The Certified CISO (CCISO) Training Course
Overview
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.
Upon completion of this course, you will accomplish the following:
- Define, implement, and manage an information security governance program that includes leadership, organizational structures and processes.
- Assess the major enterprise risk factors for compliance.
- Design and develop a program to monitor firewalls and identify firewall configuration issues.
- Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools.
- Deploy and manage anti-virus systems.
- Understand various system-engineering practices.
- Identify the volatile and persistent system information.
- Develop and manage an organizational digital forensic program.
- Identify the best practices to acquire, store and process digital evidence.
Prerequisite
This Training is available to individuals who possess the requisite Information Security Management experience.
Recommended Course
Full Description
Table of Contents
Domain 1: Governance
Knowledge Assumptions.
1. Drivers that Influence Governance
1.1 Business Drivers
1.1.1 Form of Business Organization
1.1.2 Organizational Structure
1.1.3 Industry
1.1.4 Organizational Maturity
1.2 Information Security Drivers
1.2.1 Corporate Governance and Organizational Alignment
1.2.2 Compliance
1.2.3 Information Privacy
2. Corporate Governance Activities
2.1 Risk Oversight
2.2 Enterprise Architecture
2.2.1 The Zachman Framework
2.2.2 The Open Group Architecture Framework (TOGAF)
2.2.3 Sherwood Applied Business Security Architecture (SABSA)
2.2.4 Federal Enterprise Architecture Framework (FEAF)
2.2.5 Department of Defense Architecture Framework (DoDAF)
2.3 Asset Management
2.3.1 Asset Ownership
2.3.2 Classification
2.3.3 Asset Inventory
2.3.4 Asset Value
2.3.5 Asset Protection
2.3.6 Asset Management in Practice
2.4 Managing and Controlling Organizational Changes
2.4.1 Change Control
2.4.2 Change Management
2.5 Business Continuity Management
2.5.1 Business Impact Analysis
2.5.2 Business Continuity Planning
2.5.3 Disaster Recovery Planning
2.5.4 Alternate Processing Sites
2.5.5 BCM Plan Testing
2.5.7 Crisis Management
3. Information Security Governance Activities
3.1 Information Security Program Management
3.1.1 Formal Documentation
3.1.2 Education, Training, and Awareness
3.1.3 Information Security Steering Committee
3.1.4 Metrics and Reporting
3.2 Security Engineering
3.3 Security Operations
3.4 Corporate Governance and Security Responsibilities
4. Governance and Ethical Decision Making
4.1 EC-Council Code of Ethics
Domain 1 Summary
Domain 2: Security Risk Management, Controls, and Audit Management
Knowledge Assumptions
1. Risk Management
1.1 Risk Assessment
1.2 Risk Analysis Approaches
1.3 Organizational Risk Perspectives
1.4 Risk Management Constraints
2. Risk Treatment
2.1 Risk Treatment Options
2.2 Attributes of Controls
2.3 Selecting and Implementing Controls
2.4 Control Catalogs
3. Risk Management Frameworks
3.1 ISO 27005
3.2 NIST Risk Management Framework
3.2.1 NIST Risk Management and Assessment
3.3 Additional Risk Management Tools
3.3.1 ISO 31000
3.3.2 Threat Agent Risk Assessment (TARA)
3.3.3 Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro
3.3.4 Factor Analysis of Information Risk (FAIR)
3.3.5 COBIT Risk Management
3.3.6 ITIL Risk Management
4. Audit Management
4.1 Evaluation Standards and Controls
4.2 Analysis and Interpretation of Audit Results
4.3 Outcomes for Ineffective or Missing Controls
5. Risk Communication and Organizational Reporting
Domain 2 Summary
Domain 3: Security Program Management and Operations119 Knowledge Assumptions
1. Information Security Portfolio Management
1.1 Information Security Portfolio Planning
1.2 Information Security Portfolio Alignment
2. Information Security Program Management
2.1 Information Security Program Development Model
3. Information Security Project Management
3.1 Project Initiation
3.2 Intermediate Project Phases
3.3 Project Closure
4. Security Operations
4.1 Security Operations Center (SOC)
4.1.1 Security Operations Personnel
4.1.2 Security Operations Processes: Policies and Procedures
4.1.3 Security Operations Technology
4.1.4 Security Operations Communication
4.2 Security Operations Program Activities
4.2.1 Event Management and Incident Response
4.2.2 Digital Forensic Investigation
4.2.3 Threat Hunting
Domain 3 Summary
Domain 4: Information Security Core Competencies
Knowledge Assumptions
1. Access Control
1.1. Access Control Plan
1.2. Types of Access Control
1.3. Authentication
1.4. Authorization
1.5. Access Administration
2. Physical Security
2.1. Physical Risk Analysis
2.2. Physical Security Audits
2.3. Physical Security Strategy
2.4. Facility Design
3. Network and Communications Security
3.1. Network Security Planning
3.2. Network Management Concerns
3.3. Network Topologies
3.4. Network Standards and Protocols
3.5. Network Security Controls
3.6. Wireless Communications Security
3.7. Voice-over-IP (VoIP) Security
4. Threat and Vulnerability Management
4.1. Threat Management
4.2. Vulnerability Management
5. System and Application Security
5.1. System Development
5.2. Separation of production, development, and test environments
5.3. Application Testing
5.4. System Security Management
5.5. Configuration management
5.6. System Hardening
5.7. Data Sanitization
5.8. Mobile System Security
6. Encryption Concepts and Technology
6.1. Encryption Algorithms
6.2. Public Key Infrastructure
6.3. Hashing
6.4. Digital Signatures
Domain 4 Summary
Domain 5: Strategic Planning, Financial Management, and Vendor Management
Knowledge Assumptions
1. Strategic Planning
1.1. Strategic Planning Phases
1.2. Strategic Planning Tools
2. Financial Management
2.1. Fundamental Accounting Concepts
2.2. Budgeting
2.3. Expense Management
2.4. Comparing Capital Investment Opportunities
2.5. Financial Accounting for Security Leaders
3. Vendor Risk Management
3.1. Procurement
3.1.1 Planning
3.1.2 Vendor assessment and selection
3.1.3 Contract negotiation
3.1.4 Managing Expectations and Performance
3.2. Vendor Management
3.2.1 Oversight
3.2.2 Risk Management
3.2.3 Disposition
Domain 5 Summary
References
Index
Fees & Schedule
| Delivery Mode | Course Duration | Fees |
|---|---|---|
| Live Virtual Training | 5 Days | Ask for Quote |
| Onsite Classroom Training | 5 Days | Ask for Quote |
| Customized Training | 5 Days | Ask for Quote |
spiretecsolutions (skype)