Open in app

Sign in

Write

Sign in

I Passed the ISC2 CGRC Exam!!

Cheryl Abram
3 min readMay 31, 2022

📚Here are videos I created and FREE resources I’ve researched to help you study for, AND PASS, the Certified in Governance, Risk and Compliance (used to be called the Certified Authorization Professional (CAP)) exam:

In this video I provide detailed pointers from my mural to help you focus your study sessions. Use the timestamps to go to the sections you want to hear.

You Already Know Risk Management

Here I use an example of your home to demonstrate that we already know and understand risk management. If you clearly understand RISK understanding the CAP will be that much easier and intuitive.

FREE Online RMF Training

  1. Coursera.org Introduction to Risk Management https://www.coursera.org/lecture/risk-management-threat-modeling/risk-management-framework-kZwsO
  2. CDSE Intro to RMF https://securityawareness.usalearning.gov/rmf/index.htm

What Does an ISSO Do?

This video can help you understand the CGRC from the perspective of the Information System Security Officer (ISSO). Use the timestamps to go to the information that is most useful for you.

Sample Practice Questions & Answers (more Q&A at the link below)

These are sample questions from the CGRC exam. See the video below for no-fail tips on correctly answering exam questions — especially those questions where you are unsure of the correct answer.

Pass Any Certification Exam With These Tips!!!

Use these exam tips to correctly answer questions…when you don’t know the correct answer!

The NO FAIL way to pass your CompTIA, ISC2, ISACA, etc. exam is to get “inside the head” of the exam-writers to understand:

1. how the questions were written

2. why the questions were written that way, and

3. to select the answer that matches the exam-writer’s way of thinking.

The 5 No Fail Question Checks

1. What type of question is it? (direct, incomplete statement, scenario, experience/performance based)

2. Is the “stem” focused on one concept/topic? (no ambiguity about the question asked)

3. Is the “key” clearly the correct answer? (broad enough to be distinguished from distractors and/or something an inexperienced candidate won’t likely know)

4. Are distractors plausible? (a plausible distractor will look “right” to those who do not possess the knowledge or skill recommended for the exam)

5. Are distractors the same length, tense, and complexity as the key? (seasoned test takers will look for anomalies [e.g., longest and shortest options] as clues)

Visit my CGRC/CAP Mural at this link

This is the mural I use in 2 of the videos above.

https://app.mural.co/t/aesblueprint3430/m/aesblueprint3430/1605895750446/799c4255de83d86d83c3347e58ae0e1ea866158b?sender=ypifany1692

CGRC Exam Study Questions

https://www.edusum.com/isc2/cap-certification-sample-questions

Finally, find a few Risk Management professionals on LinkedIn (e.g., CISO, CIO, ISSM, ISSO, PM) and schedule a 30 minute information session with them to find out what they do, which NIST publications they work with and how they impact the RMF process.

For more Cybersecurity stories, information, and fun conversation, Subscribe to my YouTube channel Person-Centered Cyber.

It’s not who you are that holds you back, it’s who you think you’re not. I talk more about who we really are, and why knowing this matters on my Life Without a Witness YouTube Channel

Also, if you create cybersecurity training, want better business outcomes, and better performance at work, come see me on my Everyone Deserves an Ypifany (pronounced “epiphany”) Youtube Channel

Isc2
Cap Exam
Risk Management
Risk
Technology

--

--

Cheryl Abram

Written by Cheryl Abram

49 Followers

A spiritual doula working in cybersecurity. Follow me on YouTube http://www.youtube.com/personcenteredcyber & LinkedIn.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams