Certified Chief Information Security Officer Certification Overview

Certified Chief Information Security Officer Certification Course Outline

Domain 1: Governance and Risk Management

Module 1: Define, Implement, Manage, and Maintain an Information Security Governance Program

  • Form of Business Organisation
  • Industry
  • Organisational Maturity

Module 2: Information Security Drivers

Module 3: Establishing an Information Security Management Structure

  • Organisational Structure
  • Where does the CISO fit within the Organisational Structure
  • The Executive CISO
  • Nonexecutive CISO

Module 4: Laws/Regulations/Standards as Drivers of Organisational Policy/Standards/Procedures

Module 5: Managing an Enterprise Information Security Compliance Program

  • Security Policy
  • Necessity of a Security Policy
  • Security Policy Challenges
  • Policy Content
    • Types of Policies
    • Policy Implementation
  • Reporting Structure
  • Standards and Best Practices
  • Leadership and Ethics
  • EC-Council Code of Ethics

Module 6: Introduction to Risk Management

  • Organisational Structure
  • Where does the CISO fit within the Organisational Structure
  • The Executive CISO
  • Nonexecutive CISO

Domain 2: Information Security Controls, Compliance, and Audit Management

Module 7: Information Security Controls

  • Identifying the Organisation’s Information Security Needs
    • Identifying the Optimum Information Security Framework
    • Designing Security Controls
    • Control Lifecycle Management
    • Control Classification
    • Control Selection and Implementation
    • Control Catalogue
    • Control Maturity
    • Monitoring Security Controls
    • Remediating Control Deficiencies
    • Maintaining Security Controls
    • Reporting Controls
    • Information Security Service Catalogue

Module 8: Compliance Management

  • Acts, Laws, and Statutes
  • FISMA
  • Regulations
  • GDPR
  • Standards
    • ASD—Information Security Manual
    • Basel III
    • FFIEC
    • ISO 00 Family of Standards
    • NERC-CIP
    • PCI DSS
    • NIST Special Publications
    • Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

Module 9: Guidelines, Good and Best Practices

  • CIS
    • OWASP

Module 10: Audit Management

  • Audit Expectations and Outcomes
  • IS Audit Practices
    • ISO/IEC Audit Guidance
    • Internal versus External Audits
    • Partnering with the Audit Organisation
    • Audit Process
    • General Audit Standards
    • Compliance-Based Audits
    • Risk-Based Audits
    • Managing and Protecting Audit Documentation
    • Performing an Audit
    • Evaluating Audit Results and Report
    • Remediating Audit Findings
    • Leverage GRC Software to Support Audits

Domain 3: Security Program Management & Operations

Module 11: Program Management

  • Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
    • Security Program Charter
    • Security Program Objectives
    • Security Program Requirements
    • Security Program Stakeholders
    • Security Program Strategy Development
  • Executing an Information Security Program
  • Defining and Developing, Managing and Monitoring the Information Security Program
    • Defining an Information Security Program Budget
    • Developing an Information Security Program Budget
    • Managing an Information Security Program Budget
    • Monitoring an Information Security Program Budget
  • Defining and Developing Information Security Program Staffing Requirements
  • Managing the People of a Security Program
    • Resolving Personnel and Teamwork Issues
    • Managing Training and Certification of Security Team Members
    • Clearly Defined Career Path
    • Designing and Implementing a User Awareness Program
  • Managing the Architecture and Roadmap of the Security Program
    • Information Security Program Architecture
    • Information Security Program Roadmap
  • Program Management and Governance
    • Understanding Project Management Practices
    • Identifying and Managing Project Stakeholders
    • Measuring the Effectives of Projects
  • Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
  • Data Backup and Recovery
  • Backup Strategy
  • ISO BCM Standards
    • Business Continuity Management (BCM)
    • Disaster Recovery Planning (DRP)
  • Continuity of Security Operations
    • Integrating the Confidentiality, Integrity and Availability (CIA) Model
  • BCM Plan Testing
  • DRP Testing
  • Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
  • Computer Incident Response
    • Incident Response Tools
    • Incident Response Management
    • Incident Response Communications
    • Post-Incident Analysis
    • Testing Incident Response Procedures
  • Digital Forensics
    • Crisis Management
    • Digital Forensics Life Cycle

