title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Certified Chief Information Security Officer (CCISO) v3
Duration
5
Course
EC-CCISO
Available Formats
Classroom Training, Online Training
Course Description
Overview
The CCISO Certification is an industry-leading, security certification program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful information security program. The job of the CISO is far too important to be learned by trial and error. Executive-level management skills are not areas that should be learned on the job.The material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as a practitioner endeavor to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
Objectives
Audience
- Director, Chief Information Security Officer (CISO), Google Cloud • Deputy CISO
- VP & Chief Information Security Officer
- Chief Information Security Officer (VP)
- System Dir, Info Sys. Security – CISO
- Chief Privacy Officer
- ASSOCIATE VICE PRESIDENT AND CHIEF INFORMATION SECURITY OFFICER
- Chief Security Officer
- CIO COO
- Assistant Executive Director – Chief Information Security Officer
- CISO Threat Intel
- Chief Technical Officer (CTO)
- Chief Data Officer
- VP, Information Security
- Information Security Officer
- Chief Compliance Officer
- Senior Cyber Security CIO SME
- Regional Chief Information Officer
Topics
Domain 1: Governance and Risk Management
Define, Implement, Manage, and Maintain an Information Security Governance Program
Information Security Drivers
Establishing an information security management structure
Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures
Managing an enterprise information security compliance program
Introduction to Risk Management
Domain 2: Information Security Controls, Compliance, and Audit Management
Information Security Controls
Compliance Management
Guidelines, Good and Best Practices
Audit Management
Summary
Domain 3: Security Program Management & Operations
Program Management
Operations Management
Summary
Domain 4: Information Security Core Competencies
Access Control
Physical Security
Network Security
Certified Chief
Endpoint Protection
Application Security
Encryption Technologies
Virtualization Security
Cloud Computing Security
Transformative Technologies
11. Summary
Domain 5: Strategic Planning, Finance, Procurement and Vendor Management
Strategic Planning
Designing, Developing, and Maintaining an Enterprise Information Security Program
Understanding the Enterprise Architecture (EA)
Finance
Procurement
Vendor Management
Summary
- Form of Business Organization
- Industry
- Organizational Maturity
- Organizational Structure
- Where does the CISO fit within the organizational structure
- The Executive CISO
- Nonexecutive CISO
- Security Policy
- Necessity of a Security Policy
- Security Policy Challenges
- Policy Content
- Types of Policies
- Policy Implementation
- Reporting Structure
- Standards and best practices
- Leadership and Ethics
- EC-Council Code of Ethics
- Organizational Structure
- Where does the CISO fit within the organizational structure
- The Executive CISO
- Nonexecutive CISO
- Identifying the Organization’s Information Security Needs
- Identifying the Optimum Information Security Framework
- Designing Security Controls
- Control Lifecycle Management
- Control Classification
- Control Selection and Implementation
- Control Catalog
- Control Maturity
- Monitoring Security Controls
- Remediating Control Deficiencies
- Maintaining Security Controls
- Reporting Controls
- Information Security Service Catalog
- Acts, Laws, and Statutes
- FISMA
- Regulations
- GDPR
- Standards
- ASD—Information Security Manual
- Basel III
- FFIEC
- ISO 00 Family of Standards
- NERC-CIP
- PCI DSS
- NIST Special Publications
- Statement on Standards for Attestation Engagements No. 16 (SSAE 16)
- CIS
- OWASP
- Audit Expectations and Outcomes
- IS Audit Practices
- ISO/IEC Audit Guidance
- Internal versus External Audits
- Partnering with the Audit Organization
- Audit Process
- General Audit Standards
- Compliance-Based Audits
- Risk-Based Audits
- Managing and Protecting Audit Documentation
- Performing an Audit
- Evaluating Audit Results and Report
- Remediating Audit Findings
- Leverage GRC Software to Support Audits
- Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
- Security Program Charter
- Security Program Objectives
- Security Program Requirements
- Security Program Stakeholders
- Security Program Strategy Development
- Executing an Information Security Program
- Defining and Developing, Managing and Monitoring the Information Security Program
- Defining an Information Security Program Budget
- Developing an Information Security Program Budget
- Managing an Information Security Program Budget
- Monitoring an Information Security Program Budget
- Defining and Developing Information Security Program Staffing Requirements
- Managing the People of a Security Program
- Resolving Personnel and Teamwork Issues
- Managing Training and Certification of Security Team Members
- Clearly Defined Career Path
- Designing and Implementing a User Awareness Program
- Managing the Architecture and Roadmap of the Security Program
- Information Security Program Architecture
- Information Security Program Roadmap
- Program Management and Governance
- Understanding Project Management Practices
- Identifying and Managing Project Stakeholders
- Measuring the Effectives of Projects
- Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
- Data Backup and Recovery
- Backup Strategy
- ISO BCM Standards
- Business Continuity Management (BCM)
- Disaster Recovery Planning (DRP)
- Continuity of Security Operations
- Integrating the Confidentiality, Integrity and Availability (CIA) Model
- BCM Plan Testing
- DRP Testing
- Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
- Computer Incident Response
- Incident Response Tools
- Incident Response Management
- Incident Response Communications
- Post-Incident Analysis
- Testing Incident Response Procedures
- Digital Forensics
