Certified Chief Information Security Officer CCISO

The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

Who should attend Certified Chief Information Security Officer CCISO Training?

Audience:This course will significantly benefit

  • security officers and professionals,
  • auditors,
  • site administrators,
  • computer forensic investigators and
  • anyone who is concerned about the integrity of their IT assets and network infrastructure.
Description Days Price (ex vat)
Certified Chief Information Security Officer * CCISO 5 ZAR USD

R24,800 (Excluding exam voucher)

R 30,800* (includes exam voucher of R6000)

$ 1,800 (includes exam voucher of $500)
  • Lunch, refreshments and training material included.
  • Class start at 9:00am for 9:30am

 

Pr-requisites:

Certified Chief Information Security Officer(CCISO)Course Overview

Domain 1:Governance (Policy, Legal & Compliance)

  1. Definitions
    •  Governance
    • Compliance
    • Privacy
    • Risk Management
  2. Information Security Management Program
    1. Security Roles & Responsibilities
    2. Security Standards, Guidelines & Frameworks
    3. Risk Management
    4. Technical Security Architecture
    5. Asset Classification & Management
    6. Security Management & Operations
    7. Business Resilience
    8. Training & Awareness
    9. Security Metrics & Reporting
    10. Information Security Governance
    11. Information Security Compliance
  3. Information Security Laws, Regulations & Guidelines
    1. Broadly Applicable Laws and Regulations
    2. Industry-Specific Regulations and Guidelines
    3. Key State Regulations
    4. International Laws
  4. Privacy Laws
    1.  
    2. Data Breach Disclosure Laws
    3. Security Breach Notification Law Components
    4. International Privacy Laws

Domain 2 –IS Management Controls and Auditing

  1. Design, Deploy, and Manage Security Controls in Alignment with Business Goals, Risk Tolerance,  and Policies and Standards
    1. Information Security Risk Management
    2. Context Establishment
  2. Information Security Risk Assessment
    1. Risk Identification
    2. Risk Analysis
    3. Risk Evaluation
  3. Risk Treatment
    1. Risk Modification
    2. Risk Retention
    3. Risk Avoidance
    4. Risk Sharing
  4. Residual Risk
  5. Risk Acceptance
  6. Risk Management Feedback Loops
    1. Risk Communication and Consultation
    2. Risk Monitoring and Review
  7. Business Goals
    1. COBIT 4.1 PO1.2 Business IT-Alignment
    2. COBIT 5.0 AP002 Manage Strategy
  8. 8.Risk Tolerance
  9. Policies and Standards
  10. Understanding Security Controls Types and Objectives: Management Controls, Technical Controls, Policy and Procedural Controls, Organization Controls, and more
    1. Introduction
    2. What the control does
    3. How the control is performed
    4. Reliance upon controls
    5. Choosing controls
    6. Common Types of Controls on controls.
  11. Implement Control Assurance Frameworks to: Define Key Performance Metrics (KPIs), Measure and Monitor Control Effectiveness, and Automate Controls
  12. COBIT (Control Objectives for Information and Related Technology)
  13. BAI06 Manage Changes
    1. Domain
    2. Process Description
    3. Process Purpose Statement
    4. Goals and Metrics
    5. RACI Chart
    6. Process Practices, Inputs/Outputs, and Activities
  14. COBIT 4.1 vs. COBIT 5
  15. ISO 27001/27002
    1. Change Management
  16. Automate Controls
  17. Wrap-up
  18. Understanding the Audit Management Process
    1. Let’s begin by defining what an audit is.
    2. Audit management standards and best practices (COBIT, etc.)
    3. Analysis and Interpretation of Audit Reports
    4. Formulation of Remediation Plans
    5. Risk Assessment of Ineffective or Missing Controls
    6. Monitor Effectiveness of Remediation Efforts
    7. Reporting Process to Business Stakeholders
  19. Conclusion

Domain 3:Management –Projects & Operations

  1. The Role of the CISO
    1. Assessing
    2. Planning
    3. Designing
    4. Executing
    5. Metrics and Reporting
  2. Information Security Projects
    1. Alignment with Business Goals
    2. Identification of Project Stakeholders
    3. Alignment with Risk Tolerance
    4. Infosec Project Execution Best Practices
  3. Security Operations Management
    1. Staff Functions and Skills
    2. Communication Planning
    3. Vendor Management
    4. Accountability
    5. Integration of Security Requirements into Other Operational Processes