Module 12: Operations Management

  • Establishing and Operating a Security Operations (SecOps) Capability
  • Security Monitoring and Security Information and Event Management (SIEM)
  • Event Management
  • Incident Response Model
    • Developing Specific Incident Response Scenarios
  • Threat Management
  • Threat Intelligence
    • Information Sharing and Analysis Centres (ISAC)
  • Vulnerability Management
    • Vulnerability Assessments
    • Vulnerability Management in Practice
    • Penetration Testing
    • Security Testing Teams
    • Remediation
  • Threat Hunting

Module 13: Summary

Domain 4: Information Security Core Competencies

Module 14: Access Control

  • Authentication, Authorisation, and Auditing
  • Authentication
  • Authorisation
  • Auditing
  • User Access Control Restrictions
  • User Access Behaviour Management
  • Types of Access Control Models
  • Designing an Access Control Plan
  • Access Administration

Module 15: Physical Security

  • Designing, Implementing, and Managing Physical Security Program
    • Physical Risk Assessment
  • Physical Location Considerations
  • Obstacles and Prevention
  • Secure Facility Design
    • Security Operations Centre
    • Sensitive Compartmented Information Facility
    • Digital Forensics Lab
    • Datacentre
  • Preparing for Physical Security Audits

Module 16: Network Security

  • Network Security Assessments and Planning
  • Network Security Architecture Challenges
  • Network Security Design
  • Network Standards, Protocols, and Controls
    • Network Security Standards
    • Protocols

Module 17: Certified Chief

  • Network Security Controls
  • Wireless (Wi-Fi) Security
    • Wireless Risks
    • Wireless Controls
  • Voice over IP Security

Module 18: Endpoint Protection

  • Endpoint Threats
  • Endpoint Vulnerabilities
  • End User Security Awareness
  • Endpoint Device Hardening
  • Endpoint Device Logging
  • Mobile Device Security
    • Mobile Device Risks
    • Mobile Device Security Controls
  • Internet of Things Security (IoT)
    • Protecting IoT Devices

Module 19: Application Security

  • Secure SDLC Model
  • Separation of Development, Test, and Production Environments
  • Application Security Testing Approaches
  • DevSecOps
  • Waterfall Methodology and Security
  • Agile Methodology and Security
  • Other Application Development Approaches
  • Application Hardening
  • Application Security Technologies
  • Version Control and Patch Management
  • Database Security
  • Database Hardening
  • Secure Coding Practices

Module 20: Encryption Technologies

  • Encryption and Decryption
  • Cryptosystems
    • Blockchain
    • Digital Signatures and Certificates
    • PKI
    • Key Management
  • Hashing
  • Encryption Algorithms
  • Encryption Strategy Development
    • Determining Critical Data Location and Type
    • Deciding What to Encrypt
    • Determining Encryption Requirements
    • Selecting, Integrating, and Managing Encryption Technologies

Module 21: Virtualisation Security

  • Virtualisation Overview
  • Virtualisation Risks
  • Virtualisation Security Concerns
  • Virtualisation Security Controls
  • Virtualisation Security Reference Model

Module 22: Cloud Computing Security

  • Overview of Cloud Computing
  • Security and Resiliency Cloud Services
  • Cloud Security Concerns
  • Cloud Security Controls
  • Cloud Computing Protection Considerations

Module 23: Transformative Technologies

  • Artificial Intelligence
  • Augmented Reality
  • Autonomous SOC
  • Dynamic Deception
  • Software-Defined Cybersecurity

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

Module 24: Strategic Planning

  • Understanding the Organisation
    • Understanding the Business Structure
    • Determining and Aligning Business and Information Security Goals
    • Identifying Key Sponsors, Stakeholders, and Influencers
    • Understanding Organisational Financials
  • Creating an Information Security Strategic Plan
    • Strategic Planning Basics
    • Alignment to Organisational Strategy and Goals
    • Defining Tactical Short, Medium, and Long-Term Information Security Goals
    • Information Security Strategy Communication
    • Creating a Culture of Security

