Interactive labs
Each lab is a realistic analyst task with a scenario, deliverables, and a rubric. Submit your work to capture it on your dashboard.
Northbeam Analytics is preparing for its first SOC 2 Type II and needs a risk register before fieldwork starts.
Your manager wants a written likelihood-and-impact scale you can defend in management review.
Given 5 short incident summaries, decompose each into asset, threat, and vulnerability.
Six risks are on the register. You have a $250k remediation budget for the next quarter.
Map your organization's MFA control to NIST CSF 2.0, ISO 27001 Annex A, SOC 2 TSC, and NIST SP 800-53.
Atlas Health is pursuing ISO 27001. Compare its current program to ISO 27001:2022 and list gaps.
An engineer sent you 5 pieces of 'evidence' for the quarterly access review control. Some are good, some aren't.
Northbeam has no formal access control policy. Auditors will ask for one in the kickoff.
A new analytics vendor sent its SOC 2 Type II report. Decide: approve, approve with conditions, or reject.
A 40-question security questionnaire came back. Identify high-risk answers and follow-ups.
An audit produced 10 findings of varying severity. Build a remediation plan with owners and dates.
Eight raw findings. Decide severity (Low/Med/High/Critical) and rationale.
Build the checklist your team will use 6 weeks before SOC 2 fieldwork.
Given a 12-finding audit report, write a one-page summary the CEO will read.
Test 'Quarterly user access review' for the Q3 period.