admin@yixiangs.com +86-138-700-21257 WhatsApp
About Us Contact Portal
Advanced CPD

Cybersecurity Governance, Risk and Compliance

This advanced 5 days programme provides professionals with a rigorous, practice-oriented grounding in Cybersecurity Governance, Risk and Compliance. Designed for those working across the Digital & Technology sector, the course combines established theoretical frameworks with current industry practice through expert-led instruction, structured case studies, and hands-on workshops.

5 daysDuration
AdvancedLevel
5 Days · 15 ModulesProgramme
YX-CYBER-002Code
Classroom Online In-House Blended
Starting From
$4,950
per delegate · live online

Choose Format

Classroom
Face-to-face at a global venue
$5,950
Online
Live interactive virtual sessions
$4,950
In-House
Delivered at your premises
Quote
Enquire & Book Request In-House Quote
Internationally Accredited
50+ Global Locations
Expert Advisory Team
Secure Booking Process

Course Overview

About this programme

This advanced 5 days programme provides professionals with a rigorous, practice-oriented grounding in Cybersecurity Governance, Risk and Compliance. Designed for those working across the Digital & Technology sector, the course combines established theoretical frameworks with current industry practice through expert-led instruction, structured case studies, and hands-on workshops.

Participants will engage with the most relevant tools, standards, and methodologies used in Cybersecurity today. By the final day, delegates will leave with a clear personal action plan and the confidence to apply their learning immediately, contributing to improved performance, compliance, and competitive advantage within their organisations.

Programme Objective

Equip professionals with the knowledge, skills, and frameworks required to excel in Cybersecurity Governance, Risk and Compliance, driving measurable improvement in Digital & Technology performance and delivering tangible value to their organisations.

5 daysTotal Duration
5 DaysTraining Days
15 ModulesModules Covered
Max 20Class Size
EnglishLanguage
CPDAccreditations

What You Will Learn

11 key learning outcomes

01

Understand the strategic landscape of digital transformation and its impact on the energy sector

02

Apply data analytics and visualisation techniques to extract actionable insights from operational datasets

03

Evaluate AI and machine learning applications relevant to oil and gas, energy, and industrial operations

04

Assess cybersecurity risks in operational technology environments and apply mitigation frameworks

05

Design digital use cases that deliver measurable business value and operational improvement

06

Communicate digital strategy and technology roadmaps to senior leadership and business stakeholders

07

Apply cloud computing concepts and data architecture principles to enterprise digital initiatives

08

Understand and apply relevant digital standards, governance frameworks, and data management practices

09

Evaluate emerging technologies — IoT, digital twins, RPA, and blockchain — for energy sector applications

10

Build and prioritise a digital transformation roadmap aligned to organisational goals and capabilities

11

Apply change management principles to drive digital adoption across technical and non-technical teams

Course Outline

5 training days · 15 modules · hands-on workshops

1
Cybersecurity
Fundamentals
2
Network
Security
3
Vulnerability
Management
4
Security
Standards,
5
Supply
Chain
Day 1

Cybersecurity Fundamentals & Threat Landscape

Establish foundational cybersecurity knowledge and understand the threat environment facing energy infrastructure.

8 hours 3 modules
Module 1

Cybersecurity Core Concepts

  • CIA triad: confidentiality, integrity, and availability
  • Threat actors: nation-states, organised crime, and insiders
  • Attack vectors: phishing, supply chain, and remote access exploitation
  • Cyber kill chain and MITRE ATT&CK framework for ICS
Module 2

IT vs. OT Security

  • IT/OT convergence: drivers, benefits, and security challenges
  • OT environment characteristics: safety criticality, availability priority, and legacy systems
  • Industrial control system (ICS) components: PLC, DCS, RTU, and HMI
  • IT security tools applied to OT: EDR, SIEM, and vulnerability scanning considerations
Module 3

Energy Sector Threat Intelligence

  • Notable ICS cyber incidents: Stuxnet, Colonial Pipeline, and Ukraine power grid
  • Threat landscape for oil and gas: upstream, midstream, and downstream targets
  • CISA alerts and ICS-CERT advisories: how to track and respond
  • Vulnerability disclosure and responsible reporting in industrial environments
Practical Workshop

Threat scenario analysis: teams map a provided energy sector cyber incident to the MITRE ATT&CK for ICS framework, identifying attacker tactics and techniques used.

Day 2

Network Security & Architecture

Design secure network architectures and apply segmentation principles to industrial environments.

8 hours 3 modules
Module 1

Network Security Fundamentals

  • TCP/IP fundamentals: protocols, ports, and packet analysis
  • Firewalls and DMZ: stateful inspection, rule sets, and placement
  • Intrusion detection and prevention systems (IDS/IPS): signature and anomaly detection
  • VPN and secure remote access: IPsec, SSL-VPN, and jump server architecture
Module 2

OT Network Segmentation (Purdue Model)

  • Purdue enterprise reference architecture: levels 0–5
  • Industrial DMZ design: data diode, unidirectional gateway, and historian placement
  • Network segmentation strategies: VLANs, zones, and conduits
  • IEC 62443 zones and conduits: security level assignment
Module 3

Wireless & Remote Access Security

  • Industrial wireless: WirelessHART, ISA100.11a, and 5G private networks
  • Wi-Fi security: WPA3, certificate authentication, and rogue AP detection
  • Remote access management: MFA, session recording, and privilege access workstations
  • Vendor remote access: PAM solutions and least-privilege principles
Practical Workshop

Network architecture review: groups evaluate a provided ICS network diagram against IEC 62443 zone and conduit requirements, identify gaps, and redesign the architecture.

Day 3

Vulnerability Management & Incident Response

Apply systematic vulnerability management and develop an effective cyber incident response capability.

