Overview
Tackle the challenges of today's digital landscape head-on with the University of South Florida’s new Information Security Governance, Risk, and Compliance Analyst program (Infosec GRC Analyst), an online program designed to meet the critical shortage of cybersecurity professionals. This course is designed for individuals who are new to the field of Governance, Risk, and Compliance (GRC) and are seeking to transition into a cybersecurity or information security career.
It is ideal for professionals from non-technical backgrounds such as administration, finance, legal, healthcare, education, or project management who are interested in building a foundational understanding of how organizations manage risk, ensure compliance, and uphold cybersecurity governance. No prior experience in cybersecurity or IT is required.
The content is tailored to help learners connect their existing transferable skills with the key concepts, processes, and tools used in GRC roles. With expert instructors, a comprehensive curriculum, and flexible learning options, participants in this online training program will learn how to advise organizations on implementing security controls that can reduce cyber risks – and will earn a Credly digital badge to prove it.
Curriculum & Course Details
Learn to navigate compliance challenges with the USF InfoSec GRC Analyst program. Start with information security fundamentals and progress to implementing and assessing organizations against industry standards. By the end of the program, participants will be able to advise organizations on ways to implement security controls that can reduce cyber risks.
Module 1
In this first step of your cybersecurity journey, you’ll learn what information security is, why it matters, and how it affects everyday life (at home, at work, and across industries).
Module 2
Introduces you to the essential technologies behind digital systems and explores the most common cyber threats that target them. By the end, you will be able to "talk the talk" and will understand how basic technology works and what makes systems vulnerable to attack.
Module 3
Offers a high-level introduction to the eight core cybersecurity domains and their role in protecting systems and data.
Module 4
This module builds your foundational knowledge of key security concepts, terms, and controls essential for a GRC role. You'll learn to identify threats, understand the CIA Triad, and classify security controls.
Module 5
Introduces the core principles of GRC, including key frameworks, policies, and risk management practices. Learners will explore roles, assessments, and assurance methods essential to effective information security and compliance.
Module 6
Introduces the NIST Cybersecurity Framework (CSF) and its five core functions (Identify, Protect, Detect, Respond, and Recover), which provide a strategic foundation for managing cybersecurity risks. Through real-world scenarios and structured methodologies, learners will gain practical skills in assessing threats, evaluating controls, and aligning risk management practices with NIST guidelines.
Module 7
Explores how to integrate emerging technologies into existing cyber risk frameworks, with a focus on developing an effective organizational profile that reflects the evolving digital ecosystem. Participants will learn how to apply Zero Trust principles, assess AI-related risks, and use the NIST CSF to build a resilient cybersecurity posture.
Module 8
Dives into information security assessments, remediation planning, and reporting, giving participants the skills needed to prepare an assessment.
Module 9
In the only required synchronous segment, the final module guides participants as they synthesize what they've learned by participating in an authentic audit scenario and producing a final report thus demonstrating their newly acquired skills.
Learning Objectives
Upon successful completion of this course, learners will be able to:
- Apply fundamental concepts of information security, including the CIA triad (Confidentiality, Integrity, and Availability) and basic security principles.
- Differentiate between IS frameworks, standards, and regulations.
- Use common IS terminology to contextualize and communicate risk effectively.
- Describe the roles and responsibilities of IS stakeholders/practitioners.
- Identify the fundamental concepts and principles of Artificial Intelligence (AI) and Zero Trust Architecture (ZTA).
- Conduct a NIST Cybersecurity Framework (CSF) v2 Gap Assessment.
Advisor
Our advisors are here to support you every step of the way – whether you have questions about courses, need guidance on your learning path, or simply want to explore your goals.
