FreeCourse
CourseraSelf-pacedNewly added
Welcome to the RecertHero soft launch!
Submit bugs, feature requests, and feedbackISACA · Self-paced
Self-paced opportunities that count toward CISM renewal — on-demand courses, video lessons, and self-study tracks you can finish on your own schedule. RecertHero estimates the CPE value of every opportunity, so you can plan toward the 120 CPEs CISM requires every 3 years — without re-keying each entry into ISACA's portal.
42 results mapped to CISM, soonest first.
Cyber threats present a constant challenge today, costing billions and affecting everyone, from governments to small businesses. Are you ready to contribute to the solution? This course will provide you with a deep understanding of cybersecurity principles, industry standards, regulations, and audit processes. You will explore the fundamental concepts of information security and compliance, covering topics such as governance, risk, compliance, cybersecurity frameworks, and process management. You will also learn about IT service management and explore the NIST risk management framework and AI ethical considerations. You will gain insights into cybersecurity laws and regulations, focusing on both US and global perspectives, including HIPPA, GDPR, and PCI DSS. Additionally, you will familiarize yourself with the audit processes using the COBIT framework and SOC reports. You will also explore prominent standards such as OWASP, ISO, and IEEE, learning how to apply them effectively. Throughout this five-module self-paced course, you will engage in interactive activities to apply your knowledge in real-world scenarios. You will also complete a final project to test your skills and showcase your understanding. Join us on this cybersecurity journey!
AI For Incident Responders — self-paced course on Cybrary. Visit the course page for full details and prerequisites.
AI For Grc Analysts — self-paced course on Cybrary. Visit the course page for full details and prerequisites.
Updated in May 2025. This course now features Coursera Coach! A smarter way to learn with interactive, real-time conversations that help you test your knowledge, challenge assumptions, and deepen your understanding as you progress through the course. This comprehensive course is designed to equip you with the knowledge and skills necessary to effectively audit IT project governance and system development processes. It begins with an overview of project governance and management, emphasizing the roles and responsibilities of key stakeholders, including project sponsors and the Project Management Office (PMO). You will gain a solid understanding of project initiation, planning, and execution phases, learning how to differentiate between auditing project content and project execution. Special focus is given to the project management methodologies, such as Agile and Predictive approaches, and the essential procedures for closing projects, ensuring you are well-versed in each phase of the project lifecycle. The course then transitions to system development and risk management, where you will explore various system development lifecycle (SDLC) models and their associated risks. You will learn how to assess these risks and understand different software development methods, including the use of Computer Aided Software Engineering (CASE) tools and fourth-generation languages (4GLs). Key topics such as business case development, feasibility analysis, and the identification and design of effective data controls are thoroughly covered, preparing you to evaluate system and software development from an IS auditor's perspective. In the final modules, the focus shifts to testing methodologies, data integrity, and change management. You will delve into decision support systems, testing plans, and methodologies to ensure data integrity and accuracy in application systems. The course also covers data migration processes, changeover techniques, and post-implementation reviews (P
Multi-course professional certificate program on edX. Self-paced with verified certificate option. Visit the program page for full curriculum, institution, and pricing details.
This course is designed to demystify Zero Trust security and guide learners through practical implementation. Based on the principle of “never trust, always verify,” this course explains what Zero Trust is, why it matters, and how organizations can begin their Zero Trust journey. Key topics include network, endpoint, and cloud security, starting with foundational concepts and addressing misconceptions—highlighting that Zero Trust is not achieved by simply deploying technologies. Real-world use cases, assessment methodologies, and maturity ranking techniques help participants create a customized Zero Trust strategy for their business. The curriculum explores modern Zero Trust standards and frameworks, such as NIST and the Open Group, moving from principles to architectural design. With a focus on practical application and strategic planning, this course is ideal for anyone responsible for organizational security seeking to enhance their defense strategy using Zero Trust.
Access Control Basics 4b6c9 — self-paced course on Cybrary. Visit the course page for full details and prerequisites.
Build a complete event collection and response architecture in Microsoft Sentinel. Set up and secure a Microsoft Sentinel workspace, deploy Content Hub solutions, connect Azure resource data, collect Linux and Windows security events with data collection rules, implement automated response workflows with Logic Apps playbooks, and manage data retention for compliance.
ISC2 Think Tank Webinars—Cybersecurity Thought Leadership 60-minute roundtable webinar where influential security experts present and debate on a range of thought-leadership topics surrounding today’s most pressing security challenges. — webinar from ISC2. Visit the page for date, presenters, and registration details.
