Create your free account now and immediately get access to 100s of online courses.
[contact-form-7 id="85" title="Get It Now"]PG Diploma in Technology Risk Management
1 Year on Campus
Experience 6 months of immersive classroom learning and 6 months of full-time internship to kickstart your career.
410 Hours of Learning
180 hrs teaching, 80 hrs projects
Minimum 50% Score
Graduates must have 50% or more and successfully pass a combined assessment and personal interview.
Seat Availability
Only 50 seats for Jan & Aug batches, admission via interview.
Who all can apply for PGDTRM?
Freshers/Graduates
52% of freshers join the PGDTRM programme, with a median CTC of ₹6 LPA
Working Professionals
48% of students with 1–2 years’ experience achieve 100% average CTC growth.
All Streams
50% students from non-commerce, 50% from commerce backgrounds equally.
- Strategic Risk
- Data Privacy
- Financial Risk Management (FRM)
- Cyber Security Risk
- IT Risk Management
- Financial Reporting Risk
- Financial Reporting Risk
- Enterprise Risk Management (ERM)
- Regulatory Compliance
- Third Party Risk Management
- Environment, Social, Governance (ESG)
- Corporate Governance
- Applied Data Analytics
- Fundamentals of Research Methodology
Areas Covered as part of the 1 Year Specilsation in Risk Management
- Overview of Technology Risk Management
- Introduction to Audit (ICFR)
- Introduction to IT Controls and Types of IT Controls
- ITGC Domains Overview
- Data Centre and Network Operations Controls
- SOC 1 / SOC 2 / SOC 3 Reports
- Change Management Controls
- Applied Cyber Security – Introduction
- Data Loss Prevention (DLP)
- NIST, ISO 27001 and COBIT Framework
- Technology Deep Dive – SAP, Oracle, JD Edwards, PeopleSoft, Workday, Operating Systems, Databases
Areas Covered as part of the 1 Year Specialization in Risk Management
Job Roles - Our Alumni work in
Risk Advisory – Cyber
Cyber Risk Consultant
Risk Advisory: Detect & Respond
Risk Advisory – Cyber and Strategic Risk
Risk Advisory Cyber Engineering Services
Risk Advisory – Technology
Technology Risk Management
Technology Lead – Manager
Technology and Solution Architect
Consulting: Cloud Engineering
Digital Trust IT Audit
Risk Assurance & Internal Controls
Risk Advisory Internal Audit Analyst
Risk Advisory: Accounting & Internal Controls (ITSA)
ITSA – ITGC Manager
Risk Advisory – Data Privacy & Regulatory
Risk Advisory – Data Privacy
Regulatory and Legal Services
Risk Advisory – Forensics & Investigations
Risk Advisory Forensic Technology Services Manager
Financial & Transaction Advisory
Financial Advisory – Transaction Services
Job Roles - Our Alumni work in
Why PGDRM?
Learn from business leaders and enjoy 2X Career Growth enhancement.
Why PGDTRM?
Global Recognition
This 1-year programme is jointly offered by NU University and GRMI. NU University is a recognised institution notified under Section 2(f) of the UGC Act and established by the Government of Rajasthan through its Legislative Act. The programme provides globally relevant skills in cybersecurity and IT risk management, and graduates also gain international recognition for their expertise.
Accelerated Career Growth
Learn from experienced industry practitioners and experience 2X Career Growth, results in fast-tracking your advancement in tech risk management.
Practical Exposure
6-month guaranteed internship part of the programme.
Strong Placement Opportunities
Graduates have secured positions in top consulting and IT firms such as Deloitte, PwC, KPMG, and EY. This opportunity enhances career advancement while delivering practical, real-world experience in IT and technology risk management.
Hands-on Curriculum
Trimester 1 Subjects:
1.1: Overview of ITRM
1.2: Introduction to audit, need for ITRM in audit
1.3: Scoping, planning, execution, and reporting considerations in an audit
1.4: Type of IT controls
1.5: ITGC – Logical Access Controls
1.6: ITGC – Change Management Controls
1.7: ITGC – Data Center, Network, Operations, Incident Management Controls
1.8: ITGC – Other Controls (physical access, incident management, etc.)
1.9: SOC1 / 2 / 3 reports
Trimester 2 Subjects:
Trimester 3 & 4:
Internship (under dual mentor – NU & Industry)
Detailed Content module-wise:
LTPC: 2-0-0-2
Course
Description:
This course aims to provide students with a comprehensive understanding of how technology can be leveraged within various business contexts. It covers the integration of technology in different business processes, the impact of technological advancements on business models, and the strategic use of technology to gain competitive advantage. Students will explore case studies, current trends, and practical applications to understand the dynamic relationship between technology and business operations.
Topics to be covered:
Module 1: Organizational Frameworks and Business Models
- Overview of organizational structures and the McKinsey 7-S model.
- Impact of technology on different business models.
Module 2: Business Value Chain
- Understanding the value chain and its components.
- Key steps and technological tools in the procurement to payment cycle.