- Crisis Management
- Digital Forensics Life Cycle
- Establishing and Operating a Security Operations (SecOps) Capability
- Security Monitoring and Security Information and Event Management (SIEM)
- Event Management
- Incident Response Model
- Developing Specific Incident Response Scenarios
- Threat Management
- Threat Intelligence
- Information Sharing and Analysis Centers (ISAC)
- Vulnerability Management
- Vulnerability Assessments
- Vulnerability Management in Practice
- Penetration Testing
- Security Testing Teams
- Remediation
- Threat Hunting
- Authentication, Authorization, and Auditing
- Authentication
- Authorization
- Auditing
- User Access Control Restrictions
- User Access Behavior Management
- Types of Access Control Models
- Designing an Access Control Plan
- Access Administration
- Designing, Implementing, and Managing Physical Security Program
- Physical Risk Assessment
- Physical Location Considerations
- Obstacles and Prevention
- Secure Facility Design
- Security Operations Center
- Sensitive Compartmented Information Facility
- Digital Forensics Lab
- Datacenter
- Preparing for Physical Security Audits
- Network Security Assessments and Planning
- Network Security Architecture Challenges
- Network Security Design
- Network Standards, Protocols, and Controls
- Network Security Standards
- Protocols
- Network Security Controls
- Wireless (Wi-Fi) Security
- Wireless Risks
- Wireless Controls
- Voice over IP Security
- Endpoint Threats
- Endpoint Vulnerabilities
- End User Security Awareness
- Endpoint Device Hardening
- Endpoint Device Logging
- Mobile Device Security
- Mobile Device Risks
- Mobile Device Security Controls
- Internet of Things Security (IoT)
- Protecting IoT Devices
- Secure SDLC Model
- Separation of Development, Test, and Production Environments
- Application Security Testing Approaches
- DevSecOps
- Waterfall Methodology and Security
- Agile Methodology and Security
- Other Application Development Approaches
- Application Hardening
- Application Security Technologies
- Version Control and Patch Management
- Database Security
- Database Hardening
- Secure Coding Practices
- Encryption and Decryption
- Cryptosystems
- Blockchain
- Digital Signatures and Certificates
- PKI
- Key Management
- Hashing
- Encryption Algorithms
- Encryption Strategy Development
- Determining Critical Data Location and Type
- Deciding What to Encrypt
- Determining Encryption Requirements
- Selecting, Integrating, and Managing Encryption Technologies
- Virtualization Overview
- Virtualization Risks
- Virtualization Security Concerns
- Virtualization Security Controls
- Virtualization Security Reference Model
- Overview of Cloud Computing
- Security and Resiliency Cloud Services
- Cloud Security Concerns
- Cloud Security Controls
- Cloud Computing Protection Considerations
- Artificial Intelligence
- Augmented Reality
- Autonomous SOC
- Dynamic Deception
- Software-Defined Cybersecurity
- Understanding the Organization
- Understanding the Business Structure
- Determining and Aligning Business and Information Security Goals
- Identifying Key Sponsors, Stakeholders, and Influencers
- Understanding Organizational Financials
- Creating an Information Security Strategic Plan
- Strategic Planning Basics
- Alignment to Organizational Strategy and Goals
- Defining Tactical Short, Medium, and Long-Term Information Security Goals
- Information Security Strategy Communication
- Creating a Culture of Security
- Ensuring a Sound Program Foundation
- Architectural Views
- Creating Measurements and Metrics
- Balanced Scorecard
- Continuous Monitoring and Reporting Outcomes
- Continuous Improvement
- Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)
- EA Types
- The Zachman Framework
- The Open Group Architecture Framework (TOGAF)
- Sherwood Applied Business Security Architecture (SABSA)
- Federal Enterprise Architecture Framework (FEAF)
- Understanding Security Program Funding
- Analyzing, Forecasting, and Developing a Security Budget
- Resource Requirements
- Define Financial Metrics
- Technology Refresh
- New Project Funding
- Contingency Funding
- Managing the information Security Budget
- Obtain Financial Resources
- Allocate Financial Resources
- Monitor and Oversight of Information Security Budget
- Report Metrics to Sponsors and Stakeholders
- Balancing the Information Security Budget
- Procurement Program Terms and Concepts
- Statement of Objectives (SOO)
- Statement of Work (SOW)
- Total Cost of Ownership (TCO)
- Request for Information (RFI)
- Request for Proposal (RFP)
- Master Service Agreement (MSA)
- Service Level Agreement (SLA)
- Terms and Conditions (T&C)
- Understanding the Organization’s Procurement Program
- Internal Policies, Processes, and Requirements
- External or Regulatory Requirements
- Local Versus Global Requirements
- Procurement Risk Management
- Standard Contract Language
- Understanding the Organization’s Acquisition Policies and Procedures
- Procurement Life cycle
- Applying Cost-Benefit Analysis (CBA) During the Procurement Process5
- Vendor Management Policies
- Contract Administration Policies
- Service and Contract Delivery Metrics
- Contract Delivery Reporting
- Change Requests
- Contract Renewal
- Contract Closure
- Delivery Assurance
- Validation of Meeting Contractual Requirements
- Formal Delivery Audits
- Periodic Random Delivery Audits
- Third-Party Attestation Services (TPRM)
Related Courses
-
Certified Chief Information Security Officer (CCISO)
EC-SVC-CCISO- Duration: 5
- Delivery Format: Self-Paced Training
- Price: 2,499.00 USD
-
Risk Management Approach and Practices
EC-SVC-RM- Duration: 180
- Delivery Format: Self-Paced Training
- Price: 999.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
??spvc-wbt-warning??
??group-training-form-area??
??how-can-we-help-you-area??
??personalized-form-area??
??request-quote-area??
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Nothing yet
Purchase Information
??elearning-coursenumber?? ??coursename??
View Cart