cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DrK
Newcomer I

Self Study or Enroll in ISC2 Course?

Hi there

I am an ISC2 Instructor, an adjunct Professor in cybersecurity and I received my CGRC certificate last year.
Many of my students ask me if they should enroll in an ISC2 course or study on their own.

I always answer that it is a trick question and the answer is both! You should enroll in a good ISC2 course and study on your own. 

Here are some thumb rules about certification that I got from my mentors, mentees and other students

1. This is a technical certification. Make sure that you have 2-3 years of experience in Governance/Risk/Compliance before you start working on this certification. You will get much more if you have the experience. While there an option to get this certificate with OUT the required work experience, most students got more from preparation for this exam because they could learn at work

2.  If you like a structured approach - use the self learning modules by ISC2, it is very interactive and it gives a great overview

3. If you like interacting with your instructor, with your classmates and would like your training to be spread over 8 weeks, I recommend the 8 week instructor led courses. You get access to the course material for 6 months.

4. If you are prepared well, enroll in the 5 day workshop as a great review before you go for the exam.

5. The bottom line is that you have to read the standards and be very familiar with them. Start with this standard.

NIST SP 800-37 Rev 2, Guide for Applying the Risk Management Framework to Federal Information Systems  

Many of my students and I benefited from the Free flashcards that ISC2 makes available.

Check out the graphics and links below.

Dr K

Sudesh Kannan, CISSP, CGRC PhD
Cyber Security  Professional 

 

Self-Study Resources can be found here: https://www.isc2.org/Training/Self-Study-Resources

 

Here is a link to the Online Instructor Led Course as well: 

https://enroll.isc2.org/catalog?pagename=cgrc-training

 

https://csrc.nist.gov/projects/risk-management/about-rmf

 

DrK_0-1702395585326.png

 

NIST SP 800-18 - development of system security plans 

NIST SP 800-30 - supports the development of system and organizational risk assessments 

NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments

SP 800-171 Rev. 2

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

800-53 and 800-171 provide actual security controls

NIST SP 800-53A Rev 4 (Rev 5 when released), Assessing Security and Privacy Controls in Federal Information Systems and Organizations*

NIST SP 800-53 Rev 5, Security and Privacy Controls for Federal Systems and Organizations*

NIST SP 800-53B, Control Baselines for Information Systems and Organizations

NIST SP 800-37 Rev 2, Guide for Applying the Risk Management Framework to Federal Information Systems  

NIST SP 800-39, Organizational Wide Risk Management

NIST SP 800-160, Volume I, Systems Security Engineering

FIPS 200 addresses the specification of minimum security requirements for federal information and information systems.

FIPS 199 addresses the classification divides systems. It divides the systems into high, moderate, and low impact systems based on their impact on individuals and organizations.

4 Replies
sharmagds
Newcomer I

Hello, thank you for your response in advance. 

 

I am already certified CISSP but somehow think like I should go for CGRC certification also, and have been into IT Audit and security field since 2010. 

 

My questions are: I want to self-study, then register for the exam and pass - where do I register for the exam?  Given my over 10 years experience, do you think I will have any issues in getting CGRC certified?  Any relevant info I will appreciate, thank you very much, regards Ganesh Sharma

AntiEvil
Newcomer II

Given all of your experience in GRC, you probably won't have any problems passing the test. The original post has a list of the various NIST documents you need to be familiar with. This aligns with the comments I have read on other sites.

You can always look for the most recent edition of a CAP (the old name of the CGRC) book on Amazon if you want something more structured.  Also, look on Udemdy or similar site - there might be a related course. 

I wish they would release a self study online training course. I personally don't need an instructor led class to be successful.  I have been in cybersecurity for 25 years and have many certifications including the CISSP and CCSP.  I am just looking to round out my ISC2 certification set.

tkruthoff
Viewer II

Hi,

 

I'm also looking for a self-paced training for CGRC.  You mentioned this, "2.  If you like a structured approach - use the self learning modules by ISC2, it is very interactive and it gives a great overview" in your post.  Where are the ISC2 self learning modules?  I've seen a list of references and the flash cards and a list of instructor-led training. But I can't find the self learning modules for CGRC.  Can you link that, please?  Thanks in advance. 

sharmagds
Newcomer I

Thank you very much, appreciated!

 

I searched on internet and the earliest edition for ISC2 CAP, I am finding is from 2012 - apparently that is too old, can you please suggest any site where I can buy the latest edition, thank you very much!