Module 3: Order to Cash Process
- Enhancing the order to cash process with technology.
Module 4: Organizational Agility and Innovation
- Promoting agility and adaptability through technology.
- Fostering innovation within an organization.
Textbooks:
- 1. Business Model Generation” by Alexander Osterwalder and Yves Pigneur.
- 2. “Digital Transformation: Survive and Thrive in an Era of Mass Extinction” by Thomas M. Siebel
- 3. “Lean Enterprise: How High-Performance Organizations Innovate at Scale” by Jez Humble, Joanne Molesky, and Barry O’Reilly
Reference Books:
- 1. Michael Porter’s Value Chain: Unlock your company’s competitive advantage
- 2. Frameworks for Organizational Design by Harvard University
LTPC: 2-0-0-2
Course Description:
This introductory course lays the foundation for understanding IT risk management and the role of IT general controls (ITGC) in safeguarding an organization’s information systems. Participants will explore the key principles and frameworks around IT general controls including overview of IT risk management, domains of IT audits, and nature, timing, execution, and reporting considerations in IT general controls. The course also covers the essential components of ITGC, such as access controls, change management, and operational controls, and their significance in maintaining the integrity, confidentiality, and availability of IT systems.
Topics to be covered:
Module 1: Overview of ITRM
- Overview of ITRM
Module 2: Introduction to audit, need for ITRM in audit
- Introduction to audit
- Types of audits (goals and objectives)
- Auditor roles and responsibilities
- Attributes of a successful auditor
Module 3: Scoping, planning, execution, and reporting considerations in an audit
- Planning and scoping an audit
- Types of audit reports and reporting considerations
Textbooks and reference books:
- Managing Risk in Information Systems by Darril Gibson
- IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter
- Risk Management in IT Security: Risk Assessment for Business Processes and Internal Controls by Timothy P. Layton
Other Reference Documents:
- “A Framework for Managing IT Risk” by George Westerman and Richard Hunter, published in Harvard Business Review
- “IT Risk Management: Framework and Best Practices” by Michael Parent and Barbara Reich, published in Journal of Information Technology Management
LTPC: 3-0-0-3
Course Description:
Building on the foundational knowledge from Part 1, this advanced course delves deeper into sophisticated IT risk management strategies and the practical implementation of IT general controls. Participants will learn to design and deploy robust ITGC frameworks tailored to their organization’s needs. The key domains to be covered for IT general controls are logical access, change management, data center, network operations, physical security, incident management controls. Further, the participants will also learn about types of SOC reports and organization’s need for different types of SOC reports.
Topics to be covered:
Module 1: Type of IT controls
- Introduction to IT technology layers (applications, OS, DB, network)
- ITGC domain introduction
Module 2: ITGC – Logical Access Controls
- Passwords control
- User provisioning
- User de-provisioning
- User transfers
- Privileged access
- User access review
Module 3: ITGC – Change Management Controls
- Change management – Development, testing, approval
- Segregation of duties in change management
- Access to implement changes
- Post implementation change review
Module 4: ITGC – Data Center, Network, Operations, Incident Management Controls
- Access to make changes to batch jobs
- Job failure and monitoring
- Data backup configuration testing
- Data backup failure monitoring and resolution
- Two factor authentication
- Network architecture segmentation
- Periodic vulnerability scans
Module 5: ITGC – Other Controls (physical access, incident management, etc.)
- Physical security
- Periodic log review
- Incident management controls
Module 6: SOC1 / 2 / 3 reports
- Introduction to SOC reports, why do organizations need SOC reports
- SOC 1, SOC 2, SOC 3 reports, comparison for scope, and need for each type of SOC report
Textbooks:
- IT Control Objectives for Sarbanes-Oxley: The Importance of IT in the Design, Implementation and Sustainability of Internal Control Over Disclosures and Financial Reporting by IT Governance Institute
- Information Technology Control and Audit by Sandra Senft and Frederick Gallegos
Reference Books:
- N/A
Other Reference Documents:
- “The Role of IT General Controls in Sarbanes-Oxley Compliance” by David A. Hodgson, published in Information Systems Control Journal
- “Understanding IT General Controls” by Thomas P. Murtagh, published in ISACA Journal
LTPC: 3-0-0-3
Course Description:
This comprehensive course equips you with the essential knowledge and skills to navigate the ever-evolving cybersecurity landscape. You’ll gain a solid understanding of core cybersecurity principles, explore the OWASP Top 10 web application security risks, and delve into the collaborative DevSecOps approach for integrating security throughout the software development lifecycle.
