Thumb

Management with adaptable practices

We denounce with righteous indige nation and dislike men who are so beguiled and demo realized by the charms of pleasure of the moment, so blinded by desire, that they cannot foresee the pain and trouble that are bound to ensue cannot foresee. These cases are perfectly simple and easy to distinguish. In a free hour, when our power of choice is untrammelled data structures manages data in technology.

Chief Information Security Officer Training​ Course Outline

Module 1: Governance and Risk Management

  • Governance
  • Information Security Management Structure
  • Principles of Information Security
  • Risk Management
  • Management and Technical Information Security Elements
  • Compliance
  • Privacy
    1. Privacy Impact Assessment
    2. Privacy and Security
  • Laws and Regulatory Drivers
  • Standards and Frameworks
    1. ISO/IEC 27000 Series
    2. ISO/IEC 27001
    3. NIST Cybersecurity Framework
    4. Federal Information Processing Standards
    5. NIST Special Publications
    6. Privacy Shield
    7. COBIT
  • Information Security Trends and Best Practices
    1. Open Web Application Security Project
    2. Cloud Security Alliance
    3. Centre for Internet Security
  • Information Security Training and Certifications
  • Ethics

Module 2: Information Security Controls, Compliance, and Audit Management

  • Information Security Controls
    1. Control Fundamentals
    2. Control Frameworks
  • Information Security Control Life Cycle Frameworks
    1. NIST Risk Management Framework
    2. NIST Cybersecurity Framework
    3. ISO/IEC 27000
  • Information Security Control Life Cycle
    1. Risk Assessment
    2. Design
    3. Implementation
    4. Assessment
    5. Monitoring
  • Exploring Information Security Control Frameworks
  • Auditing for the CISO
    1. Audit Management
    2. Audit Process
    3. Control Self-Assessments
    4. Continuous Auditing
    5. Specific Types of Audits and Assessments

Module 3: Security Programme Management and Operations

  • Security Programme Management
    1. Security Areas of Focus
    2. Security Streams of Work
    3. Asset Security Management
    4. Security Projects
  • Security Programme Budgets, Finance, and Cost Control
    1. Establishing the Budget
    2. Managing and Monitoring Spending
  • Security Programme Resource Management: Building the Security Team
    1. Project Management
    2. Project Management Fundamentals
  • Project Management
    1. Phases of Project Management
    2. Initiating
    3. Planning
    4. Executing
    5. Monitoring and Controlling
    6. Closing

Module 4: Information Security Core Competencies

  • Malicious Software and Attacks
    1. Malware
    2. Scripting and Vulnerability – Specific Attacks
  • Social Engineering
    1. Types of Social Engineering Attacks
    2. Why Employees Are Susceptible to Social Engineering
    3. Social Engineering Defences
  • Asset Security
    1. Asset Inventory and Configuration
    2. Management
    3. Secure Configuration Baselines
    4. Vulnerability Management
    5. Asset Security Techniques
  • Data Security
    1. Data at Rest
    2. Data in Transit
    3. Data in Use
    4. Data Life Cycle
  • Identity and Access Management
    1. Identity and Access Management Fundamentals
    2. Identity Management Technologies
    3. Authentication Factors and Mechanisms
    4. Access Control Principles
    5. Access Control Models
    6. Access Control Administration
    7. Identity and Access Management Life Cycle
  • Communication and Network Security
    1. WANs and LANs
    2. IP Addressing
    3. Network Address Translation
    4. Network Protocols and Communications
    5. Wireless
    6. Network Technologies and Defences
  • Cryptography
    1. Cryptographic Definitions
    2. Cryptographic Services
    3. Symmetric, Asymmetric, and Hybrid Cryptosystems
    4. Hash Algorithm s
    5. Message Authentication Codes
    6. Digital Signatures
    7. Public Key Infrastructure
  • Cloud Security
    1. Cloud Computing Characteristics
    2. Cloud Deployment Models
    3. Cloud Service Models
    4. Cloud Security Risks and Assurance Levels
    5. Cloud Security Resources
  • Physical Security
    1. Physical Security Threats
    2. Physical Security Programme Planning
    3. Physical Security Resources
    4. Physical Security Controls
    5. Physical Security Auditing and Measurement
  • Personnel Security
    1. Software Development Security
    2. Integrating Security into the SDLC
    3. Security SDLC Roles and Responsibilities
    4. Software Vulnerabilities
    5. Secure Coding Practices
    6. Software Vulnerability Analysis and Assessments
  • Forensics, Incident Handling, and Investigations
    1. Relevant Law
    2. Logging and Monitoring
    3. Incident Response and Investigations
    4. Forensics and Digital Evidence
  • Security Assessment and Testing
    1. Vulnerability Assessments
    2. Penetration Testing
    3. Regulatory Compliance Assessments
    4. Security Programme Assessments
  • Business Continuity and Disaster Recovery
    1. Continuity Planning Initiation
    2. Business Impact Analysis
    3. Identify Preventive Controls
    4. Develop Recovery Strategies and Solutions
    5. Develop the Plan
    6. Test the Plan
    7. Maintain the Plan

