EC-Council Certified Chief Information Security Officer - CCISO
CLASS DATE(s):
8/17/2020 - 8/21/2020

COURSE LENGTH: 5 Days

COURSE COST: $3295.00

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print
Register for this course
register

COURSE OVERVIEW

EC-Councilís Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, formed the foundation of the program and outlined the content covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as instructors. Each segment of the program was developed with the aspiring and sitting CISO in mind and looks to transfer the knowledge of seasoned executives to the next generation of leaders in the areas that are most critical in the development and maintenance of a successful information security program.

AUDIENCE AND PREREQUISITES

  

Course Cost listed does not include the cost of courseware required in your registration. Please refer to your Invoice for the additional cost. If you have any questions, please contact us (learn@vtec.org or 207-775-0244). This courses is subject to a minimum enrollment. If the minimum enrollment has not been met this course may run as a live on line virtual class.

COURSE TOPICS:


Domain 1: Governance and Risk Management
Define, Implement, Manage, and Maintain an Information Security Governance Program
Form of Business Organization, Industry, Organizational Maturity
Information Security Drivers
Establishing an information security management structure
Organizational Structure, Where does the CISO fit within the organizational structure, The Executive CISO, Nonexecutive CISO
Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures
Managing an enterprise information security compliance program
Security Policy,Necessity of a Security Policy, Security Policy Challenges, Policy Content, Types of Policies, Policy Implementation, Reporting Structure, Standards and best practices,
Leadership and Ethics, EC-Council Code of Ethics
Introduction to Risk Management
Organizational Structure, Where does the CISO fit within the organizational structure, The Executive CISO, Nonexecutive CISO

Domain 2: Information Security Controls, Compliance, and Audit Management
Information Security Controls
Identifying the Organizationís Information Security Needs, Identifying the Optimum Information Security Framework, Designing Security Controls, Control Lifecycle Management, Control Classification
Control Selection and Implementation, Control Catalog, Control Maturity, Monitoring Security Controls
Remediating Control Deficiencies, Maintaining Security Controls, Reporting Controls, Information Security Service Catalog
Compliance Management
Acts, Laws, and Statutes, FISMA, Regulations, GDPR, Standards, ASDóInformation Security Manual, Basel III, FFIEC, ISO 00 Family of Standards, NERC-CIP, PCI DSS,
NIST Special Publications, Statement on Standards for Attestation Engagements No. 16 (SSAE 16)
Guidelines, Good and Best Practices
CIS, OWASP
Audit Management
Audit Expectations and Outcomes, IS Audit Practices, ISO/IEC Audit Guidance, Internal versus External Audits, Partnering with the Audit Organization
Audit Process, General Audit Standards, Compliance-Based AuditsRisk-Based Audits, Managing and Protecting Audit Documentation, Performing an Audit, Evaluating Audit Results and Report,

.
Evaluating Audit Results and Report, Remediating Audit Findings, Leverage GRC Software to Support Audits

Domain 3: Security Program Management & Operations
Program Management
Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
Security Program Charter, Objectives, Requirements,Stakeholders, Strategy Development
Executing an Information Security Program
Defining and Developing, Managing and Monitoring the Information Security Program
Defining, Developing and Monitoring an Information Security Program Budget
Managing the People of a Security Program, Resolving Personnel and Teamwork Issues, Managing Training and Certification of Security Team Members
Clearly Defined Career Path, Designing and Implementing a User Awareness Program,
Managing the Architecture and Roadmap of the Security Program, Information Security Program Architecture, Information Security Program Roadmap
Program Management and Governance, Understanding Project Management Practices, Identifying and Managing Project Stakeholders
Measuring the Effectives of Projects, Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
Data Backup and Recovery, Backup Strategy, ISO BCM Standards, Business Continuity Management (BCM)

.
Disaster Recovery Planning (DRP), Continuity of Security Operations
Integrating the Confidentiality, Integrity and Availability (CIA) Model, BCM Plan Testing, DRP Testing
Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
Computer Incident Response, Incident Response Tools,
Incident Response Management, Incident Response Communications, Post-Incident Analysis
Testing Incident Response Procedures, Digital Forensics, Crisis ManagementDigital Forensics Life Cycle
Operations Management
Establishing and Operating a Security Operations (SecOps) Capability
Security Monitoring and Security Information and Event Management (SIEM)
Event Management, Incident Response Model, Developing Specific Incident Response Scenarios,
Threat Management and Int, elligence , Information Sharing and Analysis Centers (ISAC)
Vulnerability Management, Assessments, and Management in Practice, Penetration Testing, Security Testing Teams, Remediation, Threat Hunting