Topics to be covered:
Module 1: Introduction to Cybersecurity
What is Cybersecurity? Importance and Scope
- Core Security Concepts: CIA (Confidentiality, Integrity, Availability)
- Types of Cyber Threats and Actors (Malwares, Phishing, Ransomware)
- Impact of Cyberattacks (Data Breaches, Financial Loss, Reputational Damage)
- Introduction to Cybersecurity Frameworks (NIST CSF, ISO 27001)
Module 2: OWASP Top 10 Web Application Security Risks
OWASP and its Role in Web Application Security
In-depth exploration of each OWASP Top 10 risk:
- A1: Injection
- A2: Broken Authentication
- A3: Cross-Site Scripting (XSS)
- A5: Security Misconfigurations
- A6: Vulnerable and Outdated Dependencies
- A7: Cross-Site Request Forgery (CSRF)
- A8: Security Issues in Software Supply Chain
- A9: Security Testing Failures
- A10: Insufficient Logging & Monitoring
Detection, Prevention, and Mitigation Strategies for OWASP Top 10 risks
Hands-on Labs: OWASP Top 10 vulnerability scanning and exploitation simulation.
Module 3: DevSecOps Principles and Practices
- Introduction to DevSecOps: Integrating Security into the SDLC
- Benefits of Implementing DevSecOps
- DevSecOps Pipeline: Security Considerations in Each Development Phase
- Secure Coding Practices
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Infrastructure Security as Code
- Security Automation and Orchestration
- Collaboration between Development, Security, and Operations Teams
- Continuous Integration and Continuous Delivery (CI/CD) with Security
- DevSecOps Tools and Technologies
Textbooks:
- Penetration Testing – A Hands-on Introduction to Hacking” by Georgia Weidman, No starch Press; 1st edition
- The Web Application Handbook” by Dafydd Stuttard and Marcus Pinto, Wiley; 2nd Edition
Reference Books:
- The Hackers Playbook 1, 2 and 3, Peter Tim
LTPC: 4-0-0-4
Course Description:
This module equips you to comprehend and analyze the landscape of cyber and information security regulations and compliances that organisations operate in. The module will help students understand how business models should be underpinned by embedded cyber controls aligned to the organization’s risk posture and leading practices. The content will also examine in detail key Cybersecurity frameworks like ISO 27001, NIST and COBIT with a focus on aligning controls to cybersecurity operational challenges.
Topics to be covered:
Module 1: Key cyber risk frameworks: ISO 27001, NIST
- Domains attached to each framework and framework specific approaches
- Differences between various frameworks
- Risk and controls matrices
- Case studies about business scenarios to showcase how these frameworks apply for industry specific risks. and then link back to the controls that would be needed to.
Module 2: Elements and approach of COBIT 5 framework
Module 3: Overview of regulatory requirements for cyber laws
- Overview of key IT and cyber laws in India
- IT Act, 2000
- IT (Amendment) Act, 2008
- EWaste Management Act
- Key International regulations
- EU Data Act, 2024
- EU Data Governance Act 2023
- EU Artificial Intelligence Act 2024
- GLBA
- HIPAA
Textbooks:
- Introduction to Cybersecurity: Concepts, Principles, Technologies and Practices by Ajay Singh
- The Cybersecurity Manager’s Guide: The Art of Building Your Security Program (Grayscale Indian Edition) by Todd Barnum
- Iso/Iec 27001: 2022: An introduction to information security and the ISMS standard 15 November 2022 by Steve G Watkins
Reference Books:
- Cybersecurity Awareness Among Students and Faculty, Book by Abbas Moallem.
- Cyber Security ABCs: Delivering awareness, behaviours and culture change – 2020, by Jessica Barker, Adrian Davis, Bruce Hallas and Ciaran Mc Mahon.
- The Ethics of Cybersecurity (The International Library of Ethics, Law and Technology Book 21) 1st ed. 2020 Edition by Markus Christen
- Cybersecurity for Dummies Paperback – 1 February 2020 by Joseph Steinberg (Author)
- Mastering COBIT: A Comprehensive Guide to Learn COBIT by Cybellium Ltd and Kris Hermans
- NIST CSF: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
- NIST 800-53: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
LTPC: 2-0-2-3
Course Description:
This intensive, hands-on course equips you with the expertise to conduct comprehensive vulnerability assessments and penetration testing (VAPT). You’ll gain a deep understanding of various attack sources and methodologies, explore industry-standard tools for vulnerability scanning and exploitation, and develop the practical skills to identify, assess, and exploit vulnerabilities in real-world scenarios.
