Talk With an Expert
New

LDR519: Cybersecurity Risk Management and Compliance

LDR519Cybersecurity Leadership
  • 5 Days (Instructor-Led)
  • 30 Hours (Self-Paced)
Course authored by:
James Tarala
James Tarala
LDR519: Cybersecurity Risk Management and Compliance
Course authored by:
James Tarala
James Tarala
  • 30 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 16 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Master strategic cybersecurity risk management through practical frameworks, comprehensive threat modeling, and regulatory compliance-driven governance to strengthen enterprise resilience.

Course Overview

This course prepares students to manage cybersecurity risk across the full governance, risk, and compliance (GRC) lifecycle using proven practices. Students learn to establish governance structures, build threats and safeguard inventories, implement and validate controls, and communicate outcomes to both technical and executive stakeholders. Through case studies and the SANS Cyber42 simulation, they gain hands-on experience aligning security measures with business goals. Designed for assessors, auditors, and second-line professionals, the course builds the technical and organizational skills needed to lead resilient, compliant GRC programs.

What You'll Learn

  • Apply the GRC lifecycle to build and mature cybersecurity programs
  • Develop comprehensive threat models for risk assessment
  • Implement effective governance frameworks and safeguard strategies
  • Prioritize safeguards and controls based on organizational context and business objectives
  • Validate cybersecurity safeguards through structured assessments
  • Communicate risks and results persuasively to executive and technical stakeholders

Business Takeaways

  • Enhance compliance posture across multiple regulations
  • Align security investments with business objectives
  • Improve risk visibility for informed decision-making
  • Reduce likelihood of costly security incidents
  • Structure an approach to continuous security improvement
  • Gain effective stakeholder communication strategies
  • Implement a framework for defensible security governance

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in LDR519: Cybersecurity Risk Management and Compliance.

Section 1Strategies for Cybersecurity Risk Management

This section establishes the essential context for effective cybersecurity risk management. Students learn to define cybersecurity governance frameworks, align security with business objectives, and understand the foundational elements of risk-based security programs.

Topics covered

  • Enterprise risk management fundamentals
  • Governance structure development
  • Security program maturity models
  • Stakeholder responsibility frameworks
  • Business-aligned security objectives

Labs

  • Cyber42 Case Study: Governance Assessment
  • Risk Management Policy Development
  • Stakeholder Communications Planning
  • Security Program Maturity Evaluation
  • Security Investment Justification

Section 2Cybersecurity Threat Modeling

In this section, students learn to identify, categorize, and prioritize threats as a foundation for the GRC lifecycle. Using taxonomies, asset models, and intelligence, they build inventories to inform governance, safeguards, and compliance.

Topics covered

  • Threat taxonomy implementation
  • Asset-based threat modeling
  • Attack vector analysis
  • Threat intelligence integration
  • Threat prioritization methodologies

Labs

  • Threat Inventory Development
  • Attack Vector Mapping
  • Cyber42 Case Study: Threat Analysis
  • Organizational Threat Landscape Analysis
  • Threat Intelligence Program Design

Section 3Cybersecurity Safeguard Frameworks

This is section teaches students to select, implement, and validate cybersecurity safeguards as part of the broader GRC lifecycle. Students learn structured approaches for evaluating safeguard effectiveness, aligning controls with identified threats, and ensuring safeguards support both risk reduction and compliance objectives.

Topics covered

  • Safeguard framework implementation
  • Safeguard selection criteria
  • Safeguard validation techniques
  • Security architecture assessment
  • Defense-in-depth strategies

Labs

  • Safeguard Assessment Tool Application
  • Safeguard Gap Analysis
  • Security Architecture Evaluation
  • Cyber42 Case Study: Safeguard Selection
  • Defense Effectiveness Measurement

Section 4Validating Safeguards and Third-Party Risk Management (TPRM)

In this section, students learn how to validate the effectiveness of safeguards and extend governance practices to third-party risk. The section emphasizes both internal validation and external oversight, ensuring safeguards and third-party relationships strengthen the overall GRC lifecycle.

Topics covered

  • Risk quantification methods
  • Impact assessment techniques
  • Likelihood determination
  • Risk response strategy development
  • Risk register management

Labs

  • Risk Quantification Exercise
  • Impact Analysis Implementation
  • Risk Response Planning
  • Cyber42 Case Study: Risk Analysis
  • Risk Register Development

Section 5Cybersecurity Risk Analytics and Response

Finally, students learn how to sustain the GRC lifecycle through continuous monitoring, risk analytics, and executive communication. They validate safeguards, align compliance programs, and use metrics to show effectiveness. By developing defensible reporting and improvement roadmaps, participants are prepared to guide ongoing governance and resilience.

Topics covered

  • Continuous monitoring frameworks
  • Compliance program integration
  • Security metrics development
  • Program effectiveness measures
  • Security improvement roadmaps

Labs

  • Continuous Monitoring Program Design
  • Compliance Integration Exercise
  • Security Metrics Development
  • Cyber42 Case Study: Program Assessment
  • Risk Communication to Executives

Things You Need To Know

Relevant Job Roles

Senior Security Leader

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.

Explore learning path

Cybersecurity Risk Manager

European Cybersecurity Skills Framework

Manage the organisation's cybersecurity-related risks aligned to the organisation’s strategy. Develop, maintain and communicate the risk management processes and reports.

Explore learning path

Enterprise Architecture (OPM 651)

NICE: Design and Development

Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.

Explore learning path

Governance, Risk, and Compliance

SCyWF: Governance, Risk, Compliance And Laws

This role governs cybersecurity structures and processes. Find the SANS courses that map to the Governance, Risk, and Compliance SCyWF Work Role.

Explore learning path

Chief Information Security Officer (CISO)

European Cybersecurity Skills Framework

Manages an organisation’s cybersecurity strategy and its implementation to ensure that digital systems, services and assets are adequately secure and protected.

Explore learning path

Executive Cybersecurity Leadership (OPM 901)

NICE: Oversight and Governance

Responsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.

Explore learning path

Cybersecurity Policy and Planning (OPM 752)

NICE: Oversight and Governance

Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us
  • Location & instructor

    Virtual (OnDemand)

    Instructed by
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Nashville, TN, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,375 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    £6,715 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Registration Options
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    New Orleans, LA, US & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    San Diego, CA, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Chicago, IL, US & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
Showing 10 of 17

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources