Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Cybersecurity Governance: 16 Steps with NIST & ISO

Cybersecurity Governance: 16 Steps with NIST & ISO

Instructors: Paweł Mielniczek

Included with Coursera Plus

Learn more

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

What you'll learn

Analyze your organization’s risk landscape to scope and map controls, governance gaps and priorities.  
Implement automated workflows using a 16-step blueprint to integrate cloud security and privacy safeguards.  
Evaluate control effectiveness by applying incident response and continual improvement.  
Create a fully audit-ready cybersecurity governance program.

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 6 modules in this course

Unify your cybersecurity standards into a resilient, audit-ready governance program.

In today’s complex risk environment, even a single supply chain breach can lead to severe regulatory penalties and reputational harm. This course provides a repeatable, risk-based approach to integrating ISO 27001, ISO 27002, ISO 27701, and the NIST Cybersecurity Framework—ideal for compliance leaders preparing for certification or strengthening their information security posture. Through a structured 16-step blueprint and hands-on demonstrations, you’ll learn to scope your ISMS, conduct risk assessments, map controls, and align cloud and privacy safeguards. You’ll apply ISO and NIST standards to real-world scenarios, using templates, checklists, and workflows to streamline documentation and incident response. By course end, you'll be equipped to build and maintain a governance framework that meets global cybersecurity standards and scales with organizational risk.

In this course, you’ll learn how to integrate ISO 27001/27002/27701 with the NIST Cybersecurity Framework through a structured, 16-step blueprint. You’ll focus on translating global standards into actionable governance practices, from scoping and risk assessment to control mapping, cloud and privacy safeguards, and continuous improvement. Through concise expert-led videos, hands-on templates, and workflow demonstrations, you’ll gain the skills to design and operate a repeatable, audit-ready governance program. By the end, you’ll be equipped to unify fragmented processes, strengthen risk-driven decision-making, and deploy a resilient framework that adapts to evolving threats and regulatory demands.

What's included

1 video1 reading1 plugin

In this module, you’ll explore how to establish the foundation for a resilient cybersecurity governance program. You’ll examine how to define the purpose, scope, and context of an Information Security Management System (ISMS) aligned with ISO 27001 and the NIST Cybersecurity Framework. You’ll learn how to engage leadership, align stakeholders, and set clear roles and responsibilities through governance tools and RACI matrices. Finally, you’ll apply strategies for developing success criteria, mapping strategic goals, and scoping processes to ensure accurate, audit-ready implementation.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 63 minutes

Module Introduction  1 minute
Define ISMS Success Criteria 7 minutes
Map Strategic Goals to NIST CSF 7 minutes
Select Governance Tools and Inputs 4 minutes
Process Mapping for ISMS Scope 7 minutes
Policy and Boundary Setting 5 minutes
Contextualize Governance Risks 7 minutes
Establish Sponsorship Channels 8 minutes
Define Roles and RACI 7 minutes
Leadership Approval Process 5 minutes

1 readingTotal 5 minutes

The Role of Leadership in ISO 27001 Compliance 5 minutes

1 assignmentTotal 20 minutes

Governance Planning & Scoping 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Build a Governance RACI Matrix 10 minutes

1 discussion promptTotal 10 minutes

Bridging Strategy and Scope10 minutes

In this module, you’ll explore how to conduct risk-driven governance by applying structured frameworks for assessment and control alignment. You’ll examine ISO 27005 and NIST SP 800-30 methods to identify, analyze, and prioritize risks, while setting acceptance thresholds that reflect business goals and compliance drivers. You’ll also learn to tailor ISO Annex A and NIST CSF controls to organizational risk profiles, justify selections for audit readiness, and integrate cloud and privacy safeguards from ISO 27017, ISO 27701, and the NIST Privacy Framework. Finally, you’ll apply documentation strategies and practical tools to deliver audit-ready risk registers, control mappings, and privacy addenda that strengthen governance and resilience.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 62 minutes