Detecting Malicious Activity in Large Enterprises Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 10 Sep 2020 Technical Presentation View details
Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Survey Results Any successful security operations center (SOC) will combine skilled people, effective processes and efficient technology. Previous SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. From that skills base, sophisticated technology and tools can be used as a force multiplier. CISOs and SOC managers who can reduce or close their critical skills gaps have the highest probability of minimizing business impact from cyberattacks when budgets and staffing are constrained. Webcast attendees will learn:Where hiring managers turn when sourcing potential new hiresWhich skill areas are most sought afterWhat technologies employers wish new hires had hands-on experience usingWhich security technologies are perceived as enabling organizations to delay or mitigate the need for additional staff Register today to be among the first to receive the associated whitepaper written by SANS Director of Emerging Security Trends, John Pescatore. Click here'to register for a companion webcast to be held at 1 PM ET on Thursday, July 30, 2020 ' a panel discussion with survey author John Pescatore and selected sponsors that digs more deeply in to the results.WebinarCyber Defense Presented: 29 Jul 2020 Technical Presentation View details
How Are Remote Workers Working? A SANS Poll Remote work has quickly become the \new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. 'How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. 'Ensuring that teams are equipped, communicating, and are safe at home is key during this time.'this webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.WebinarCyber Defense Presented: 4 Jun 2020 Technical Presentation View details
2020 SANS Cyber Threat Intelligence (CTI) Survey Results Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. The 2019 CTI survey saw an increase in usage of and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continued to grow, it became evident that there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs.The 2020 Cyber Threat Intelligence (CTI) Survey builds on previous surveys to provide guidance on how organizations of all types can get the most out of CTI. Attendees at this webcast will gain insight into:How consumers and generators of CTI leverage, create and measure intelligenceWhat progress has been made on automation of intelligence collection and processingWhat improvements organizations have realized as a result of using CTIWhich best practices are in use across respondents' organizationsRegister today to be among the first to receive the associated whitepaper written by SANS instructor and CTI expert Robert M. Lee.Click here to register for a panel discussion of the survey results on Thursday, February 13, 2020, at 1PM Eastern. On this webcast, Robert M. Lee and sponsor speakers will explore how these results can improve CTI programs.WebinarDigital Forensics and Incident Response Presented: 11 Feb 2020 Technical Presentation View details
Building and Maturing Your Threat Hunt Program While threat hunting sounds exciting--and promising--building an effective program can be daunting. The very definition of threat hunting is fluid, creating confusion about how to use it. Practitioners often have varying opinions about what would be involved in a threat hunt program and how to use it. And, there are many questions about how to develop a program that can evolve into an effective, mature one.In this new SANS webcast, SANS instructor Davis Szili, with insights from a Cisco representative, will help attendees define threat hunting and create an effective process for using it.'the webcast will address getting started, including building a team, what a typical hunt might look like and building a knowledge base for later use. 'Attendees also will learn how to create a test lab and use effective metrics.Register now and be among the first to receive the associated white paper written by David Szili.WebinarDigital Forensics and Incident Response Presented: 25 Jun 2019 Technical Presentation View details
Empowering Incident Response via Automation Despite advances in incident response, the security community tells SANS there are plenty of things to fix. Automation is sometimes presented as the solution, but what does that mean? In a new SANS webcast and paper, we will talk about automation to empower your employees and make them more successful.While we are making noticeable advancements in some areas, such as dwell times, there's still significant room for improvement in automation. Join us to examine some of the critical issues facing incident responders today. These issues, which may vary in your organization, typically include:The inability to move from remediation/eradication to recoveryMonotonous and/or laborious processes that eat up time that could be spent dealing with incidentsLack of data enrichment to help make investigative decisionsLack of investigative tracking mechanisms to help teams "learn from the past"Register to attend this webcast and be among the first to receive the associated whitepaper written by SANS community instructor and analyst, Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 22 Mar 2019 Technical Presentation View details
Enforce security governance and regulatory compliance across Azure environments using Azure Policy, Microsoft Defender for Cloud, Azure RBAC. Then enable Azure Backup security features, and infrastructure as code scanning.
Microsoft 365 Copilot accesses organizational data to generate responses, which introduces new risks for sensitive information exposure. Learn how to use Microsoft Purview audit, sensitivity labels, and data loss prevention to investigate, classify, and protect data in a Copilot-enabled environment.
Enhance security operations by using Microsoft Security Copilot (SC-5006).
Reduce data exposure risk by using Data Security Posture Management in Microsoft Purview to assess posture, protect sensitive data, and investigate risks.
Build hands-on expertise with Microsoft Security Copilot. Start with enabling the solution and writing effective prompts to configuring enterprise workspaces and managing plugins and agents at scale.
Organizations need to classify, label, and protect sensitive data to prevent exposure and ensure compliance. Microsoft Purview solutions provide data classification, sensitivity labels, and encryption to secure information across Microsoft 365 and on-premises storage. This learning path aligns with exam SC-401: Microsoft Information Security Administrator.
Implement Microsoft Purview Insider Risk Management to detect, investigate, and respond to internal risks while protecting data, ensuring compliance, and maintaining employee trust.
SC-100: Design security operations, identity, and compliance capabilities
A facilitator's kit + recording of a 90-minute exercise simulating a ransomware incident touching on-prem AD, two cloud tenants, and a third-party MSP. Includes injects, scoring sheet, and after-action template.
ImportantRecertHero is an independent aggregator. Credit estimates are guidance only — always verify with your certifying body.