Chief Information Security Officer Training Course Outline
Domain 1: Governance and Risk Management
Module 1: Governance
- Introduction to Governance
- Information Security Governance
Module 2: Information Security Management Structure
- Introduction
- Sizing
- Management Structure
Module 3: Principles of Information Security
- Principles of Information Security
- CIA Traid
- Security Vulnerabilities, Threats, Risks, and Exposures
- Cyberattack Elements
- Defence-in-depth
Module 4: Risk Management
- Risk Management Programme
- Approach
- Process
- Method
- Best Practice Frameworks for Risk Management
Module 5: Management and Technical Information Security Elements
- Management and Technical Information Security Elements
- Security Programme Plan
- Security Policies, Standards, and Guidelines
- Asset Security
- Identity and Access Management
- Security Engineering
- Security Operations
- Software Development Security
- Security Assessments and Testing
- Security Training and Awareness
- Business Continuity and Disaster Recovery
Module 6: Compliance
- Compliance
- Compliance Team
- Compliance Management
Module 7: Privacy
- Privacy
- Privacy Impact Assessment
- Privacy and Security
Module 8: Laws and Regulatory Drivers
- Laws and Regulatory Drivers
- Federal Information Security Modernisation Act
- Defence Federal Acquisition Regulation Supplement 252.204-7012
- Who Does DFARS 252.204-7012 Apply to?
- How Does Compliance Impact an Organisation?
- Clinger-Cohen Act
- Payment Card Industry Data Security Standard
- Who Does PCI DSS Apply to?
- Privacy Act of 1974
- GRAMM-LEACH-BLILEY ACT
- Health Insurance Portability and Accountability Act
- Family Educational Rights and Privacy Act
- SARBANES-OXLEY ACT
- General Data Protection Regulation
Module 9: Standards and Frameworks
- ISO/IEC 27000 Series
- ISO/IEC 27001
- NIST Cybersecurity Framework
- Federal Information Processing Standards
- Privacy Shield
- COBIT
Module 10: Information Security Trends and Best Practices
- Information Security Trends and Best Practices
- Open Web Application Security Project
- Cloud Security Alliance
- Centre for Internet Security
Module 11: Information Security Training and Certifications
- International Information System Security Certification Consortium
- ISACA
- International Council of E-Commerce Consultants
- Sans Institute
- Computing Technology Industry Association
- International Association of Privacy Professionals
- Offensive Security
Module 12: Ethics
Domain 2: Information Security Controls, Compliance, and Audit Management
Module 13: Information Security Controls
- Control Fundamentals
- Control Frameworks
Module 14: Information Security Control Life Cycle
- Information Security Control Life Cycle
- Risk Assessment
- Design
- Implementation
- Assessment
- Monitoring
Module 15: Information Security Control Life Cycle Frameworks
- NIST SP
- NIST Risk Management Framework
- NIST Cybersecurity Framework
- ISO/IEC 27000
Module 16: Information Security Control Frameworks
- Components of Exploring Information Security Control Frameworks
- NIST SP 800-53
- NIST Cybersecurity Framework
- ISO/IEC 27002
- CIS Critical Security Controls
- CSA Cloud Controls Matrix
Module 17: Auditing for the CISO
- Auditing for the CISO
- Audit Management
- Audit Process
- Control Self-assessments
- Continuous Auditing
- Specific Types of Audits and Assessments
Domain 3: Security Programme Management and Operations
Module 18: Security Programme Management
- Security Areas of Focus
- Security Streams of Work
- Security Projects
Module 19: Security Programme Budgets, Finance, and Cost Control
- Establishing the Budget
- Managing and Monitoring Spending
- Security Programme Resource Management: Building the Security Team
Module 20: Project Management
- Project Management Fundamentals
- Phases of Project Management
- Initiating
- Planning
- Executing
- Monitoring and Controlling
- Closing
Domain 4: Information Security Core Competencies
Module 21: Malicious Software and Attacks
- Malware
- Scripting and Vulnerability-Specific Attacks
Module 22: Social Engineering
- Types of Social Engineering Attacks
- Why Employees are Susceptible to Social Engineering?
- Social Engineering Defences
Module 23: Asset Security
- Asset Inventory and Configuration
- Secure Configuration Baselines
- Vulnerability Management
- Asset Security Techniques
Module 24: Data Security
- Data at Rest
- Data in Transit
- Data in Use
- Data Life Cycle
Module 25: Identity and Access Management
- Identity and Access Management Fundamentals
- Identity Management Technologies
- Authentication Factors and Mechanisms
- Access Control Principles
- Access Control Models
- Access Control Administration
- Identity and Access Management Life Cycle
Module 26: Communication and Network Security
- WANs and LANs
- IP Addressing
- Network Address Translation
- Network Protocols and Communications
- Wireless
- Network Technologies and Defences
Module 27: Cryptography
- Cryptography
- Cryptographic Definitions
- Cryptographic Services
- Symmetric, Asymmetric, And Hybrid Cryptosystems
- Hash Algorithms
- Message Authentication Codes
- Digital Signatures
- Public Key Infrastructure
Module 28: Cloud Security
- Cloud Security
- Cloud Computing Characteristics
- Cloud Deployment Models
- Cloud Service Models
- Cloud Security Risks and Assurance Levels
- Cloud Security Resources
Module 29: Physical Security
- Making Security Decisions
- Physical Security Threats
- Physical Security Programme Planning
- Physical Security Resources
- Physical Security Controls
- Physical Security Auditing and Measurement
Module 30: Personnel Security
- Personnel Security
- Software Development Security
- Integrating Security into the SDLC
- Security SDLC Roles and Responsibilities
- Software Vulnerabilities
- Secure Coding Practices
- Software Vulnerability Analysis and Assessments
Module 31: Forensics, Incident Handling, and Investigations
- Relevant Law
- Logging and Monitoring
- Incident Response and Investigations
- Forensics and Digital Evidence
Module 32: Security Assessment and Testings
- Introduction to Security Assessment and Testings
- Vulnerability Assessments
- Penetration Testing
- Security Programme Assessments
Module 33: Business Continuity and Disaster Recovery
- Introduction to Business Continuity and Disaster Recovery
- Continuity Planning Initiation
- Business Impact Analysis
- Identify Preventive Controls
- Develop Recovery Strategies and Solutions
- Develop the Plan
- Test the Plan
- Maintain the Plan
Domain 5: Strategic Planning, Finance, Procurement, and Vendor Management
Module 34: Strategic Planning
- Introduction to Strategic Planning
- Organisational Strategic Planning
- Organisational Strategic Planning Teams
- Strategic Planning Process
- Security Strategic Plan
Module 35: Making Security Decisions
- Introduction to Making Security Decisions
- Enterprise Architecture
Module 36: Financial Management
- Financial Management
- Accounting and Finance Basics
- Information Security Annual Budget
Module 37: Procurement and Vendor Management
- Overview of Procurement and Vendor Management
- Procurement Core Principles and Processes
- Types of Contracts
- Scope Agreements
- Third-party Vendor Risk Management