Domain 4: Information Security Core Competencies
Access Control
Authentication, Authorization, and Auditing,
User Access Control Restrictions, Behavior Management, Types of Access Control Models, Designing an Access Control Plan, Access Administration
Physical Security
Designing, Implementing, and Managing Physical Security Program,
Physical Risk Assessment, Physical Location Considerations, Obstacles and Prevention, Secure Facility Design, Security Operations Center
Sensitive Compartmented Information Facility, Digital Forensics Lab, Datacenter, Preparing for Physical Security Audits
Network Security
Network Security Assessments and Planning, Architecture Challenges, Design, Standards, Protocols, and Controls
Network Security Standards, Protocols
Certified Chief
Network Security Controls, Wireless (Wi-Fi) Security, Wireless Risks, Wireless Controls, Voice over IP Security

.
Endpoint Protection
Endpoint Threats, Vulnerabilities, End User Security Awareness, Endpoint Device Hardening,
Endpoint Device Logging, Mobile Device Security, Mobile Device Risks, Mobile Device Security Controls,
Internet of Things Security (IoT), Protecting IoT Devices
Application Security
Secure SDLC Model, Separation of Development, Test, and Production Environments, Application Security Testing Approaches, DevSecOps, Waterfall Methodology and Security
Agile Methodology and Security, Other Application Development Approaches, Application Hardening, Application Security Technologies,
Version Control and Patch Management, Database Security,
Database Hardening, Secure Coding Practices
Encryption Technologies
Encryption and Decryption, Cryptosystems, Blockchain, Digital Signatures and Certificates, PKI, Key Management, Hashing
Encryption Algorithms, Encryption Strategy Development, Determining Critical Data Location and Type
Deciding What to Encrypt, Determining Encryption Requirements, Selecting, Integrating, and Managing Encryption Technologies
Virtualization Security, Virtualization Overview, Virtualization Risks, Virtualization Security Concerns, Virtualization Security Controls, Virtualization Security Reference Model
Cloud Computing Security
Overview of Cloud Computing, Security and Resiliency Cloud Services, Cloud Security Concerns, Cloud Security Controls, Cloud Computing Protection Considerations
Transformative Technologies
Artificial Intelligence, Augmented Reality, Autonomous SOC, Dynamic Deception, Software-Defined Cybersecurity

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management
Strategic Planning
Understanding the Organization, Understanding the Business Structure, Determining and Aligning Business and Information Security Goals
Identifying Key Sponsors, Stakeholders, and Influencers, Understanding Organizational Financials, Creating an Information Security Strategic Plan, Strategic Planning Basics
Alignment to Organizational Strategy and Goals, Defining Tactical Short, Medium, and Long-Term Information Security Goals
Information Security Strategy Communication, Creating a Culture of Security, Creating a Culture of Security
Designing, Developing, and Maintaining an Enterprise Information Security Program
Ensuring a Sound Program Foundation, , Architectural Views, Creating Measurements and Metrics, Balanced Scorecard,
Continuous Monitoring and Reporting Outcomes, ontinuous Improvement, Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)
Understanding the Enterprise Architecture (EA)
EA Types, The Zachman Framework, The Open Group Architecture Framework (TOGAF), Sherwood Applied Business Security Architecture (SABSA),
Federal Enterprise Architecture Framework (FEAF)

.
Finance
Understanding Security Program Funding, Analyzing, Forecasting, and Developing a Security Budget
Resource Requirements, Define Financial Metrics, Technology Refresh, New Project Funding, Contingency Funding,, Managing the information Security Budget, Obtain Financial Resources
Allocate Financial Resources, Monitor and Oversight of Information Security Budget, Report Metrics to Sponsors and Stakeholders, Balancing the Information Security Budget
Procurement
Procurement Program Terms and Concepts, Statement of Objectives (SOO), Total Cost of Ownership (TCO),
Request for Information (RFI), Request for Proposal (RFP), Master Service Agreement (MSA), Service Level Agreement (SLA)
Terms and Conditions (T&C), Understanding the Organizationís Procurement Program, Internal Policies, Processes, and Requirements
External or Regulatory Requirements, Local Versus Global Requirements, Procurement Risk Management, Standard Contract Language
Vendor Management
Understanding the Organizationís Acquisition Policies and Procedures, Procurement Life cycle,Applying Cost-Benefit Analysis (CBA) During the Procurement Process5
Vendor Management Policies, Contract Administration Policies, Service and Contract Delivery Metrics, Contract Delivery Reporting, Change Requests, Contract Renewal, Contract Closure,
Delivery Assurance, Validation of Meeting Contractual Requirements
Formal Delivery Audits, Periodic Random Delivery Audits, Third-Party Attestation Services (TPRM)