management, fabrication.
- Disinformation management.
- ENISA, Disinformation operations in cyber-space.
- ENISA, Active Defense and Offensive Countermeasures.
The NIST Cybersecurity Framework.
- The Framework Core.
- The four elements:
- 1. Functions,
- 2. Categories,
- 3. Subcategories,
- 4. Informative References.
- The Functions:
- 1. Identify (ID),
- 2. Protect (PR),
- 3. Detect (DE),
- 4. Respond (RS),
- 5. Recover (RC).
- The Framework Profiles.
- The Framework Implementation Tiers.
- Tier 1: Partial.
- Tier 2: Risk Informed.
- Tier 3: Repeatable.
- Tier 4: Adaptive.
Coordination of Framework Implementation.
- How to use the framework.
- Communicating Cybersecurity Requirements with Stakeholders.
- Methodology to Protect Privacy and Civil Liberties.
NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.
- The NIST privacy framework, January 16, 2020.
- Privacy Risk Management.
- Privacy Framework Basics.
- The Core.
- Functions, categories, subcategories.
- The Framework Profiles.
- The Framework Implementation Tiers.
- Tier 1: Partial.
- Tier 2: Risk Informed.
- Tier 3: Repeatable.
- Tier 4: Adaptive.
- How to Use the Privacy Framework.
- Using a simple model of “ready, set, go” phases.
Demand for Cyber Risk and Information Security Professionals.
- From the National Initiative for Cybersecurity Careers and Studies (NICCS).
- Salaries, daily rates.
- Closing remarks.
Become a Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P
We will send the program up to 24 hours after the payment. Please remember to check the spam folder of your email client too, as emails with attachments are often landed in the spam folder.
You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our programs or services for any reason, all you must do is to send us an email, and we will refund the payment, no questions asked.
Your payment will be received by our strategic partner and service provider, Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH may also send certificates to all members.
The all-inclusive cost is $297. There is no additional cost, now or in the future, for this program.
First option: You can purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.Purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program here (VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.)
Second option: QR code payment.
i. Open the camera app or the QR app on your phone.
ii. Scan the QR code and possibly wait for a few seconds.
iii. Click on the link that appears, open your browser, and make the payment.
Third option: You can purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P program with PayPal
When you click "PayPal" below, you will be redirected to the PayPal web site. If you prefer to pay with a card, you can click "Debit or Credit Card" that is also powered by PayPal.
What is included in the program:
A. The official presentations (1,186 slides)
The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.
B. Up to 3 online exam attempts per year
Candidates must pass only one exam to become CC(GRC)Ps. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.
If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.
If they do not achieve a passing score the second time, they can retake the exam a third time.
If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for any additional exam attempts.
To learn more, you may visit: https://www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf
C. The certificate
Processing and posting via registered mail with tracking number. Certificates are usually dispatched every 10 weeks.
Frequently Asked Questions
1. I want to learn more about the International Association of Risk and Compliance Professionals (IARCP).
The IARCP is a global community of experts working in risk and compliance management, that explore career avenues, and acquire lifelong skills.
The IARCP is wholly owned by Compliance LLC, a company incorporated in Wilmington, NC, and offices in Washington, DC, a provider of risk and compliance training and certification in 57 countries.
Several business units of Compliance LLC are very successful associations that offer standard, premium and lifetime membership, weekly or monthly updates, training, certification, Authorized Certified Trainer (ACT) programs, lobbying that raises awareness on certain problems, interest representation, and other services to their members. The business units of Compliance LLC include:
- The Sarbanes-Oxley Compliance Professionals Association (SOXCPA), the largest Association of Sarbanes-Oxley professionals in the world. You may visit: https://www.sarbanes-oxley-association.com
- The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com
- The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-iiassociation.com
2. Does the association offer training?
The IARCP offers distance learning and online certification programs in most countries, and in-house instructor-led training programs in companies and organizations in many countries.
A. Distance learning and online certification programs.
A1. Certified Risk and Compliance Management Professional (CRCMP). To learn more, you may visit: https://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm
A2. Certified Information Systems Risk and Compliance Professional (CISRCP). To learn more, you may visit: https://www.risk-compliance-association.com/CISRCP_Distance_Learning_and_Certification.htm
A3. Certified Risk and Compliance Management Professional in Insurance and Reinsurance CRCMP(Re)I. To learn more, you may visit: https://www.risk-compliance-association.com/CRCMP_Re_I.htm
A4. Certified Cyber (Governance Risk and Compliance) Professional CC(GRC)P. To learn more, you may visit: https://www.risk-compliance-association.com/CC_GRC_P_Distance_Learning_and_Certification.htm
A5. Travel Security Trained Professional (TSecTPro). To learn more, you may visit: https://www.risk-compliance-association.com/TSecTPro_Distance_Learning_and_Certification.htm
B. Instructor-led training.
The association develops and maintains five certification programs, and tailors presentations and training programs for directors, executive managers, risk and compliance managers, internal and external auditors, data owners, process owners, consultants, suppliers, and service providers.
For instructor-led training, you may contact:
President of the IARCP
The Certified Risk and Compliance Management Professional (CRCMP) designation is globally recognized. There are CRCMPs in 57 countries.
