This course covers the role of governance and risk management in information security. It looks at the policies and standards that are needed to operate an effective information security function and to oversee good information security practices. The course also includes a look at how modern organizations manage information security risks and how to conduct a risk analysis. It concludes by examining the process for providing information security training and education. This course requires some basic understanding of IT concepts. The content in this course aligns with Domain One in the CISSP exam, offered by (ISC)2. However, the course can be taken as a stand-alone without the intention of sitting for the exam.