National Cybersecurity Institute at Excelsior College C|CISO Training ...
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
National Cybersecurity Institute at Excelsior College C|CISO Training Course Outline
According to EC-Council, The C|CISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The C|CISO course aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the C|CISO Training Program can be the key to a successful transition to the highest ranks of information security management. Who should obtain the C|CISO certification? EC-Council states that, this course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge tobusiness problems. Prerequisites: Candidates interested in earning the C|CISO Certification must qualify via EC-Council’s Exam Eligibility application before sitting for the C|CISO Exam. Only students with at least five years of experience in three of the five domains are permitted to sit for the C|CISO Exam. Any student who does not qualify to sit for the exam or who does not fill out the application will be permitted to take the EC-Council Information Security Manager (EISM) exam and earn that certification. EISMs may then apply for the CCISO Exam once they have achieved the required years of experience. The Course will cover: Domain 1: Governance (Policy, Legal & Compliance) 1. 2. 3. 4.
Definitions Information Security Management Program Information Security Laws, Regulations, & Guidelines Privacy Laws
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
Domain 2: IS Management Controls and Auditing Management (Projects, Technology, and Operations) 1. Design, Deploy, and Manage Security Controls in Alignment with Business 1. Goals, Risk Tolerance, and Policies and Standards 2. Information Security Risk Assessment 3. Risk Treatment 4. Residual Risk 5. Risk Acceptance 6. Risk Management Feedback Loops 7. Business Goals 8. Risk Tolerance 9. Policies and Standards 10. Understanding Security Controls Types and Objectives 11. Implementing Control Assurance Frameworks 12. COBIT (Control Objectives for Information and Related Technology) 13. BAI06 Manage Changes 14. COBIT 4.1 vs. COBIT 5 15. ISO 27001/27002 16. Automate Controls 17. Understanding the Audit Management Process
Domain 3: Management – Projects & Operations 1. The Role of the CISO 2. Information Security Projects 3. Security Operations Management
Domain 4: Information Security Core Competencies 1. 2. 3. 4. 5. 6. 7. 8.
Access Controls Physical Security Disaster Recovery Network Security Threat and Vulnerability Management Application Security Systems Security Encryption
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
9. Computer Forensics and Incident Response
Domain 5: Strategic Planning & Finance 1. Security Strategic Planning 2. Alignment with Business Goals and Risk Tolerance 3. Relationship between Security, Compliance, & Privacy 4. Leadership 5. Enterprise Information Security Architecture (EISA) Models, Frameworks, and Standards 6. Security Emerging Trends 7. It’s all about the Data 8. Key Performance Indicators (KPI) 9. Systems Certification and Accreditation Process 10. Resource Planning 11. Financial Planning 12. Procurement 13. Vendor Management 14. Request for Proposal (RFP) Process 15. Integrate Security Requirements into the Contractual Agreement and Procurement Process 16. Statement of Work 17. Service Level Agreements
National Cybersecurity Institute at Excelsior College C|CISO Training Course Outline
According to EC-Council, The C|CISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The C|CISO course aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the C|CISO Training Program can be the key to a successful transition to the highest ranks of information security management. Who should obtain the C|CISO certification? EC-Council states that, this course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge tobusiness problems. Prerequisites: Candidates interested in earning the C|CISO Certification must qualify via EC-Council’s Exam Eligibility application before sitting for the C|CISO Exam. Only students with at least five years of experience in three of the five domains are permitted to sit for the C|CISO Exam. Any student who does not qualify to sit for the exam or who does not fill out the application will be permitted to take the EC-Council Information Security Manager (EISM) exam and earn that certification. EISMs may then apply for the CCISO Exam once they have achieved the required years of experience. The Course will cover: Domain 1: Governance (Policy, Legal & Compliance) 1. 2. 3. 4.
Definitions Information Security Management Program Information Security Laws, Regulations, & Guidelines Privacy Laws
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
Domain 2: IS Management Controls and Auditing Management (Projects, Technology, and Operations) 1. Design, Deploy, and Manage Security Controls in Alignment with Business 1. Goals, Risk Tolerance, and Policies and Standards 2. Information Security Risk Assessment 3. Risk Treatment 4. Residual Risk 5. Risk Acceptance 6. Risk Management Feedback Loops 7. Business Goals 8. Risk Tolerance 9. Policies and Standards 10. Understanding Security Controls Types and Objectives 11. Implementing Control Assurance Frameworks 12. COBIT (Control Objectives for Information and Related Technology) 13. BAI06 Manage Changes 14. COBIT 4.1 vs. COBIT 5 15. ISO 27001/27002 16. Automate Controls 17. Understanding the Audit Management Process
Domain 3: Management – Projects & Operations 1. The Role of the CISO 2. Information Security Projects 3. Security Operations Management
Domain 4: Information Security Core Competencies 1. 2. 3. 4. 5. 6. 7. 8.
Access Controls Physical Security Disaster Recovery Network Security Threat and Vulnerability Management Application Security Systems Security Encryption
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
9. Computer Forensics and Incident Response
Domain 5: Strategic Planning & Finance 1. Security Strategic Planning 2. Alignment with Business Goals and Risk Tolerance 3. Relationship between Security, Compliance, & Privacy 4. Leadership 5. Enterprise Information Security Architecture (EISA) Models, Frameworks, and Standards 6. Security Emerging Trends 7. It’s all about the Data 8. Key Performance Indicators (KPI) 9. Systems Certification and Accreditation Process 10. Resource Planning 11. Financial Planning 12. Procurement 13. Vendor Management 14. Request for Proposal (RFP) Process 15. Integrate Security Requirements into the Contractual Agreement and Procurement Process 16. Statement of Work 17. Service Level Agreements
