Governance, risk and compliance

What happens here?

Speciality areas:

  • Cyber Security Awareness and Training
  • Cyber Security advice and advocacy
  • Strategic Planning and Policy Development
  • Information Security Management System
  • Information Security Risk Management
  • Cyber Security Audit and Policy Compliance

What are some example roles in the area?

  • Chief Information Security Officer
  • Manager Information Security and Risk
  • Principal Security Specialist
  • Security Administrator
  • Security specialist

Information assurance

As defined by the SFIA foundation: Information assurance is the protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence. Here are some ways you could build this skill, which applies to a range of cyber security roles.


  • CISM Certified Information Security Manager
  • CISSP Certified Information Systems Security Professional
  • Certified Information Systems Auditor (CISA) Certification
  • CRISC Certified in Risk and Information Systems Control
  • CCSP Certified Cloud Security Professional
  • Security+


  • COBIT 5
  • Information Technology Infrastructure Library (ITIL)
  • Information Technology Service Management (ITSM)


  • ISO 27001 LI and ISO 27001 LA

Last Reviewed: 28 May 2021