Formed in 1989, (ISC)2® is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 120,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™.
Compliance Mapping is serious business. It involves understanding sentence structures, grammar, terminological mapping, semantic relationships, and the various rules of term matching set forth by various ISO standards. (ISC)2 and the Unified Compliance team have joined forces to present this program.
Compliance Mapping is the process of matching one Citation’s Mandates to another Citation’s Mandates. An older methodology is from Citation to Citation in a matrix, with the newer methodology being each Citation to a Common Control in a star pattern. The process of compliance mapping consists of cataloging the Authority Document in question, extracting its pertinent Citations and Mandates, tagging the terms in those Mandates, selecting each tagged term’s in-context definition, mapping that tagged Mandate to a Common Control, and then matching the Common Control to corresponding Audit Questions as shown in the flow diagram below.
Through multimedia presentations, demonstrations and hands-on experiences, you will learn how to catalog Authority Documents, extract their pertinent Citations and Mandates, tag the terms in those Mandates, select each tagged term’s in-context definition, and then map that tagged Mandate to a Common Control. The goal of this training program is to prepare compliance mappers for the responsibility of mapping multiple Authority Documents correctly and accurately in a way that will satisfy auditors and regulators while simplifying governance for their organization or clients. After successful completion of the course, participants will be awarded the Compliance Mapping Certificate from (ISC)2, promoted to Mapper within the Unified Compliance Framework (UCF), and given full access to the UCF Mapper tool. There are currently seven modules for this course.
We begin this module by identifying the topics to be discussed in this course. Then we will define compliance and identify the steps to complete before you comply. We will conclude this module by discussing how to use the UCF mapping process to meet corporate compliance requirements.
In this module, you will learn how to navigate the UCF Mapper software. It is important for you to fully understand the software before beginning the mapping process. At the completion of this presentation, you will be able to use the UCF Mapper dashboard to analyze data, identify assignments and how to accept or reject them, and catalog Authority Documents and map their Citations using Project Pages.
In this module, we discuss what an Authority Document is, identify the main components of Authority Documents, and teach you the process and techniques surrounding the cataloging of Authority Documents.
In this module, we explore the Citation Extraction phase of the UCF Mapper process, discussing how to copy Citations and Citation References from the Authority Document; define, identify, and enter Citations; Citation References; Mandates and Stubs; and Information Gathering Citations.
In this module, we cover how to tag the nouns and verbs of each Mandate in a Citation. It is only through tagged Mandates that we can link each of the Citations to a Common Control. You will learn how to recognize the importance of machine assisted tagging; diagram sentences to identify nouns, verbs, primary nouns, primary verbs, secondary nouns, and secondary verbs; tag multiple Mandates from a Citation; and select the appropriate definition for a term depending on how it is used in the Mandate.
This is a vast module and one of the most important ones. In this module, we cover what you need to know to add new terms and their definitions to the Compliance Dictionary. You will learn how to assign each term a part of speech; how to add advanced semantic relationships to each new tem; how to add term designators; all of the intricacies of either finding or creating new definitions for the term; and then adding additional information to each term which is designated as a Named Entity (such as a Record Example, Asset, Group, etc.).
In this module you will learn how to match each tagged Citation’s Mandates to an existing Common Control, or designate that Mandate as having no match and therefore needing a new Common Control. You’ll learn about the various processes of harmonization and advanced semantic relationships as well as the various crosswalking rules and how they are applied during the matching process. You will then go through the process of matching sample mandates to each other.
This is an online course that is hosted by (ISC)2 with the practical application portion hosted by Unified Compliance. Each of the seven modules described above are covered online within (ISC)2’s online learning system.
Each module in the online learning system also has a corresponding practical application project and test within the actual UCF Mapper Software application.
There are course quizzes built into the (ISC)2 online course and each practical application project within the UCF Mapper is also graded. Each student must pass both the XXX quizzes and must pass the practical application projects within the UCF Mapper before receiving a passing score and receiving their Certificate in Compliance Mapping which also unlocks the full functionality of the UCF Mapper software.
Available credits: 8.00 CPE
Accreditation: Certified Compliance Mapper
Each organization must have the following UCF Common Controls Hub licenses:
Each person who wishes to use the UCF Mapper software and be a Certified Compliance Mapper must purchase the training course for $2,695 in addition to the CCH licenses above.
For pricing information for the UCF Common Controls Hub, click HERE.