Curriculum · Phase 1
Foundations
Frameworks, regulations, cloud, and risk.
The building blocks every GRC Engineer needs before touching a single control. What SOC 2, ISO 27001, and NIST CSF require, when PCI/HIPAA/ GDPR/CCPA apply, how cloud shared responsibility works, and how to build a risk register from scratch.
~5 hours
·
5 modules
·
165 points
Module 1.1
Governance, Risk, Compliance Explained
The three letters every GRC Engineer lives inside. What governance, risk management, and compliance actually mean, how they interact, and why confusing them leads to the wrong work.
35 min
0 / 3
Module 1.2
Compliance Frameworks Landscape
SOC 2, ISO 27001, NIST CSF, and CIS Controls v8: what each one covers, how they differ, and how they map to each other. The frameworks a GRC Engineer references every day.
40 min
0 / 3
Module 1.3
Regulatory Frameworks — PCI, HIPAA, GDPR, CCPA
When laws and industry regulations supersede voluntary frameworks. Which regulations apply to which companies, what they require technically, and how to identify applicability from a business scenario.
35 min
0 / 2
Module 1.4
Cloud Fundamentals + Shared Responsibility
IaaS, PaaS, SaaS: what you manage vs what the provider manages, and why getting this wrong is the most common audit finding for cloud-native companies.
57 min
0 / 4
Module 1.5
Risk Management Basics
Threat modeling, risk registers, likelihood vs impact, residual risk, and the practice of connecting business risk to security controls. You will build a risk register from a realistic scenario.
48 min
0 / 3