Cybersecurity Governance: 16 Steps with NIST & ISO

Cybersecurity Governance: 16 Steps with NIST & ISO

Instructors: Paweł Mielniczek

Access provided by Interbank

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

What you'll learn

Analyze your organization's risk landscape to scope and map controls, governance gaps, and priorities for cybersecurity governance
Implement automated workflows using a 16-step blueprint to integrate cloud security and privacy safeguards into your GRC program
Execute cybersecurity governance frameworks and evaluate control effectiveness by applying incident response and continual improvement
Create a fully audit-ready cybersecurity governance program aligned with cybersecurity best practices

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

4 assignments¹

AI Graded see disclaimer

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 6 modules in this course

Unify your cybersecurity governance standards into a resilient, audit-ready governance program.

In today's complex risk environment, even a single supply chain breach can lead to severe regulatory penalties and reputational harm. This course provides a repeatable, risk-based approach to cybersecurity governance, risk and compliance (GRC), integrating ISO 27001, ISO 27002, ISO 27701, and the NIST cybersecurity framework, ideal for compliance leaders preparing for certification or strengthening their information security posture. Through a structured 16-step blueprint and hands-on demonstrations, you'll learn to scope your ISMS, conduct risk assessments, map controls, and align cloud and privacy safeguards that are considered the core cybersecurity governance skills. You'll apply ISO and NIST standards to real-world scenarios, using templates, checklists, and workflows to streamline documentation, cybersecurity auditing, and incident response. By course end, you'll be equipped to build and maintain a cybersecurity governance, risk and compliance framework that meets global cybersecurity best practices and scales with organizational risk.

In this course, you’ll learn how to integrate ISO 27001/27002/27701 with the NIST Cybersecurity Framework through a structured, 16-step blueprint. You’ll focus on translating global standards into actionable governance practices, from scoping and risk assessment to control mapping, cloud and privacy safeguards, and continuous improvement. Through concise expert-led videos, hands-on templates, and workflow demonstrations, you’ll gain the skills to design and operate a repeatable, audit-ready governance program. By the end, you’ll be equipped to unify fragmented processes, strengthen risk-driven decision-making, and deploy a resilient framework that adapts to evolving threats and regulatory demands.

What's included

1 video1 reading

In this module, you’ll explore how to establish the foundation for a resilient cybersecurity governance program. You’ll examine how to define the purpose, scope, and context of an Information Security Management System (ISMS) aligned with ISO 27001 and the NIST Cybersecurity Framework. You’ll learn how to engage leadership, align stakeholders, and set clear roles and responsibilities through governance tools and RACI matrices. Finally, you’ll apply strategies for developing success criteria, mapping strategic goals, and scoping processes to ensure accurate, audit-ready implementation.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 64 minutes

Module Introduction  2 minutes
Define ISMS Success Criteria 8 minutes
Map Strategic Goals to NIST CSF 8 minutes
Select Governance Tools and Inputs 5 minutes
Process Mapping for ISMS Scope 7 minutes
Policy and Boundary Setting 5 minutes
Contextualize Governance Risks 8 minutes
Establish Sponsorship Channels 9 minutes
Define Roles and RACI 7 minutes
Leadership Approval Process 5 minutes

1 readingTotal 5 minutes

The Role of Leadership in ISO 27001 Compliance 5 minutes

1 assignmentTotal 20 minutes

Governance Planning & Scoping 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Build a Governance RACI Matrix 10 minutes

1 discussion promptTotal 10 minutes

Bridging Strategy and Scope10 minutes

In this module, you’ll explore how to conduct risk-driven governance by applying structured frameworks for assessment and control alignment. You’ll examine ISO 27005 and NIST SP 800-30 methods to identify, analyze, and prioritize risks, while setting acceptance thresholds that reflect business goals and compliance drivers. You’ll also learn to tailor ISO Annex A and NIST CSF controls to organizational risk profiles, justify selections for audit readiness, and integrate cloud and privacy safeguards from ISO 27017, ISO 27701, and the NIST Privacy Framework. Finally, you’ll apply documentation strategies and practical tools to deliver audit-ready risk registers, control mappings, and privacy addenda that strengthen governance and resilience.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 62 minutes

