Chief Information Security Officer Training | Information Security in Chichester

Chief Information Security Officer Training Course Outline

Domain 1: Governance and Risk Management 

Module 1: Governance

• Introduction to Governance
• Information Security Governance

Module 2: Information Security Management Structure

• Introduction
• Sizing
• Management Structure

Module 3: Principles of Information Security

• Principles of Information Security
• CIA Traid
• Security Vulnerabilities, Threats, Risks, and Exposures
• Cyberattack Elements
• Defence-in-depth

Module 4: Risk Management

• Risk Management Programme
• Approach
• Process
• Method
• Best Practice Frameworks for Risk Management

Module 5: Management and Technical Information Security Elements

• Management and Technical Information Security Elements
• Security Programme Plan
• Security Policies, Standards, and Guidelines
• Asset Security
• Identity and Access Management
• Security Engineering
• Security Operations
• Software Development Security
• Security Assessments and Testing
• Security Training and Awareness
• Business Continuity and Disaster Recovery

Module 6: Compliance

• Compliance
• Compliance Team
• Compliance Management

Module 7: Privacy

• Privacy
• Privacy Impact Assessment
• Privacy and Security

Module 8: Laws and Regulatory Drivers

• Laws and Regulatory Drivers

• Federal Information Security Modernisation Act
• Defence Federal Acquisition Regulation Supplement 252.204-7012
• Who Does DFARS 252.204-7012 Apply to?
• How Does Compliance Impact an Organisation?
• Clinger-Cohen Act
• Payment Card Industry Data Security Standard
• Who Does PCI DSS Apply to?
• Privacy Act of 1974
• GRAMM-LEACH-BLILEY ACT
• Health Insurance Portability and Accountability Act
• Family Educational Rights and Privacy Act
• SARBANES-OXLEY ACT
• General Data Protection Regulation

Module 9: Standards and Frameworks

• ISO/IEC 27000 Series
• ISO/IEC 27001
• NIST Cybersecurity Framework
• Federal Information Processing Standards
• Privacy Shield
• COBIT

Module 10: Information Security Trends and Best Practices

• Information Security Trends and Best Practices

• Open Web Application Security Project
• Cloud Security Alliance
• Centre for Internet Security

Module 11: Information Security Training and Certifications

• International Information System Security Certification Consortium
• ISACA
• International Council of E-Commerce Consultants
• Sans Institute
• Computing Technology Industry Association
• International Association of Privacy Professionals
• Offensive Security

Module 12: Ethics

• Introduction to Ethics

Domain 2: Information Security Controls, Compliance, and Audit Management

Module 13: Information Security Controls

• Control Fundamentals
• Control Frameworks

Module 14: Information Security Control Life Cycle

• Information Security Control Life Cycle
• Risk Assessment
• Design
• Implementation
• Assessment
• Monitoring

Module 15: Information Security Control Life Cycle Frameworks

• NIST SP
• NIST Risk Management Framework
• NIST Cybersecurity Framework
• ISO/IEC 27000

Module 16: Information Security Control Frameworks

• Components of Exploring Information Security Control Frameworks
• NIST SP 800-53
• NIST Cybersecurity Framework
• ISO/IEC 27002
• CIS Critical Security Controls
• CSA Cloud Controls Matrix

Module 17: Auditing for the CISO

• Auditing for the CISO
• Audit Management
• Audit Process
• Control Self-assessments
• Continuous Auditing
• Specific Types of Audits and Assessments

Domain 3: Security Programme Management and Operations

Module 18: Security Programme Management

• Security Areas of Focus
• Security Streams of Work
• Security Projects

Module 19: Security Programme Budgets, Finance, and Cost Control

• Establishing the Budget
• Managing and Monitoring Spending
• Security Programme Resource Management: Building the Security Team

Module 20: Project Management

• Project Management Fundamentals
• Phases of Project Management
• Initiating
• Planning
• Executing
• Monitoring and Controlling
• Closing

Domain 4: Information Security Core Competencies

Module 21: Malicious Software and Attacks

• Malware
• Scripting and Vulnerability-Specific Attacks

Module 22: Social Engineering

• Types of Social Engineering Attacks
• Why Employees are Susceptible to Social Engineering?
• Social Engineering Defences

Module 23: Asset Security

• Asset Inventory and Configuration
• Secure Configuration Baselines
• Vulnerability Management
• Asset Security Techniques

Module 24: Data Security

• Data at Rest
• Data in Transit
• Data in Use
• Data Life Cycle

Module 25: Identity and Access Management

• Identity and Access Management Fundamentals
• Identity Management Technologies
• Authentication Factors and Mechanisms
• Access Control Principles
• Access Control Models
• Access Control Administration
• Identity and Access Management Life Cycle

Module 26: Communication and Network Security

• WANs and LANs
• IP Addressing
• Network Address Translation
• Network Protocols and Communications
• Wireless
• Network Technologies and Defences

Module 27: Cryptography

• Cryptography
• Cryptographic Definitions
• Cryptographic Services
• Symmetric, Asymmetric, And Hybrid Cryptosystems
• Hash Algorithms
• Message Authentication Codes
• Digital Signatures
• Public Key Infrastructure

Module 28: Cloud Security

• Cloud Security
• Cloud Computing Characteristics
• Cloud Deployment Models
• Cloud Service Models
• Cloud Security Risks and Assurance Levels
• Cloud Security Resources

Module 29: Physical Security

• Making Security Decisions
• Physical Security Threats
• Physical Security Programme Planning
• Physical Security Resources
• Physical Security Controls
• Physical Security Auditing and Measurement

Module 30: Personnel Security

• Personnel Security
• Software Development Security
• Integrating Security into the SDLC
• Security SDLC Roles and Responsibilities
• Software Vulnerabilities
• Secure Coding Practices
• Software Vulnerability Analysis and Assessments

Module 31: Forensics, Incident Handling, and Investigations

• Relevant Law
• Logging and Monitoring
• Incident Response and Investigations
• Forensics and Digital Evidence

Module 32: Security Assessment and Testings

• Introduction to Security Assessment and Testings
• Vulnerability Assessments
• Penetration Testing
• Security Programme Assessments

Module 33: Business Continuity and Disaster Recovery

• Introduction to Business Continuity and Disaster Recovery
• Continuity Planning Initiation
• Business Impact Analysis
• Identify Preventive Controls
• Develop Recovery Strategies and Solutions
• Develop the Plan
• Test the Plan
• Maintain the Plan

Domain 5: Strategic Planning, Finance, Procurement, and Vendor Management

Module 34: Strategic Planning 

• Introduction to Strategic Planning
• Organisational Strategic Planning
• Organisational Strategic Planning Teams
• Strategic Planning Process
• Security Strategic Plan

Module 35: Making Security Decisions

• Introduction to Making Security Decisions
• Enterprise Architecture

Module 36: Financial Management

• Financial Management
• Accounting and Finance Basics
• Information Security Annual Budget

Module 37: Procurement and Vendor Management

• Overview of Procurement and Vendor Management
• Procurement Core Principles and Processes
• Types of Contracts
• Scope Agreements
• Third-party Vendor Risk Management