Companies and organizations around the world consider the CRCMP a preferred certificate.
You can find more about the demand for CRCMPs at: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf
3. Is there any discount available for the distance learning programs?
We do not offer a discount for your first program. We want to keep the cost of the programs as low as possible for all members.
You have a $100 discount only after you purchase one of our programs. The discount applies to the second and each additional program.
For example, you can purchase the CRCMP program for $297, and then:
- you can purchase the CISRCP program for $197 (instead of $297),
- you can purchase the CC(GRC)P program for $197 (instead of $297),
- you can purchase the CRCMP(Re)I program for $197 (instead of $297),
- you can purchase the TSecTPro program for $197 (instead of $297).
If you purchase the Certified Cyber (Governance Risk and Compliance) Professional - CC(GRC)P, distance learning and online certification program, you have a 50% discount for the Travel Security Trained Professional (TSecTPro) program (the all-inclusive cost for the Travel Security Trained Professional (TSecTPro) program is $148, instead of $297).
If you have already purchased one of our programs, and you want to purchase your next program, please contact Lyn Spooner via email, to receive the URL for the discounter price.
4. Are your training and certification programs vendor neutral?
Yes. We do not promote any products or services, and we are 100% independent.
5. I want to learn more about the exam.
You can take the exam online from your home or office, in all countries.
It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.
You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.
The exam contains only questions that have been clearly answered in the official presentations.
All exam questions are multiple-choice, composed of two parts:
a. A stem (a question asked, or an incomplete statement to be completed).
b. Four possible responses.
In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.
TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.
BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.
RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.
SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.
We do not send sample questions or past exams. If you study the presentations, you can score 100%.
a. When you are ready to take the CRCMP exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdfb. When you are ready to take the CISRCP exam, you must follow the steps: https://www.risk-compliance-association.com/CISRCP_Certification_Steps_1.pdf c. When you are ready to take the CRCMP(Re)I exam, you must follow the steps: https://www.risk-compliance-association.com/CRCMP_Re_I_Certification_Steps.pdf d. When you are ready to take the CC(GRC)P exam, you must follow the steps: https://www.risk-compliance-association.com/CC_GRC_P_Certification_Steps_1.pdf e. When you are ready to take the TSecTPro exam, you must follow the steps: https://www.risk-compliance-association.com/TSecTPro_Certification_Steps_1.pdf
6. How comprehensive are the presentations? Are they just bullet points?
The presentations are not bullet points. They are effective and appropriate to study online or offline.
7. Do I need to buy books to pass the exam?
No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. Print the presentations and use Post-it to attach notes, to know where to find the answer to a question.
8. Is it an open book exam? Why?
Yes, it is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.
9. Do I have to take the exam soon after receiving the presentations?
No. You can take the exam any time. Your account never expires.
10. Do I have to spend more money in the future to remain certified?
No. Your certificate never expires. It will be valid, without the need to spend money or to take another exam in the future.
11. Ok, the certificate never expires, but things change.
Recertification would be a great recurring revenue stream for the association, but it would also be a recurring expense for our members. We resisted the temptation to "introduce multiple recurring revenue streams to keep business flowing", as we were consulted. No recertification is needed for our programs.
Things change, and this is the reason you need to become (at no cost) a member of the association. Every week you can visit the "Reading Room" of the association and read our newsletter with updates, alerts, and opportunities, to stay current.
12. How many hours do I need to study to pass the exam?
You must study the presentations at least twice, to ensure you have learned the details. The average time needed is:
- 32 hours for the CRCMP program,
- 26 hours for the CISRCP program,
- 35 hours for the CC(GRC)P program,
- 34 hours for the CRCMP(Re)I program, and
- 12 hours for the TSecTPro program.
This is the average time needed. There are important differences among members.
13. I want to receive another printed and stamped certificate (I lost the one sent, or for other reasons). Can you send me another one?
Every time we send certificates via registered mail with tracking number, we also send all tracking numbers via email. Please track your certificate and ensure you or somebody else can receive it. If there is any problem in the process, please let us know. If we do not receive an email up to 90 days after the day we sent the tracking numbers, indicating that your certificate was not delivered, we will mark the certificate as delivered.
The cost of each additional printed and stamped certificate is $65. It includes the administration, processing and posting via registered mail with tracking number (not courier). Certificates are usually dispatched every 10-12 weeks. We accept payment with cards, QR, and PayPal.
14. Why should I get certified, and why should I choose your certification programs?
Firms and organizations hire and promote “fit and proper” professionals who can provide evidence that they are qualified. Employers need assurance that employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that the process owners are qualified, and that the controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.
The marketplace is clearly demanding qualified professionals in risk and compliance management. Certified professionals enjoy industry recognition and have more and better job opportunities. It is important to get certified and to belong to professional associations. You prove that you are somebody who cares, learns, and belongs to a global community of professionals.
The all-inclusive cost of our programs is very low. There is no additional cost for each program, now or in the future, for any reason.
If you purchase a second program, you have a $100 discount. The all-inclusive cost for your second (and each additional) program is $197.
There are 3 exam attempts per year that are included in the cost of each program, so you do not have to spend money again if you fail.
No recertification is required. Your certificates never expire.