Buy Tickets
 

Foundations of GRC: A Practical Introduction with ISO 27001

November 12th, 2025 | Bucharest

What is GRC and why does it matter for every IT and security professional? 

This workshop demystifies Governance, Risk, and Compliance by breaking down its core principles. We will explore how a GRC framework provides structure to an organization’s security strategy. To bring these concepts to life, we will use ISO 27001, the world’s leading information security standard, as a practical case study. 

You will learn how ISO 27001’s structure provides the ‘Governance,’ how its risk assessment process addresses ‘Risk,’ and how Annex A controls ensure ‘Compliance.’ 

We will also touch on Business Continuity Planning (BCP) to demonstrate how GRC helps build true organizational resilience. 

You’ll leave with a solid understanding of GRC and a practical roadmap for applying its principles.

Why is this workshop relevant?

Understanding GRC is no longer a niche skill – it’s a core competency for any aspiring leader in technology and security. 

This workshop moves beyond buzzwords to provide a foundational understanding of how to build and manage a structured security program. 

By using ISO 27001 as a guide, it provides a practical framework they can apply immediately, making them invaluable assets who can speak the language of business risk and strategic alignment.

Workshop agenda

  • Welcome and introductions.
  • Defining Governance, Risk, and Compliance (GRC) in plain language.
  • Why GRC is essential for modern businesses — from strategy to operations.
  • How ISO 27001 serves as a practical GRC framework we’ll use throughout the session.
  • Outcome: Participants understand the “big picture” of GRC and how it translates into daily security activities.
  • What governance means in security: structure, accountability, and leadership.
  • The anatomy of an Information Security Management System (ISMS).
  • Walkthrough of key ISO 27001 clauses (4–10) — the foundation for governance (Context, Leadership, Planning, Support, Operation, Performance Evaluation, Improvement).
  • The Statement of Applicability (SoA) as the governance bridge between policy and controls.
  • Exercise: Map your organization’s governance roles to ISMS requirements.
  • Understanding risk as the core of decision-making in security.
  • ISO 27001’s risk assessment and treatment process explained step by step.
  • Hands-on Lab: Conduct a guided risk assessment on a sample asset inventory — identify threats, assess impact/likelihood, and propose treatments.
  • Deliverable: A simple risk register and treatment plan you can reuse.
  • Why Business Continuity Planning (BCP) is an essential part of risk mitigation.
  • Key Concepts: Business Impact Analysis (BIA), Recovery Time Objective (RTO), Recovery Point Objective (RPO).
  • How BCP integrates with the ISMS (Annex A.17) as a resilience mechanism.
  • Mini-Exercise: Identify your organization’s critical business functions and map recovery priorities.

Outcome: Understand how governance and risk processes sustain business resilience.

  • From governance and risk to assurance: how compliance validates your system.
  • Practical overview of Annex A controls — linking risks to required safeguards.
  • The ISO 27001 certification journey: preparation, audit stages, and continuous improvement.
  • Tools, resources, and open Q&A.

Outcome: Know how to demonstrate compliance and prepare for certification.

Join this workshop!

About the trainer

ALIN MURESAN

Alin Muresan is a dynamic and results-driven IT Risk and Cybersecurity Professional specializing in Governance, Risk, and Compliance (GRC). As an Information Security Consultant, he has experience implementing Information Security Management Systems (ISMS) based on ISO 27001 for which he has an internal auditor certification. He is adept at assessing organizational maturity levels and conducting detailed gap analyses against a variety of critical standards, to help clients identify weaknesses and build strategic roadmaps for improvement. 

Alin specializes in the practical application of security standards. His hands-on experience is comprehensive, covering GRC strategy—such as leading ISO 27001 implementations and developing BCPs—as well as technical security through penetration testing. This dual perspective is complemented by his experience in business development and his background in scaling business operations with full P&L responsibility. This allows him to effectively align an organization’s security posture with its core business objectives and articulate the value of compliance as a strategic enabler. 

Deeply involved in the cybersecurity community, Alin serves as the Courses Coordinator for DefCamp and helps manage Hackout.ro, an organization dedicated to building a strong civic cybersecurity community through events like “Hackout Talks & Business”. These roles give him unique insight into the practical skills that attendees are eager to learn. His passion for community building and education makes him an engaging and effective instructor, dedicated to empowering others with actionable GRC knowledge.

Who is it for?

Skill Level: Beginner

Ideal for:

  • Anyone completely new to cybersecurity or a complete beginner with no prior knowledge.
  • IT professionals, junior security analysts, system administrators, developers, project managers, and anyone new to audit or compliance roles.
Secure your spot!

Key learning objectives: 

Define the core components of Governance, Risk, and Compliance (GRC)

Understand how frameworks like ISO 27001 provide a practical structure for GRC

Conduct an ISO 27001-aligned risk assessment to manage the “Risk” component of GRC

Outline the fundamentals of a Business Continuity Plan (BCP) as a key risk treatment strategy

Recognize the business value of a GRC program in driving organizational trust and resilience

Other information & prerequisites

No specific prerequisites are required. A general understanding of basic IT and networking concepts is beneficial but not mandatory.

Technical requirements for attendees:

  • Attendees must bring their own laptops.
  • A modern web browser (Chrome, Firefox, Comet, Edge).
  • A spreadsheet application (Microsoft Excel, Google Sheets, LibreOffice Calc).
  • A PDF reader for course materials.

Estimated Workshop Duration: 4-5 Hours

Language of Instruction: The workshop will be delivered in Romanian 

Participation fee: EUR 100
Register today!

FAQs

If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.

Yes, full refunds are available up to 15 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.