I just wondered if anyone else was doing this course at the moment. I'm working my way through it and finding it very interesting, as my background is more IT security (I've got my CISSP) than governance. But I'm struggling a little with the questions; most seem obvious, but I really can't understand some of them, and I can't find the answer when I go back over the material. When you get a question wrong, it doesn't tell you what the correct answer is, and I really want to know. I'd just like to hear from others who are doing the course and how they are finding it. If you know a way of accessing the answer when you get a question wrong that would be great.
View More
Before I embark on the CISSP, I was wondering if getting the CGRC would make sense or is even recommended. I mainly work in the GRC area (doing policy work), and would like to get a more solid understanding of the different frameworks etc. I am thinking that getting a CGRC certification could help me here. Does it make sense to attempt this certification without the knowledge & experience required for a CISSP? Thanks for any guidance you may have.
View More
On June 15, 2024, ISC2 will update the CGRC exam. This exam update is the result of the Job Task Analysis (JTA), which is an analysis of the knowledge, skills and abilities of the credential evaluated by ISC2 members on a triennial cycle. The exam domain weights for the CGRC will change as follows:
Current (Effective August 15, 2021)
New (Effective June 15, 2024)
1
Information Security Risk Management Program
16%
Security and Privacy Governance, Risk Management, and Compliance Program
16%
2
Scope of the Information System
11%
Scope of the System
10%
3
Selection and Approval of Security and Privacy Controls
15%
Selection and Approval of Framework, Security, and Privacy Controls
14%
4
Implementation of Security and Privacy Controls
16%
Implementation of Security and Privacy Controls
17%
5
Assessment/Audit of Security and Privacy Controls
16%
Assessment/Audit of Security and Privacy Controls
16%
6
Authorization/Approval of Information System
10%
System Compliance
14%
7
Continuous Monitoring
16%
Compliance Maintenance
13%
Total:
100%
Total:
100%
For more information, please review our CGRC Exam Update FAQs or the CGRC Exam Outline.
View More
Looking for self study options for CGRC. I see a lot of folks asking for this, but very little action on the part of ICS2 to facilitate. Other than reading old CAP books and/or publicly available NIST documents, are there any other options? I am not interested in any form of instructor led "live" class. I'd be open to something similar to the CCSP online course. When, ISC2, will you provide more options for those of us who prefer to self study?
View More