Topics to be covered:
Module 1: Foundations of VAPT
- Introduction to VAPT: Importance and Scope
- Vulnerability Assessment vs. Penetration Testing (PT)
- Penetration Testing Methodologies (White Box, Black Box, Grey Box)
- Ethical Hacking Principles and Professional Conduct
- VAPT Lifecycle: Planning, Scanning, Exploitation, Reporting, Remediation
Module 2: Sources of Attacks and Reconnaissance
- Understanding Attack Surfaces (Web Applications, Networks, Systems)
- Open-Source Intelligence (OSINT) Gathering Techniques (Public Records, Social Media)
- Network Reconnaissance: Foot printing, Scanning, Enumeratio
Module 3: Exploitation Methodologies
- Common Exploit Types (Buffer Overflow, SQL Injection, XSS)
- Privilege Escalation Techniques (Local, Vertical)
- Post-Exploitation Activities: Maintaining Access, Lateral Movement
Module 4: Penetration Testing Tools and Techniques
- Password Cracking Concepts (Methods, Tools)
- Wireless Network Penetration Testing Concepts (Tools, Techniques)
- Social Engineering Techniques (Phishing, Vishing)
- Web Application Security Testing Concepts (Tools, Techniques)
Module 5: Reporting and Remediation
- VAPT Report Writing: Structure, Content, and Recommendations
- Vulnerability Remediation Strategies and Prioritization
- Post-Penetration Testing Activities: Retesting and Validation
Textbooks:
- Penetration Testing – A Hands-on Introduction to Hacking” by Georgia Weidman, No starch Press; 1st edition
- The Web Application Handbook” by Dafydd Stuttard and Marcus Pinto, Wiley; 2nd Edition
Reference Books:
- The Hackers Playbook 1, 2 and 3, Peter Tim
- Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws” by Dafydd Steffan (2017, Wiley, ISBN: 9781119460507)
- Kali Linux: Assuring Security by Penetration Testing” by Rolling Stone Security (2018, No Starch Press, ISBN: 9781593279304)
LTPC: 2-0-0-2
Course Description:
This module will introduce the various concepts of cloud architecture including benefits, limitations and approaches to adoption. It will also cover in detail the CSA – CCM framework to enhance the student’s understanding of risks, controls and leading practices in this space.
Topics to be covered:
- Overview of Cloud Security Risk
- Definition for cloud
- Benefits of cloud adoption
- Cloud limitations
- Cloud Architecture
- Cloud computing features and characteristics
- Cloud computing deployment models
- Cloud security considerations and audit pointers
- Leading practices for cloud
- Future of Cloud computing
- Cloud security alliance – Cloud control matrix
- Business case study
- Define business model risks
- Define controls from CSA – CCM
- General guiding principles for platforms like Azure configurations or AWS configurations in a cloud implementation
- Market changes affecting business environments and impacts on cloud risk.
Textbooks:
- Cloud Computing: Concepts, Technology, Security & Architecture, 2nd Edition – Pearson Paperback – 29 February 2024 by Thomas Erl (Author), Eric Barceló Monroy (Author)
- CSA – CCM https://cloudsecurityalliance.org/research/cloud-controls-matrix
Reference Books:
- Cloud Computing for Dummies, 2ed | e Paperback – 1 November 2020 by Judith Hurwitz , Daniel Kirsch
- Security for Cloud Native Applications: The practical guide for securing modern applications using AWS, Azure, and GCP by Eyal Estrin | 25 March 2024
LTPC: 1-0-2-2
Course Description:
This course equips you with the knowledge and skills to navigate the ever-evolving threat landscape. You’ll delve into various sources of cyber-attacks, explore industry-standard threat intelligence tools, and learn how to leverage this information to proactively defend your organization’s security posture.
Topics to be covered:
Module 1: Introduction to Threat Intelligence (TI)
- What is Threat Intelligence? Importance and Benefits
- The Threat Intelligence Cycle: Collection, Analysis, Dissemination, and Action
- Understanding the Attack Landscape (Types of Threats, Attackers, Motivations)
Module 2: Sources of Cyber Attacks
- Internal Sources: Logs, Incident Reports, Vulnerability Scans
- Open-Source Intelligence (OSINT): Gathering Information from Public Sources
- Commercial Threat Intelligence Feeds: Vendor-provided Threat Data
- Government and Law Enforcement Agencies: Security Advisories and Alerts
- Dark Web Monitoring: Identifying Threats on Hidden Forums and Marketplaces
Module 3: Threat Intelligence Tools and Platforms
- Security Information and Event Management (SIEM) Systems: Centralized Log Collection and Analysis
- Threat Intelligence Platforms (TIPs): Aggregating, Analyzing, & Correlating Threat Data
- Threat Modeling Tools: Identifying Vulnerabilities and Simulating Attack Scenarios
- Vulnerability Scanners: Identifying Security Weaknesses in Systems and Networks
- Web Traffic Analysis Tools: Detecting Malicious Activity on Websites
Module 4: Implementing Threat Intelligence
- Integrating Threat Intelligence into Security Operations
- Threat Alert Prioritization and Response Strategies
- Sharing Threat Intelligence Across Security Teams
- Measuring the Effectiveness of Threat Intelligence Programs
Textbooks:
- Threat Intelligence: Designing and Implementing Effective Programs” by David Bianco, et al. (2016, Wiley, ISBN: 9781118993327)
Reference Books:
- The Art of Cyberwarfare: A Pentagon Insider’s View of Cyber Threats and Countermeasures” by Richard A. Clarke and Robert Knake (2010, HarperCollins, ISBN: 9780061965094)
- Security Information and Event Management (SIEM) Implementation: A Guide for Security Professionals” by Chris Simmons (2017, Syngress, ISBN: 9780128044941)
Trimester 2:
LTPC: 1-0-0-1
Course Description:
This module equips students to understand the regulatory landscape surrounding Data Privacy, the principles and concepts that form the core of Data Privacy implementations and the key requirements under GDPR and DPDP regulations. It also provides insights into the Data Privacy implementation lifecycle and focus areas for audits.
