RGA100% FREEOuter Space

Risk Governance & Assurance

The strategic view from orbit. Governance, risk, and assurance ensure everything below keeps functioning.

No experience required · 12 hours · Completely free

Scroll

What Is Risk Governance & Assurance?

Outer space is the strategic envelope around everything. From orbit, you can see the whole planet: every domain, every layer, every gap. Risk Governance and Assurance ensures your organization has the structure, oversight, and accountability to sustain all five inner layers of defense over time. This is the domain where cybersecurity meets the boardroom. You will learn how organizations measure risk (what could go wrong, how likely it is, and what it would cost), how compliance frameworks like NIST CSF, ISO 27001, and SOC 2 create structured approaches to security, and how governance committees ensure security investments are made wisely. If you enjoy systems thinking, policy design, strategic planning, or bridging the gap between technical teams and executive leadership, this domain is your launchpad.

PCA: Perpetual Compliance Assurance

“Compliance is not an event. It is a state.”

What You Will Learn

Six modules. 12 hours. Each one builds on the last. By the end, you will have a solid foundation in risk governance & assurance.

12h

Risk Management Basics

What risk means in cybersecurity. Likelihood, impact, and the risk equation.

22h

Governance Structures

Boards, committees, policies, and standards. How organizations govern security.

32h

Compliance Frameworks

NIST CSF, ISO 27001, SOC 2, CIS Controls. The major frameworks in plain language.

42h

Audit and Assessment

Internal audits, external assessments, gap analysis, and evidence collection.

52h

Risk Treatment

Accept, mitigate, transfer, avoid. How organizations decide what to do about risk.

62h

Your RGA Mission

Guided practical: conduct a basic risk assessment, build a risk register, recommend treatments.

Where Does RGA Take You?

Risk Governance & Assurance opens doors to real cybersecurity careers. Here are roles that professionals in this domain fill every day.

GRC Analyst

Manage compliance programs, conduct risk assessments, and maintain the documentation that proves an organization is secure.

Compliance Officer

Ensure organizational adherence to regulations and industry standards. Navigate HIPAA, PCI DSS, SOX, and more.

Risk Manager

Identify, assess, and prioritize organizational risks. Build risk registers and develop treatment strategies.

Audit Specialist

Conduct internal security audits, prepare for external assessments, and ensure control effectiveness.

Security Program Manager

Coordinate security initiatives across teams and business units. Drive roadmaps and measure program maturity.

CISO (path)

The ultimate leadership role in security. RGA is the primary domain for aspiring Chief Information Security Officers.

The CDA Difference

Perpetual Compliance Assurance (PCA)

“Compliance is not an event. It is a state.”

Conventional GRC training is about passing audits. CDA's Perpetual Compliance Assurance (PCA) methodology builds something more ambitious: compliance is not an event, it is a state. You will learn to build governance systems that maintain compliance continuously, not just at audit time. You will understand how to quantify risk in business terms, communicate security posture to boards, and design governance structures that actually drive improvement rather than generating paperwork.