Domain 4:Information Security Core Competencies

  1. Access Control
    1. Access Control Design
    2. Types of Access Control
    3. Authentication Principles
    4. Authorization Principles
    5. Access Administration
  2. Physical Security
    1. Physical Risk Analysis
    2. Facility Design Considerations
    3. Guards
    4. Personnel Security
    5. Physical Security Audits
    6. Monitoring of Physical Security Controls
    7. Physical Mobile Security
  3. Disaster Recovery
    1. Disaster Recovery vs. Business Continuity
    2. Risk Appetite
    3. Project Charters, Scope, Work Plans
    4. Business Impact Analysis
    5. Disaster Recovery Facilities
    6. Disaster Recovery Testing
    7. Data Backup and Recovery Solutions
    8. Crisis Management
  4. Network Security
    1. Plans, Standards, and Best Practices
    2. Network Planning
    3. Network Intrusion Detection and Intrusion Prevention
    4. Network Access Control (NAC)
    5. Virtual Private Networks (VPN)
    6. Wireless Network Security
    7. Securing the Network
    8. Voice-over-IP (VoIP) Security
    9. Network Architecture Models
    10. Network Standards and Protocols
  5. Threat and Vulnerability Management
    1. Human Threats
    2. Environmental/Physical Threats
    3. Technical Threats
    4. Natural Threats
    5. Vulnerability Management
    6. Monitoring and Alerting
    7. Patch Management
    8. Vulnerability Scanning
    9. Penetration Testing
    10. Social Engineering
    11. Human Social Engineering
    12. Computer-based Social Engineering
    13. Social Media Countermeasures
  6. Application Security
    1. Systems Development Life Cycle (SDLC) Practices
    2. Phases of the Systems Development Life Cycle (SDLC)
    3. Top-10 Application Vulnerabilities
    4. Dynamic and Static Application Security Testing
    5. Change Management
    6. Separation of Production, Development, and Test Environments
    7. Other SDLC Considerations
  7. Systems Security
    1. Plans
    2. Best Practices
    3. OS Hardening
    4. Application Hardening
    5. Database Hardening
    6. Vulnerability Assessment
    7. Configuration Management
    8. Asset Management
    9. Change Control
    10. Logging
  8. Encryption
    1. Encryption Algorithms
    2. Digital Signatures
    3. Public Key Infrastructure
    4. Secure Sockets Layer/Transport Layer Security
    5. Security Protocols
  9. Computer Forensics and Incident Response
    1. Development of Incident Response Procedures
    2. Responsibilities and Escalation Processes
    3. Testing Incident Response Procedures
    4. Coordination with Law Enforcement and Other External Entities
    5. Computer Forensics Process
    6. Chain of Custody
    7. Collecting and Preserving Digital Evidence

Domain 5:Strategic Planning & Finance

  1. Alignment with Business Goals and Risk Tolerance
    1. Compliance as Security
    2. Ethics
  2. Relationship between Security, Compliance, & Privacy
  3. Leadership
    1. Visibility & Accessibility
    2. Intimacy
    3. Responsibility
    4. Accountability
    5. Education, Mentoring, and Guidance
    6. Team Building
    7. How Are Teams Most Effective?
    8. Effective Team Characteristics
    9. Common Misconceptions about Teams
    10. Dysfunctional Teams
    11. Key Elements of High Performance Teams
  4. Enterprise Information Security Architecture (EISA) Models, Frameworks and Standards
    1. EISA Goals
    2. EISA Methodology
    3. SABSA
    4. US Department of Defense (DoD) Architecture Framework (DoDAF)
    5. Federal Enterprise Architecture
    6. Cap Gemini’s Integrated Architecture Framework
    7. UK Ministry of Defense (MOD) Architecture Framework (MODAF)
    8. Zachman Framework
    9. The Open Group Architecture Framework (TOGAF)
  5. Emerging Trends in Security
    1. Inevitability of Breach
    2. Getting Integrated
    3. Control Systems
    4. Philosophy Clash
    5. Big Data, Big Threats
    6. Cloud Computing Security
    7. Consumerization
    8. Mobile Devices in the Enterprise
    9. Ransomware
    10. Social Media
    11. Hacktivism
    12. Advanced Persistent Threat
  6. It’s all about the Data (Stradley 2009)
    1. The Need to Protect Data and Information
    2. How Data Leaks Occur
    3. How to Protect Against Data Leaks
    4. Technology Controls to Protect Data and Information
    5. The DRM –DLP Conundrum
    6. Reducing the Risk of Data Loss
    7. Key Performance Indicators (KPI)
  7. Systems Certification and Accreditation Process
    1. PHASE 1:PRE-CERTIFICATION
    2. PHASE 2: INITIATION
    3. PHASE 3: SECURITY CERTIFICATION
    4. PHASE 4: SECURITY ACCREDITATION
    5. PHASE 5: MAINTENANCE
    6. PHASE 6: DISPOSITION
  8. Resource Planning
    1. Full-time Employees
    2. Operationalize Security Resources
    3. Staff Augmentation
    4. Consulting Firms
    5. Outsourcing
    6. How to proceed?
  9. Financial Planning
    1. Development of Business Cases for Security
    2. Long Term Planning –Road Map
    3. Analyze, Forecast And Develop Capital Expense Budget
    4. Analyze, forecast and Develop Operating Expense Budget
    5. Return on Investment (ROI) and Cost-Benefit Analysis
  10. Procurement
    1. Solution Selection
    2. Technology acquisition life-cycle
  11. Vendor Management
    1. Pre Sales
    2. Post Sales
    3. Vendor Management Office
  12. Request for Proposal (RFP) Process
    1. Competitive Environment
    2. Accentuate the Positive Aspects of the Deal
    3. Tell the Vendors What You Hope to Achieve
    4. Provide Opportunity for the Vendors to Differentiate Themselves
    5. Ensure the Vendors Understand The Overall Environment
    6. Demonstrate the Importance of the Transition Period
    7. Clearly Define the Solution Being Procured
    8. Enable the Objective Evaluation of Vendor Responses
    9. Achieve the Optimal Terms, Conditions, and Pricing in the Competitive Environment
    10. Develop a Robust RFP
  13. Integrate Security Requirements into the Contractual Agreement and Procurement Process
    1. Section 1 –Definitions
    2. Section 2 - Standard of Care
    3. Section 3 - Restrictions on Disclosure to Third Parties
    4. Section 4 - Security Breach Procedures
    5. Section 5 - Oversight of Security Compliance
    6. Section 6 - Return or Destruction of Personal Information
    7. Section 7 - Equitable Relief
    8. Section 8 Material Breach
    9. Section 9 Indemnification
  14. Statement of Work
  15. Service Level Agreements-What is an SLA?
    1. Why are SLAs needed?
    2. Who Provides the SLA?
    3. What's in an SLA?
    4. What Are Key Components of an SLA?
    5. Indemnification
    6. Is an SLA Transferable?
    7. Verification of Service Levels
    8. Monitoring of Metrics
    9. Metrics Selection
    10. When Should We Review our SLAs?