Topics to be covered:
- Data Privacy definition
- Impact of Privacy breaches
- Data Privacy – Impacts in Business Organizations
- Personal Information
- HI, Sensitive Information, PII
- Data Inventory and Categorisation/ Classification
- Principles of Data Privacy
- GDPR Foundational Principles
- Consent and Privacy notices
- Right to data access
- Right to be forgotten
- Inter-operability
- Data subject rights
- DSR Policy and Organisational Structure
- DSR Process and Organisational Roles
- Comparison of key data privacy laws
- Digital Protection and Data Privacy (DPDP) Regulation in India
- DPDP v/s GDPR comparison
- Data Privacy Organisation Framewor
Textbooks:
- Ultimate GDPR Practitioner Guide (2nd Edition): Demystifying Privacy & Data Protection Paperback – Import, 25 May 2020 by Stephen Massey (Author)..
Reference Books:
- Data Privacy & Compliance Guidebook: GDPR, CCPA, and Data Privacy Principles.: For in-house counsel and compliance departments by Raj Rathour (Author)..
- GDPR For Dummies 1st Edition, by Suzanne Dibble (Author)
- Customer Data and Privacy: The Insights You Need from Harvard Business Review Paperback – 1 January 2020 by Harvard Business Review (Author)
- Practical Data Privacy: Enhancing Privacy and Security in Data (Grayscale Indian Edition) Paperback – 2 May 2023 by Katharine Jarmul (Author)
Other Reference Documents:
LTPC: 2-0-0-2
Course Description:
This module provides insights from a CISO’s perspective into organizational priorities, roles and responsibilities of stakeholders. It also focusses on the concepts of Application Security, Data Loss Prevention and BCP / DR and their embedment in cyber frameworks. The glossary included in the course content will help students comprehend IT / cyber terms, jargon and definitions.
Topics to be covered:
Cybersecurity organisations
- IT organisations and linkage to compliance requirements
- Key CISO considerations
- Roles & responsibilities of stakeholders – Board, CXOs, functional leads etc.
- Cyber risk solutions – overall landscape
- General IT / cyber terms and definitions
Business continuity planning and Disaster recovery risks and controls
- Key BCP controls
- Business Impact Analysis (BIA)
- Critical assets and people identification
- Scenario mapping to understand potential failures
- BCP and DR testing
- Hot, Warm and Cold seat strategies
- Communication Plans
- BCP governance
- Key DR concepts
- RPO and RTO definitions and applicability
- Redundancy – design for availability
- Backups – full, partial and incremental backups
Application security
- Application security testing pyramid and architecture
- Key definitions – SAST, DAST, SCA, etc.
- Application security controls process in organisations
- Onboarding, operating effectiveness and audits
- Data Loss Prevention
Data Loss Preventio
- DLP architecture
- DLP solutions
- Comparison between some leading solutions
- Mobile Data Management controls / BYOD controls
Textbooks:
- The Cybersecurity Manager’s Guide: The Art of Building Your Security Program (Grayscale Indian Edition) by Todd Barnum
Reference Books:
- Business Continuity Management: A Practical Guide to Organizational Resilience and ISO 22301, 3 April 2021 by James Crask (Author)..
- ISC2 Certified Cloud Security Professional (CCSP) Exam Guide: Essential strategies for compliance, governance, and risk management, 16 February 2024 by Kim van Lavieren (Author)
- Application Security Program Handbook: A guide for software engineers and team leaders Paperback – Import, 7 March 2023 by Derek Fisher (Author)
- Mastering DLP: A Comprehensive Guide to Data Loss Prevention Kindle Edition by Kris Hermans (Author)
Other Reference Documents:
- N/A
LTPC: 2-0-2-3
Course Description:
This course focuses on Information Security Controls, emphasizing Platforms and Systems Security, and Network Security. Participants will learn about securing platforms, implementing controls, and network security principles. With a specific focus on platform monitoring tools, participants will gain practical skills in leveraging these tools for enhanced security.