Module 25: Designing, Developing, and Maintaining an Enterprise Information Security Program

  • Ensuring a Sound Program Foundation
  • Architectural Views
  • Creating Measurements and Metrics
  • Balanced Scorecard
  • Continuous Monitoring and Reporting Outcomes
  • Continuous Improvement
  • Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)

Module 26: Understanding the Enterprise Architecture (EA)

  • EA Types
    • The Zachman Framework
    • The Open Group Architecture Framework (TOGAF)
    • Sherwood Applied Business Security Architecture (SABSA)
    • Federal Enterprise Architecture Framework (FEAF)

Module 27: Finance

  • Understanding Security Program Funding
  • Analysing, Forecasting, and Developing a Security Budget
    • Resource Requirements
    • Define Financial Metrics
    • Technology Refresh
    • New Project Funding
    • Contingency Funding
  • Managing the information Security Budget
    • Obtain Financial Resources
    • Allocate Financial Resources
    • Monitor and Oversight of Information Security Budget
    • Report Metrics to Sponsors and Stakeholders
    • Balancing the Information Security Budget

Module 28: Procurement

  • Procurement Program Terms and Concepts
    • Statement of Objectives (SOO)
    • Statement of Work (SOW)
    • Total Cost of Ownership (TCO)
    • Request for Information (RFI)
    • Request for Proposal (RFP)
    • Master Service Agreement (MSA)
    • Service Level Agreement (SLA)
    • Terms and Conditions (T&C)
  • Understanding the Organisation’s Procurement Program
    • Internal Policies, Processes, and Requirements
    • External or Regulatory Requirements
    • Local Versus Global Requirements
  • Procurement Risk Management
    • Standard Contract Language

Module 29: Vendor Management

  • Understanding the Organisation’s Acquisition Policies and Procedures
    • Procurement Life cycle
  • Applying Cost-Benefit Analysis (CBA) During the Procurement Process
  • Vendor Management Policies
  • Contract Administration Policies
    • Service and Contract Delivery Metrics
    • Contract Delivery Reporting
    • Change Requests
    • Contract Renewal
    • Contract Closure
  • Delivery Assurance
    • Validation of Meeting Contractual Requirements
    • Formal Delivery Audits
    • Periodic Random Delivery Audits
    • Third-Party Attestation Services (TPRM)

Show moredowndown

Who should attend this Certified Chief Information Security Officer Certification?

This CCISO Training is tailored for experienced professionals aiming to elevate their careers by leading cybersecurity strategies at an organisational level. It's ideal for those looking to gain a comprehensive understanding of the complexities of information security management and governance. It is particularly beneficial for:

  • Chief Information Security Officers
  • IT Directors
  • Security Analysts
  • Network Architects
  • Security Architects
  • Senior IT Managers
  • Compliance Officers

Prerequisites of the Certified Chief Information Security Officer Certification

To attend the CCISO Training, delegates should meet the following prerequisites:

  • Professional Experience: Delegates must have five years of experience in three of the five CCISO Domains:
  1. Governance, Risk, Compliance
  2. Information Security Controls and Audit Management
  3. Security Program Management & Operations
  4. Information Security Core Competencies
  5. Strategic Planning, Finance, Procurement, and Third-Party Management
  • Educational Background: A bachelor's degree or higher in Information Technology, Computer Science, or a related field is highly recommended, though extensive relevant experience may substitute for formal education in some cases.

Certified Chief Information Security Officer Course Overview

The role of a Chief Information Security Officer (CISO) is pivotal in shaping the cybersecurity landscape of modern enterprises. As cyber threats evolve in complexity and scale, the need for strategic and knowledgeable leadership in the field of information security has never been more critical. The Certified Chief Information Security Officer Training Course equips professionals with the necessary skills to assume top-tier security roles within organisations.