8 hours 3 modules
Module 1

Vulnerability Assessment in OT

  • Passive vs. active scanning: risks and tools for OT environments
  • CVE scoring: CVSS base, temporal, and environmental metrics
  • Patch management in OT: testing, scheduling, and compensating controls
  • Asset inventory: automated discovery and manual reconciliation
Module 2

Cyber Incident Response

  • Incident response lifecycle: preparation, detection, containment, eradication, and recovery
  • Cyber incident classification: severity levels and escalation thresholds
  • Playbooks: ransomware, data exfiltration, and OT disruption scenarios
  • Digital forensics basics: evidence preservation and chain of custody
Module 3

Business Continuity & Recovery

  • Business impact analysis (BIA) for OT systems
  • Recovery time objective (RTO) and recovery point objective (RPO) for ICS
  • Backup and restoration of PLC logic, historian data, and configuration files
  • Tabletop exercises: testing incident response capability and plan improvements
Practical Workshop

Incident response tabletop: teams work through a ransomware attack scenario affecting a production control system, executing their IR plan and identifying gaps in detection and response.

Day 4

Security Standards, Frameworks & Compliance

Apply IEC 62443, NIST CSF, and ISO 27001 to build a compliant cybersecurity management programme.

8 hours 3 modules
Module 1

IEC 62443 Standard

  • IEC 62443 series structure: parts 1-4 and their applicability
  • Security levels (SL): target, achieved, and capability levels
  • Security management system: IEC 62443-2-1 requirements
  • Secure product development lifecycle: IEC 62443-4-1 for component suppliers
Module 2

NIST Cybersecurity Framework

  • NIST CSF functions: identify, protect, detect, respond, and recover
  • Maturity tiers: from partial to adaptive
  • Profile development: current state, target state, and gap analysis
  • NIST SP 800-82: guide to industrial control system security
Module 3

ISO 27001 Information Security Management

  • ISO 27001 clauses: context, leadership, planning, support, and operation
  • Annex A controls: selection, implementation, and statement of applicability
  • ISMS audit: internal audit process and management review
  • Certification pathway: gap assessment, implementation, and certification audit
Practical Workshop

ISMS gap assessment: groups evaluate a provided organisation profile against IEC 62443-2-1 and ISO 27001 requirements, produce a maturity score, and prioritise top five improvement actions.

Day 5

Supply Chain Security, Cloud & Future Threats

Address supply chain cybersecurity, cloud security, and emerging threat vectors.

8 hours 3 modules
Module 1

Supply Chain & Third-Party Risk

  • Software supply chain attacks: SolarWinds, Log4j, and MOVEit lessons
  • Vendor security assessment: questionnaires, audits, and red flags
  • Third-party remote access governance: privileged access management
  • Software bill of materials (SBOM): understanding component dependencies
Module 2

Cloud Security for OT Data

  • Cloud service models: IaaS, PaaS, and SaaS security responsibilities
  • Shared responsibility model: cloud provider vs. customer
  • Identity and access management (IAM): zero trust principles for cloud
  • Data residency, sovereignty, and compliance in multi-cloud environments
Module 3

Future Threats & Emerging Technology

  • AI-powered attacks: adversarial ML and automated vulnerability exploitation
  • Quantum computing: impact on current cryptographic standards
  • 5G and edge computing: expanded attack surface management
  • Security for digital twins and IIoT: protecting connected asset environments
Practical Workshop

Capstone security programme: teams develop a prioritised 12-month cybersecurity improvement plan for a provided energy sector organisation, covering governance, technical controls, and workforce development.

The course outline is indicative. Content may be adapted to reflect current industry developments and delegate experience levels.

Who Should Attend

This programme is designed for professionals across these roles

Data Analysts & Data Scientists

Professionals working with data to generate insights, models, and business intelligence

IT & OT Engineers

Engineers managing information technology or operational technology systems and infrastructure

Business Leaders & Managers

Leaders responsible for digital strategy, technology investment, and transformation programmes

Cybersecurity Professionals

Security teams protecting operational technology and digital assets in industrial environments

Operations & Asset Personnel

Operations, maintenance, and engineering staff adopting digital tools in their work processes

Digital Innovation Leads

Innovation champions tasked with identifying and delivering digital use cases across the business

Schedule & Fees

Upcoming public dates — enrol anytime

Jun
03
03 Jun – 07 Jun 2026
Dubai, UAE
Classroom Only 2 seats left!
$5,950
per delegate
Jul
03
03 Jul – 07 Jul 2026
Live Online (Zoom)
Online 5 seats available
$4,950
per delegate
Jul
23
23 Jul – 27 Jul 2026
Singapore
In-House Only 3 seats left!
Quote
custom pricing
Aug
26
26 Aug – 30 Aug 2026
Houston, USA
Blended 7 seats available
Quote
custom pricing
Sep
23
23 Sep – 27 Sep 2026
Abu Dhabi, UAE
Classroom 5 seats available
$5,950
per delegate
Oct
23
23 Oct – 27 Oct 2026
Live Online (Zoom)
Online 8 seats available
$4,950
per delegate
Can't find a suitable date? Contact us for private cohort scheduling or in-house delivery options at your premises.

Accreditations & Recognition

This course carries internationally recognised professional credits

CPD Certified

Course Resources

Request documentation before you book

Course Brochure

Full curriculum, schedule, fees & logistics

In-House Proposal

Customised delivery for your organisation

Detailed Outline

Full day-by-day topic breakdown PDF

Group Booking

Discounts for teams of 3 or more delegates

Ready to Enrol?

Speak with our training advisors to confirm availability, group rates, and customised in-house options.

Enquire Now Browse More Courses