cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Yusuf
Reader II

A Concise Guide to the Certified in Governance, Risk, and Compliance (CGRC) Exam

As many of you have reached out to me asking about the resources I used to prepare for the Certified in Governance, Risk, and Compliance (CGRC) exam, and given the noticeable lack of resources or guidance in this area, I've decided to put together a concise guideline to assist you in your journey towards CGRC certification.

 

https://www.linkedin.com/pulse/concise-guide-certified-governance-risk-compliance-cgrc-yusuf-purna

 

It is my sincere hope that you will find this guide useful and insightful, and it will serve as a roadmap to ease your preparation process.

 

 

6 Replies
gil600221
Newcomer I

I was hoping and expecting a downloadable PDF file, but I guess not? Thanks for your page on this pertinent information anyways?

 

Gilbert

CySA+, SSCP, MCP, IT

JRock94
Newcomer I

Excellent writeup Yusuf!

ericgeater
Community Champion

Thanks, Yusuf!  I appreciate your submission.  Also, congratulations on passing the CGRC!  I saw that in your LI profile.  

-----------
A claim is as good as its veracity.
Akdxb
Viewer III

Thaniks for the information

1Purplenut
Newcomer I

This is great information.  I have been working with the federal government as an ISSO for 15+ years working with policy & compliance.  I would suggest adding NIST 800-171 for non-government systems to this list.  Now that we are doing more cloud systems at my agency, when the vendors do not have FedRAMP authorization we ask them to provide a self-assessment based on NIST 800-171.  This gives us somewhere to start because for some of them this whole security control thing is new, and it provides at least some guidance for them as to what we expect.  NIST 800-53, 53A (Assessment), and 53B (Baselines) are great and there is a ton of good information there, but federal agencies do require more than the private sector and that deep of an understanding may or may not be needed for the exam.  However, if you have that level of understanding the test would/will be easier to pass.  Just my 2 cents.  Oh, and you should definitely know the regulations/references by name and number.

1Purplenut
Newcomer I

There is probably a ton of information and .pdf type stuff for the CAP certification and that would serve as a good base for this information.  You could start with that and build from there.  The best way to learn the information is to work with it so if you could get an internship or a detail to a position that deals with Governance, Risk and Compliance you could learn on the job.