Certified Chief Information Security Officer (CCISO) cover image

Certified Chief Information Security Officer (CCISO)

Duration: 5 Days

CISO, or Chief Information Security Officer, is an established top-level executive position in the industry, similar to CEO or CTO. CISO is the highest-level executive in an organization charged with information security.The CCISO certification training aims to provide the learners with comprehensive knowledge and skills regarding the information security domain. The Chief Information Security Officer Certification Training covers vital areas such as policy setting, project management, audit management, executive strategy, contract management, and financial expertise. These areas of knowledge are essential for leading a successful IS program. The CCISO certification validates the competence of a professional in handling top-level executive tasks and in effectively leading an information security program.
Target Audience

This course is ideal for:

  • Network Engineers with security specialization
  • Experienced IT Professionals engaged in information security management
  • Those who perform CISO functions, but don’t have an official title
  • All the professionals who aspire to reach top-level position in information security profession
Pre-requisites
  • Candidates who are sitting for the exam without training must have 5 years of experience in the 5 core CCISO domains verified via the Exam Eligibility Application.
  • Candidates who have taken training must possess 3 years of IS management experience in 3 of the 5 core CCISO domains verified via the Exam Eligibility Application.
Domain 1:  Governance (Policy, Legal & Compliance) 
  • Definitions
  • Governance (Policy, Legal & Compliance)
  • Information Security Management Program
  • Information Security Laws, Regulations & Guidelines
  • Privacy Law
  • Domain 2: IS Management Controls and Auditing Management (Projects, Technology, and operations)
  • Design, Deploy, and Manage Security Controls in Alignment with Business Goals, Risk Tolerance, and Policies and Standards Information Security Risk Assessment
  • Risk Treatment
  • Residual Risk
  • Risk Acceptance
  • Risk Management Feedback Loops
  • Business Goals
  • Risk Tolerance
  • Policies and Standards
  • Understanding Security Controls Types and Objectives: Management Controls, Technical Controls, Policy and Procedural Controls, Organization Controls, and more
  • Implement Control Assurance Frameworks to: Define Key Performance Metrics (KPIs), Measure and Monitor Control Effectiveness, and Automate Controls
  • COBIT (Control Objectives for Information and Related Technology)
  • BAI06 Manage Changes
  • COBIT 4.1 vs. COBIT 5 ISO 27001/27002
  • Automate Controls
  • Wrap-up
  • Understanding the Audit Management Process
Domain 3 Management – Projects & Operations 
  • The Role of the CISO
  • Information Security Projects
  • Security Operations Management
  • Summary
  • Additional Resources
Domain 4: Information Security Core Competencies  
  • Access Control
  • Physical Security
  • Disaster Recovery
  • Network Security
  • Threat and Vulnerability Management
  • Application Security
  • Systems Security
  • Encryption
  • Computer Forensics and Incident Response
  • Summary
  • Suggested Reading
Domain 5: Strategic Planning & Finance 
  • Alignment with Business Goals and Risk Tolerance
  • Relationship between Security, Compliance, & Privacy
  • Leadership
  • Enterprise Information Security Architecture (EISA) Models, Frameworks and Standards
  • Emerging Trends in Security I
  • t’s all about the Data (Stradley 2009)
  • Systems Certification and Accreditation Process
  • Resource Planning
  • Financial Planning
  • Procurement
  • Vendor Management
  • Request for Proposal (RFP) Process
  • Integrate Security Requirements into the Contractual Agreement and Procurement Process
  • Statement of Work
  • Service Level Agreements
  • Bibliography
  • Index