Module Introduction  1 minute
Conduct ISO/NIST Risk Analysis 9 minutes
Define Risk Acceptance Criteria 6 minutes
Prioritize Control Objectives 5 minutes
Use Control Mapping Tools 6 minutes
Tailor Controls to Risk Profile 6 minutes
Document Mapping Justification 4 minutes
Map Cloud Controls 7 minutes
Assess Privacy Gaps 9 minutes
Write Privacy Addendum 5 minutes

1 readingTotal 5 minutes

Introduction to the NIST Privacy Framework 5 minutes

1 assignmentTotal 20 minutes

Risk Assessment & Control Tailoring 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Map Privacy Controls Across ISO 27701 and NIST 10 minutes

1 discussion promptTotal 10 minutes

Justifying "Equivalent" Controls to Auditors 10 minutes

In this module, you’ll explore how to operationalize cybersecurity governance through continuity planning, technical safeguards, and workforce awareness programs. You’ll examine ISO 22301 and NIST CSF recovery practices to build resilience against disruptions, while applying ISO 27017 and NIST SP 800-53 to deploy cloud and technical controls. You’ll also design staff training initiatives that foster a security-aware culture and implement ISO 30111 and NIST SP 800-40 methods for vulnerability and patch management. By the end, you’ll have the tools to enforce governance effectively, minimize downtime, and ensure ongoing compliance.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 63 minutes

Module Introduction  1 minute
ISO/NIST Recovery Principles 8 minutes
Designing Continuity Plans 8 minutes
Simulating Failover Workflows 4 minutes
Technical Control Deployment 7 minutes
Launch Awareness Training 7 minutes
Secure Workflow Assignments 4 minutes
Patch Methodologies Overview 7 minutes
Automate Patch Monitoring 6 minutes
Track Remediation Logs 5 minutes

1 readingTotal 10 minutes

Patch Management: Definition & Best Practices 10 minutes

1 assignmentTotal 20 minutes

Governance Implementation 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Create a Patch Management SOP 10 minutes

1 discussion promptTotal 5 minutes

Aligning Recovery Plans with Technical Reality 5 minutes

In this module, you’ll explore how to strengthen governance through proactive monitoring, incident response, and continuous optimization. You’ll examine ISO 27035 and NIST SP 800-61 playbooks to design incident-response plans, define roles, and conduct readiness drills. You’ll establish measurable KPIs and tier-based metrics with ISO 27004 and NIST frameworks to ensure audit readiness and build compliance dashboards. Finally, you’ll apply automation and AI-driven workflows to streamline monitoring, reuse templates, and embed feedback loops that drive ongoing improvement and scalability of your ISMS.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 53 minutes

Module Introduction  1 minute
ISO/NIST IR Playbooks 7 minutes
Define IR Roles & Teams 4 minutes
Simulate IR Drill Planning 5 minutes
Define KPIs & Tier Metrics 4 minutes
Develop Dashboards 4 minutes
Prepare Audit Evidence Logs 5 minutes
AI-Powered Monitoring 7 minutes
Template Reuse & Control Sync 8 minutes
Optimize Control Improvements 5 minutes

1 readingTotal 5 minutes

How Generative AI Helps Risk & Compliance  5 minutes

1 assignmentTotal 20 minutes

Monitoring, Auditing & Continuous Improvement20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Automate Governance Monitoring10 minutes

1 discussion promptTotal 10 minutes

Overcoming Barriers to Continuous Compliance10 minutes

In this wrap-up module, you’ll consolidate your learning by applying governance planning, risk assessment, implementation, and monitoring skills in a multi-layered breach simulation. By the end, you’ll showcase the skills to lead resilient cybersecurity programs that adapt to threats, meet compliance demands, and strengthen organizational trust.

What's included

1 video1 peer review

Instructors

Paweł Mielniczek

18 Courses16,701 learners

Starweaver

437 Courses808,684 learners

Offered by

Starweaver

Why people choose Coursera for their career

Felipe M.

Learner since 2018

"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020

"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021

"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Learn more

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Explore degrees

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Learn more

Frequently asked questions

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

You will be eligible for a full refund until two weeks after your payment date, or (for courses that have just launched) until two weeks after the first session of the course begins, whichever is later. You cannot receive a refund once you’ve earned a Course Certificate, even if you complete the course within the two-week refund period. See our full refund policy.