Certified Chief Information Security Officer

The Certified CISO (C|CISO) course has certified leading information security professionals around the world and is the first of its kind training and certification program aimed at producing top-level Information Security Leaders. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by seasoned CISOs for current and aspiring CISOs.

Target Audience

This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problem.

Course Objectives

Domain 1 : Governance (Policy, Legal, and Compliance)
Domain 2 : IS Management Controls and Auditing Management (Projects, Technology, and       Operations)
Domain 3 : Management – Project and Operations
Domain 4 : Information Security Core Competencies
Domain 5 : Strategic Planning & Finance


Meet Our CISO Expert


Over 20 years of governance and operational security experience. Executive level security consulting, provided board level reporting, security strategy creation and implementation, and global business security integration. Acting CISO and Director of Security for large corporations. He also designed and implemented most aspects of corporate security programs.
A wide range of regulatory experience includes PCI, SOX, FFIEC/FIDC, HIPAA, NERC CIP, and security framework knowledge extends to ISO/IEC 27001/27001, NIST, FISMA, OCTAVE and others.

Course Outline

Domain 1 : Governance (Policy, Legal & Compliance)

Risk Management

Information Security Management
Security Policy
Security Roles & Responsibilities
Security Standards, Guidelines & Frameworks
Risk Management
Technical Security Architecture
Asset Classification & Management
Security Management & Operations
Business Resilience
Training & Awareness
Security Metrics & Reporting

Information Security Governance
Information Security Compliance
Information Security Laws, Regulations & Guidelines
Broadly Applicable Laws and Regulations
Industry-Specific Regulations and Guidelines
International Laws

Privacy Laws
Data Breach Disclosure Laws
Security Breach Notification Law Components
International Privacy Laws

Domain 2: IS Management Controls and Auditing Management (Projects, Technology, and Operations)

Design, Deploy, and Manage Security Controls in Alignment with Business Goals, Risk Tolerance, and Policies and Standards
Information Security Risk Management
Context Establishments

Information Security Risk Assessment
Risk Identification
Risk Analysis
Risk Evaluation

Risk Treatment
Risk Modification
Risk Retention
Risk Avoidance
Risk Sharing

Residual Risk

Risk Acceptance

Risk Management Feedback Loops
Risk Communication and Consultation
Risk Monitoring and Review

Business Goals
COBIT 4.1 PO1.2 Business IT-Alignment
COBIT 5.0 AP002 Manage Strategy

Risk Tolerance
Policies and Standards
Understanding Security Controls Types and Objectives: Management Controls, Technical Controls, Policy and Procedural Controls and Organization Controls

What the control does?
How the control is performed?
Reliance upon controls
Choosing controls
Common Types of Controls

Implement Control Assurance Frameworks to: Define Key Performance Metrics (KPIs), Measure & Monitor Control Effectiveness, & Automate Controls
COBIT (Control Objectives for Information and Related Technology)
BAI06 Manage Changes

Process Description
Process Purpose Statement
Goals and Metrics
RACI chart
Process Practice, Inputs/Outputs, and Activities

COBIT 4.1 vs. COBIT 5
ISO 27001/27002

Change Management

Automate Controls

Understanding the Audit Management Process
Audit management standards and best practice
Measure Effectiveness of the Audit Process against Business Goals and Risk Tolerance
Analysis and Interpretation of Audit Reports
Formulation of Remediation Plans
Risk Assessment of Ineffective or Missing Controls
Monitor Effectiveness of Remediation Efforts
Reporting Process to Business Stakeholders


Domain 3:Management – Projects & Operations

The Role of the CISO
Metrics and Reporting

Information Security Projects
Alignment with Business Goals
Identification of Project Stakeholders
Alignment with Risk Tolerance
Infosec Project Execution Best Practices

Security Operations Management
Staff Functions and Skills
Communication Planning
Vendor Management
Integration of Security Requirements into Other Operational Processes

Domain 4:Information Security Core Competencies

Access Control
Access Control Design
Types of Access Control
Authentication Principles
Authorization Principles
Access Administration

Physical Security
Physical Risk Analysis
Facility Design Considerations
Personnel Security
Physical Security Audits
Monitoring of Physical Security Controls
Physical Mobile Security
Disaster Recovery
Disaster Recovery vs. Business Continuity
Risk Appetite
Projects Charters, Scope, Work Plans
Business Impact Analysis
Disaster Recovery Facilities
Disaster Recovery Testing
Data Backup and Recovery Solutions
Crisis Management

Network Security
Plans, Standards, and Best Practices
Network Planning
Network Intrusion Detection and Intrusion Prevention
Network Access Control (NAC)
Virtual Private Networks (VPN)
Wireless Network Security
Securing the Network
Voice-over-IP (VoIP) Security
Network Architecture Models
Network Standards and Protocols

Threats and Vulnerability Management
Human threats
Environmental/Physical Threats
Technical Threats
Natural Threats
Vulnerability Management
Monitoring and Alerting
Patch Management
Vulnerability Scanning
Penetration Testing
Social Engineering
Human Social Engineering
Computer-based Social Engineering
Social Media Countermeasures

Application Security
System Development Life Cycle (SDLC) Practices
Phases of the Systems Development Life Cycle (SDLC)
Top-10 Application Vulnerabilities
Dynamic and Static Application Security Testing
Change Management
Separation of Production, Development, & Test Environments
Other SDLC Considerations

System Security
Best Practices
OS Hardening
Application Hardening
Database Hardening
Vulnerability Assessment
Configuration Management
Asset Management
Change Control

Encryption Algorithms
Digital Signatures
Public Key Infrastructure
Secure Sockets Layer/Transport Layer Security
Security Protocols

Computer Forensics and Incident Response
Development of Incident Response Procedures
Responsibilities and Escalation Processes
Testing Incident Response Procedures
Coordination with Law Enforcement and Other External Entities
Computer Forensics Process
Chain of Custody
Collection and Preserving Digital Evidence

Training Schedule

Certified Chief Information Security Officer
2021 - 2022
Training schedule not found.