Module Introduction  2 minutes
Conduct ISO/NIST Risk Analysis 9 minutes
Define Risk Acceptance Criteria 7 minutes
Prioritize Control Objectives 6 minutes
Use Control Mapping Tools 7 minutes
Tailor Controls to Risk Profile 6 minutes
Document Mapping Justification 5 minutes
Map Cloud Controls 7 minutes
Assess Privacy Gaps 9 minutes
Write Privacy Addendum 5 minutes

1 readingTotal 5 minutes

Introduction to the NIST Privacy Framework 5 minutes

1 assignmentTotal 20 minutes

Risk Assessment & Control Tailoring 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Map Privacy Controls Across ISO 27701 and NIST 10 minutes

1 discussion promptTotal 10 minutes

Justifying "Equivalent" Controls to Auditors 10 minutes

In this module, you’ll explore how to operationalize cybersecurity governance through continuity planning, technical safeguards, and workforce awareness programs. You’ll examine ISO 22301 and NIST CSF recovery practices to build resilience against disruptions, while applying ISO 27017 and NIST SP 800-53 to deploy cloud and technical controls. You’ll also design staff training initiatives that foster a security-aware culture and implement ISO 30111 and NIST SP 800-40 methods for vulnerability and patch management. By the end, you’ll have the tools to enforce governance effectively, minimize downtime, and ensure ongoing compliance.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 63 minutes

Module Introduction  2 minutes
ISO/NIST Recovery Principles 8 minutes
Designing Continuity Plans 9 minutes
Simulating Failover Workflows 5 minutes
Technical Control Deployment 7 minutes
Launch Awareness Training 8 minutes
Secure Workflow Assignments 5 minutes
Patch Methodologies Overview 8 minutes
Automate Patch Monitoring 7 minutes
Track Remediation Logs 5 minutes

1 readingTotal 10 minutes

Patch Management: Definition & Best Practices 10 minutes

1 assignmentTotal 20 minutes

Governance Implementation 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Create a Patch Management SOP 10 minutes

1 discussion promptTotal 5 minutes

Aligning Recovery Plans with Technical Reality 5 minutes

In this module, you’ll explore how to strengthen governance through proactive monitoring, incident response, and continuous optimization. You’ll examine ISO 27035 and NIST SP 800-61 playbooks to design incident-response plans, define roles, and conduct readiness drills. You’ll establish measurable KPIs and tier-based metrics with ISO 27004 and NIST frameworks to ensure audit readiness and build compliance dashboards. Finally, you’ll apply automation and AI-driven workflows to streamline monitoring, reuse templates, and embed feedback loops that drive ongoing improvement and scalability of your ISMS.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 54 minutes

Module Introduction  2 minutes
ISO/NIST IR Playbooks 7 minutes
Define IR Roles & Teams 5 minutes
Simulate IR Drill Planning 5 minutes
Define KPIs & Tier Metrics 5 minutes
Develop Dashboards 4 minutes
Prepare Audit Evidence Logs 5 minutes
AI-Powered Monitoring 8 minutes
Template Reuse & Control Sync 8 minutes
Optimize Control Improvements 5 minutes

1 readingTotal 5 minutes

How Generative AI Helps Risk & Compliance  5 minutes

1 assignmentTotal 20 minutes

Monitoring, Auditing & Continuous Improvement20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Automate Governance Monitoring10 minutes

1 discussion promptTotal 10 minutes

Overcoming Barriers to Continuous Compliance10 minutes

In this wrap-up module, you’ll consolidate your learning by applying governance planning, risk assessment, implementation, and monitoring skills in a multi-layered breach simulation. By the end, you’ll showcase the skills to lead resilient cybersecurity programs that adapt to threats, meet compliance demands, and strengthen organizational trust.