Topics to be covered:
Module 1: Introduction to Information Security
- Basics of Information Security
- Threats and Vulnerabilities
- Principles of Information Security: Confidentiality, Integrity, and Availability
- Overview of Information Security Controls
Module 2: Foundations of Platform and Systems Security
- Operating System Security Fundamentals
- Application and Database Security
- Virtualization and Cloud Security
- Endpoint Security Basics
- Security Configuration and Patch Management
Module 3: Network Security Fundamentals
- Introduction to Network Security
- Network Architecture and Segmentation
- Firewalls, Gateways, and Proxy Servers
- Intrusion Detection and Prevention Systems (IDPS)
- VPNs and Secure Network Protocols (SSL/TLS, SSH)
Module 4: Security Monitoring and Platform Monitoring Tools
- Introduction to Security Monitoring
- SIEM (Security Information and Event Management) Systems – Subsection: Popular SIEM Tools (e.g., Splunk, LogRhythm)
- Network Traffic Analysis Tools (e.g., Wireshark, SolarWinds)
- Endpoint Detection and Response (EDR) (e.g., Crowdstrike, SentinelOne)
- Vulnerability Scanners and Assessment Tools (e.g., Nessus, Qualys)
Module 5: Advanced Platform and Systems Security Practices
- Encryption and Key Management
- Secure Software Development Life Cycle (SSDLC)
- DevSecOps and Security Automation
- Cloud Security Posture Management (CSPM)
- Container Security (e.g., Docker, Kubernetes)
Module 6: Implementing and Managing Secure Networks
- Advanced Firewall and IDS/IPS Strategies
- Secure Network Architecture Design
- Zero Trust Network Access (ZTNA)
- Network Access Control (NAC) Solutions
- Threat Hunting on Networks
Textbooks:
- W.A.Coklin, G.White, Principles of Computer Security: Fourth Edition, McGrawHill, 2016
- William Stallings, Cryptography and Network Security Principles and Practices, Seventh Edition,Pearson
Reference Books:
- Cybersecurity Awareness Among Students and Faculty, Book by Abbas Moallem.
- Cyber Security ABCs: Delivering awareness, behaviours and culture change – 2020, by Jessica Barker, Adrian Davis, Bruce Hallas and Ciaran Mc Mahon.
LTPC: 4-0-0-4
Course Description:
This specialized course offers an in-depth exploration of IT general controls (ITGC) within Enterprise Resource Planning (ERP) systems, specifically focusing on SAP. Participants will gain comprehensive knowledge of the unique ITGC requirements and challenges associated with these leading ERP platforms. Through a blend of theoretical concepts and practical exercises, the course equips professionals with the skills needed to design, implement, and manage robust ITGC frameworks tailored to ERP environments, ensuring the integrity, security, and compliance of critical business processes.
Topics to be covered:
Module 1: Introduction to SAP ERP
- What is an ERP? History of SAP ERP
- Introduction to SAP security architecture
- Key t-codes, programs, reports used in audit
Module 2: IT general controls over SAP ERP
- Logical access controls
- Change management controls
- Job scheduling and backup controls
Textbooks and reference books:
- SAP Security and Risk Management by Mario Linkies
- Configuring SAP ERP Financials and Controlling by Peter Jones and John Burger
Other Reference Documents:
- “SAP Governance, Risk, and Compliance (GRC): How to Automate and Simplify Your GRC Processes” by SAP Insider
- “Design and Effectiveness of SAP IT General Controls: Insights from the Field” by Ravi B. Kalakota, published in Journal of Information Systems
LTPC: 4-0-0-4
Course Description:
This advanced course offers a comprehensive exploration of IT general controls (ITGC) specific to critical infrastructure components, including databases and operating systems (OS). Participants will delve into the unique ITGC requirements, best practices, and challenges associated with managing and securing these foundational elements of IT infrastructure. Through detailed theoretical insights and hands-on exercises, the course aims to equip IT professionals with the expertise needed to design, implement, and maintain robust ITGC frameworks for databases and operating systems, ensuring data integrity, security, and regulatory compliance.
Topics to be covered:
Module 1: Introduction to infrastructure
- What are the infrastructure layers? Introduction to OS, DB, and network layers
- Need for IT controls on infrastructure layers
Module 2: Operating systems (OS)
- IT general controls on Windows OS
- IT general controls on UNIX / Linux
- IT general controls on mainframe systems (RACF/ACF/TS)
Module 3: Databases (DBs)
- IT general controls on Oracle DB
- IT general controls on SQL
IT general controls on HANA DB
Textbooks and reference books:
- Database Security by Alfred Basta and Melissa Zgola
- Operating System Security by Trent Jaeger
Other Reference Documents:
- “Database Security: What Students Need to Know” by Thomas Connolly and Carolyn Begg, published in ACM SIGCSE Bulletin
- “Effective Database Security through General Controls” by Karen Scarfone, published in NIST Special Publication
- “General Controls for Operating Systems: A Comprehensive Guide” by John D. Howard, published in Computer Security Journal
LTPC: 4-0-0-4
Course Description:
This course provides in-depth examination of IT controls with a focus on automated controls, interface controls, and report testing. Participants will explore the critical role of these controls in ensuring the accuracy, reliability, and security of automated systems and data exchanges. Additionally, the course addresses the unique risks posed by emerging technologies such as AI, blockchain, and IoT.
Topics to be covered:
Automated controls
- ntroduction to automated controls
- Testing strategy for automated controls ad example use cases
Module 2: Interface control
- Introduction to interfaces
- Testing strategy for interface controls and example use cases
Module 3: Key business report
- Introduction to key reports
- Testing strategy for reports and example use cases
Module 4: Risks in emerging technologies
- What are the emerging technology elements?