Understanding the full scope of information security management is essential for those who protect organisations from cyber threats. The CCISO Course is designed for senior-level professionals committed to advancing their expertise in cybersecurity management, strategy, and governance. It's particularly crucial for those aspiring to leadership roles where they will dictate security policies and frameworks.

This 5-day Certified Chief Information Security Officer Course provided by The Knowledge Academy offers intensive, focused instruction that prepares delegates for high-stakes roles in cybersecurity leadership. Delegates will gain insights into the latest security challenges and best practices, enhancing their strategic decision-making and leadership capabilities in information security, all condensed into an efficient one-day format.

Course Objectives

  • To deepen understanding of strategic cybersecurity leadership
  • To master governance, risk management, and compliance
  • To develop skills for managing robust security programs
  • To apply strategies in real-world scenarios
  • To prepare for senior roles and certification success

Upon completion of the Certified Chief Information Security Officer Course, delegates will have acquired the strategic insights and practical tools necessary for leading complex security initiatives. They will be better positioned to influence their organisations' security strategies and contribute effectively at the highest levels of leadership.

Show moredowndown

What’s included in this Certified Chief Information Security Officer Certification?

  • Certified Chief Information Security Officer Exam
  • World-Class Training Sessions from Experienced Instructors
  • CCISO Certification
  • Digital Delegate Pack

Show moredowndown

Certified Chief Information Security Officer Certification Exam Information

The CCISO Exam assesses a candidate knowledge and skills in areas crucial for a Chief Information Security Officer. It is designed to validate comprehensive leadership abilities in managing an organisation’s information security.

Eligibility requirements: Candidates can sit for the CCISO Exam without training if they have five years of experience in each of the five CCISO domains. Alternatively, those who opt for training must have five years of experience in three of the five domains.

  • Question Type: Multiple-Choice 
  • Total Questions: 150
  • Pass Marks: 60%
  • Duration: 2.5 Hours 
  • Exam Mode: ECC Exam Portal

Show moredowndown

Why choose us

Ways to take this course

Experience live, interactive learning from home with The Knowledge Academy's Online Instructor-led Certified Chief Information Security Officer Certification. Engage directly with expert instructors, mirroring the classroom schedule for a comprehensive learning journey. Enjoy the convenience of virtual learning without compromising on the quality of interaction.

live-classes

Live classes

Join a scheduled class with a live instructor and other delegates.

interactive

Interactive

Engage in activities, and communicate with your trainer and peers.

best-trainers

Global Pool of the Best Trainers

We handpick from a global pool of expert trainers for our Online Instructor-led courses.

enterprise

Expertise

With 10+ years of quality, instructor-led training, we equip professionals with lasting skills for success.

global

Global Reach

With classes running in all timezones, access any of our courses and course material from anywhere, anytime.

Unlock your potential with The Knowledge Academy's Certified Chief Information Security Officer Certification, accessible anytime, anywhere on any device. Enjoy 90 days of online course access, extendable upon request, and benefit from the support of our expert trainers. Elevate your skills at your own pace with our Online Self-paced sessions.

What our customers are saying

Certified Chief Information Security Officer Certification FAQs

Please arrive at the venue at 8:45am.
We are able to provide support via phone & email prior to attending, during and after the course.
Delegate pack consisting of course notes and exercises, Manual, Experienced Instructor, and Refreshments
This course is [ ] day(s)
Once your booking has been placed and confirmed, you will receive an email which contains your course location, course overview, pre-course reading material (if required), course agenda and payment receipts
The training fees for Certified Chief Information Security Officer Certificationin the United States starts from $6995
The Knowledge Academy is the Leading global training provider for Certified Chief Information Security Officer Certification.
Show more down

Why choose us

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo
backBack to course information

Get a custom course package

We may not have any package deals available including this course. If you enquire or give us a call on +1 7204454674 and speak to our training experts, we should be able to help you with your requirements.

cross

BIGGEST
BLACK FRIDAY SALE!

red-starWHO WILL BE FUNDING THE COURSE?

close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.