Module 5: Strategic Planning, Finance, Procurement, and Vendor Management

  • Strategic Planning
    1. Organisational Strategic Planning
    2. Organisational Strategic Planning Teams
    3. Strategic Planning Process
    4. Security Strategic Plan
  • Making Security Decisions
  • Financial Management
    1. Accounting and Finance Basics
    2. Information Security Annual Budget
  • Procurement and Vendor Management
    1. Procurement Core Principles and Processes
    2. Types of Contracts
    3. Scope Agreements
    4. Third-Party Vendor Risk Management

Prerequisites

In this Chief Information Security Officer (CISO) Training course, there are no formal prerequisites.

Audience

This Chief Information Security Officer (CISO) Training is designed for anyone who wants to reach a top-level position in the information security profession. However, this course is more beneficial for Information Security Officers and Digital Security Managers.

Chief Information Security Officer Training​ Course Overview

Chief Information Security Officer (CISO) is a high-rank executive who creates and executes security programmes to assure that organisation's technologies and data are secured from external and internal threats. A CISO (Chief Information Security Officer) can take on various responsibilities and duties depending on the hierarchy, size, industry, and regulations suitable to the organisation. Organisations that have a Chief Information Security Officer realise many benefits like reduced risks and limited liability issues. So, individuals holding great skills, knowledge, and abilities to perform the duties of Chief Information Security Officer are highly in demand by the various multinational organisations.

This 3-day Chief Information Security Officer Training course aims to provide delegates with a comprehensive knowledge of Information Security Officer roles and responsibilities. During this course, delegates will learn about assessing and monitoring information security control life cycle. They will also learn about the information security controls, cryptography, physical security, security SDLC roles and responsibilities, organisational strategic planning, etc. Our highly professional trainer with years of experience in teaching information security courses will conduct this training course and help delegates get a complete understanding of CISO's roles and responsibilities.

This training will also cover the following concepts:

  • Information security management structure
  • Life cycle frameworks of information security control
  • Information security core competencies
  • Identity and access management life cycle
  • Communication and network security
  • Business continuity and disaster recovery
  • Financial management

At the end of this Chief Information Security Officer Training course, delegates will be able to use various principles and structures to manage information security effectively. They will be able to effectively access the management life cycle and deal with clients using different management technologies. They will also be able to use various network security technologies to secure the organisation's data.

  • Delegate pack consisting of course notes and exercises
  • Manual
  • Experienced Instructor

EU GDPR Practitioner Exam Information

The GDPR Practitioner exam assesses a candidate’s knowledge of compliance mechanisms, cloud and third-party processing, the stipulations of the GDPR, Data Protection Impact Assessments, security breaches, and the expectations of GDPR-mandated roles. The exam consists of:

  • Type: Multiple choice questions
  • Duration: 1 hour 30 minutes
  • Pass mark: 55%
  • Open Book: Yes
4