- Examples of new risks arising due to evolving technology
- Organizational strategies to meet the demand of mitigating newer IT risks
Textbooks and reference books:
- Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher
- Artificial Intelligence: A Guide for Thinking Humans by Melanie Mitchell
- The Internet of Things: Connecting Objects by Hakima Chaouchi
Other Reference Documents:
- “Emerging Technologies and Their Impact on IT Risk Management” by John A. Zachman, published in ISACA Journal
- “Artificial Intelligence and Risk Management: Challenges and Opportunities” by David Schatsky, published in Deloitte Insights
- “Blockchain Technology and Its Potential Impact on IT Controls” by Andrea Minonne, published in Journal of Emerging Technologies in Accounting
LTPC: 2-0-0-2
Course Description:
This course offers a comprehensive introduction to the core principles and practices of management. It covers fundamental management concepts, leadership strategies, organizational behaviour, and decision-making processes. Students will learn to apply management theories to real-world scenarios, enhancing their ability to lead and manage effectively in various organizational contexts.
Topics to be covered:
Module 1: Fundamentals of Management and Organizational Behavior
Introduction to Management
- Definition, Importance, and Functions
- Evolution of Management Theories
Organisational Behaviour (OB)
- Relationship Between Management and OB
- OB Models and Contributing Disciplines
- Values, Attitudes, and Job Satisfaction
Module 2: Individual and Group Behaviour in Organizations
Foundations of Individual behaviour
- Theories of Learning and behaviour Modification
- Influence of Values, Attitudes on Job Satisfaction
Group Dynamics
- Significance and Types of Groups
- Formation and Stages of Group Development
- Factors Influencing Group Performance
Team Development
- Difference Between Groups and Teams
- Types and Stages of Team Development
- Team Roles and Responsibilities
Module 3: Leadership, Motivation, and Conflict Management
Leadership and Motivation
- Theories of Leadership: Trait, Behavioural, Contingency, and Transformational
- Motivation Theories: Maslow’s Hierarchy of Needs, Herzberg’s Two-Factor Theory, McGregor’s Theory X and Theory Y
- Application of Motivation Theories in the Workplace
- Leadership Styles and Their Impact
Organizational Conflict and Negotiations
- Sources, Types, and Levels of Conflict
- Traditional and Modern Approaches to Conflict
- Conflict Resolution Strategies
- Techniques and Strategies for Effective Negotiation
Module 4: Human Resource Management (HRM) and Strategic Management
Introduction to HRM
- External and Internal Forces Affecting HRM
- Objectives and Functions of HRM
Developing Managers for Business Strategy Implementation
- Understanding Business Strategy
- Role of Managers in Strategy Implementation
- Tools for Strategic Analysis: SWOT, PESTEL, BCG Matrix
- Aligning Organizational Goals with Strategy
Textbook:
- Magretta, Joan (2003), ‘What Management Is’ Simon & Schuster, London
- Luthans Fred, Organisational Behaviour, Tata Mc Graw Hill.
- Stephen P. Robbins, T. A. (2018). Organisational Behaviour. Pearson.
- Porter, Michael E. (1998). ‘Competitive Strategy: Techniques for Analyzing Industries and Competitors’. Free Press.
- Stoner, J.A. (1978), ‘Management’, Pearson, London. 6th Edition (2003)
Other References:
- Luthans Fred, Organisational Behaviour, Tata Mc Graw Hill.
- Aswathappa, K., & Reddy, G. S. (2009). Organisational behaviour. Himalaya Publishing House.
- Greenberg Jerald and Baron Robert A.: behaviour in Organisations: Understanding and Managing Human side of work, Prentice Hall of India.
- Katzenbach, Jon R., and Smith, Douglas K. (1993). ‘The Wisdom of Teams: Creating the High-Performance Organization’, Harvard Business Review Press
- Kaplan, Robert S., and Norton, David P. (1996). ‘The Balanced Scorecard: Translating Strategy into Action’. Harvard Business Review Press.
PGDTRM Potential Recruiters
Learn From Experts
Admission Process
Submit Enquiry
Enquiry: Fill the enquiry form for PGDTRM (Post Graduate Diploma in Technology Risk Management) on our website. You will receive an automated email with the programme brochure, details, and next steps. (Note: Incomplete forms will not be considered.) Please check your spam folder if the email does not appear within a few minutes.
Eligibility: Candidates must hold a Bachelor’s degree or an equivalent qualification in any discipline, with at least 50% aggregate marks (or equivalent grade), from a recognised university in India or abroad (recognised by the UGC / Association of Indian Universities). The degree should include a minimum of three years of education after higher secondary schooling (10+2 system) or equivalent. Candidates are strongly encouraged to complete all academic requirements before joining to manage the rigorous curriculum and internal assessments effectively.
Complete Application & Counselling Support
Assessment & Personal Interview
Aptitude Test: The test will be of 60 minutes and will cover business communication, logical reasoning, basic risk-related concepts, and questions from the technology domain. Candidates who successfully clear this round will proceed to the personal interview stage.
Personal Interview (PI): The personal interview will be conducted by a panel of academic and corporate experts from NU and GRMI, specialising in the Technology Risk domain. The result of this round will be shared with candidates within one week of the intervie.
Programme Commencement
The programme commences in January each year.
Enquiry: Fill the enquiry form for PGDRM (Post Graduate Diploma in Risk Management) on our website. You will receive an automated email with details of the programme, brochure, etc. (Note: Incomplete forms will not be considered). Please do check your spam box if the email does not fall in your inbox automatically in a few minutes.
Enquiry: Fill the enquiry form for PGDRM (Post Graduate Diploma in Risk Management) on our website. You will receive an automated email with details of the programme, brochure, etc. (Note: Incomplete forms will not be considered). Please do check your spam box if the email does not fall in your inbox automatically in a few minutes.
Enquiry: Fill the enquiry form for PGDRM (Post Graduate Diploma in Risk Management) on our website. You will receive an automated email with details of the programme, brochure, etc. (Note: Incomplete forms will not be considered). Please do check your spam box if the email does not fall in your inbox automatically in a few minutes.
Enquiry: Fill the enquiry form for PGDRM (Post Graduate Diploma in Risk Management) on our website. You will receive an automated email with details of the programme, brochure, etc. (Note: Incomplete forms will not be considered). Please do check your spam box if the email does not fall in your inbox automatically in a few minutes.
How will I be assessed?
Fee & Payment Mode
| Particulars | Time of Payment | Amount (INR) | Remarks |
|---|---|---|---|
| Application Payment | Application Form | ₹2,000 | This amount will be adjusted against the Sem 2 fees upon successful enrolment into the programme. |
| Security Deposit | 7 days from receiving offer | ₹20,000 | The security deposit of INR 20,000 is a caution fee and is refundable ONLY upon the completion of the programme. It will be credited to the student's account after convocation. This security deposit/ caution fee is non-refundable in case the student does not enrol into the programme. |
| Semester I Fees - Tution Fee | 22 days from offer i.e. 7+15 from offer | ₹450,000 | |
| Semester II Fees - Tution Fee | 90 days from start of the programme | ₹448,000 | |
| Total | ₹920,000 | ||
| Less: Refundable Deposit | ₹(20,000) | Refundable security deposit upon successful enrolment into the programme | |
| Grand Total | ₹900,000 |
The above fee structure is applicable for all Indian national students who are residing in India. For any non-resident Indian or foreign national please contact us for details of our fee structure.
The above fee does not include the Hostel Fees of INR 162,000/-
Our Trusted Loan Partners
Hands-on Curriculum (International Diploma in Risk Management, Level 7 – 120 credits)
Bridge Programme (1 Month)
This course sets out to provide a complete understanding of all the financial accounting skills needed by students to be able to analyse any form of financial information. The course traverses all levels of accounting practice in learning the concepts, terminology, and principles of accounting up to the working and understanding of the financial statements preparation and interpretation of participants. Students will gain knowledge and practical experience to record, account for, and analyse financial activities so as to enhance decision-making in an organisation.
Financial Management is crucial for the success and sustainability of any business. This course aims to provide a comprehensive understanding of financial management principles and practices. It covers financial planning, analysis, control, and decision-making. Students will learn how to optimise financial resources, manage risks, and drive value creation.
Managerial Economics is a course designed to equip students with the economic principles and analytical tools necessary for effective decision-making in a business context. The course covers fundamental concepts such as demand analysis, production and cost functions, market structures, pricing strategies, and decision-making under uncertainty. It also explores the impact of government policies, globalisation, and strategic planning on business operations. Through a combination of theoretical frameworks and practical case studies, students will learn to apply economic reasoning to solve real-world business problems and develop strategies for competitive advantage.
Bridge Programme (1 Month)
This course sets out to provide a complete understanding of all the financial accounting skills needed by students to be able to analyse any form of financial information. The course traverses all levels of accounting practice in learning the concepts, terminology, and principles of accounting up to the working and understanding of the financial statements preparation and interpretation of participants. Students will gain knowledge and practical experience to record, account for, and analyse financial activities so as to enhance decision-making in an organisation.
Financial Management is crucial for the success and sustainability of any business. This course aims to provide a comprehensive understanding of financial management principles and practices. It covers financial planning, analysis, control, and decision-making. Students will learn how to optimise financial resources, manage risks, and drive value creation.
Managerial Economics is a course designed to equip students with the economic principles and analytical tools necessary for effective decision-making in a business context. The course covers fundamental concepts such as demand analysis, production and cost functions, market structures, pricing strategies, and decision-making under uncertainty. It also explores the impact of government policies, globalisation, and strategic planning on business operations. Through a combination of theoretical frameworks and practical case studies, students will learn to apply economic reasoning to solve real-world business problems and develop strategies for competitive advantage.
