Get a custom course package
We may not have any package deals available including this course. If you enquire or give us a call on +1 7204454674 and speak to our training experts, we should be able to help you with your requirements.
Certified Chief Information Security Officer Certification Overview
Certified Chief Information Security Officer Certification Course Outline
Domain 1: Governance and Risk Management
Module 1: Define, Implement, Manage, and Maintain an Information Security Governance Program
- Form of Business Organisation
- Industry
- Organisational Maturity
Module 2: Information Security Drivers
Module 3: Establishing an Information Security Management Structure
- Organisational Structure
- Where does the CISO fit within the Organisational Structure
- The Executive CISO
- Nonexecutive CISO
Module 4: Laws/Regulations/Standards as Drivers of Organisational Policy/Standards/Procedures
Module 5: Managing an Enterprise Information Security Compliance Program
- Security Policy
- Necessity of a Security Policy
- Security Policy Challenges
- Policy Content
- Types of Policies
- Policy Implementation
- Reporting Structure
- Standards and Best Practices
- Leadership and Ethics
- EC-Council Code of Ethics
Module 6: Introduction to Risk Management
- Organisational Structure
- Where does the CISO fit within the Organisational Structure
- The Executive CISO
- Nonexecutive CISO
Domain 2: Information Security Controls, Compliance, and Audit Management
Module 7: Information Security Controls
- Identifying the Organisation’s Information Security Needs
- Identifying the Optimum Information Security Framework
- Designing Security Controls
- Control Lifecycle Management
- Control Classification
- Control Selection and Implementation
- Control Catalogue
- Control Maturity
- Monitoring Security Controls
- Remediating Control Deficiencies
- Maintaining Security Controls
- Reporting Controls
- Information Security Service Catalogue
Module 8: Compliance Management
- Acts, Laws, and Statutes
- FISMA
- Regulations
- GDPR
- Standards
- ASD—Information Security Manual
- Basel III
- FFIEC
- ISO 00 Family of Standards
- NERC-CIP
- PCI DSS
- NIST Special Publications
- Statement on Standards for Attestation Engagements No. 16 (SSAE 16)
Module 9: Guidelines, Good and Best Practices
- CIS
- OWASP
Module 10: Audit Management
- Audit Expectations and Outcomes
- IS Audit Practices
- ISO/IEC Audit Guidance
- Internal versus External Audits
- Partnering with the Audit Organisation
- Audit Process
- General Audit Standards
- Compliance-Based Audits
- Risk-Based Audits
- Managing and Protecting Audit Documentation
- Performing an Audit
- Evaluating Audit Results and Report
- Remediating Audit Findings
- Leverage GRC Software to Support Audits
Domain 3: Security Program Management & Operations
Module 11: Program Management
- Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
- Security Program Charter
- Security Program Objectives
- Security Program Requirements
- Security Program Stakeholders
- Security Program Strategy Development
- Executing an Information Security Program
- Defining and Developing, Managing and Monitoring the Information Security Program
- Defining an Information Security Program Budget
- Developing an Information Security Program Budget
- Managing an Information Security Program Budget
- Monitoring an Information Security Program Budget
- Defining and Developing Information Security Program Staffing Requirements
- Managing the People of a Security Program
- Resolving Personnel and Teamwork Issues
- Managing Training and Certification of Security Team Members
- Clearly Defined Career Path
- Designing and Implementing a User Awareness Program
- Managing the Architecture and Roadmap of the Security Program
- Information Security Program Architecture
- Information Security Program Roadmap
- Program Management and Governance
- Understanding Project Management Practices
- Identifying and Managing Project Stakeholders
- Measuring the Effectives of Projects
- Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
- Data Backup and Recovery
- Backup Strategy
- ISO BCM Standards
- Business Continuity Management (BCM)
- Disaster Recovery Planning (DRP)
- Continuity of Security Operations
- Integrating the Confidentiality, Integrity and Availability (CIA) Model
- BCM Plan Testing
- DRP Testing
- Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
- Computer Incident Response
- Incident Response Tools
- Incident Response Management
- Incident Response Communications
- Post-Incident Analysis
- Testing Incident Response Procedures
- Digital Forensics
- Crisis Management
- Digital Forensics Life Cycle
Module 12: Operations Management
- Establishing and Operating a Security Operations (SecOps) Capability
- Security Monitoring and Security Information and Event Management (SIEM)
- Event Management
- Incident Response Model
- Developing Specific Incident Response Scenarios
- Threat Management
- Threat Intelligence
- Information Sharing and Analysis Centres (ISAC)
- Vulnerability Management
- Vulnerability Assessments
- Vulnerability Management in Practice
- Penetration Testing
- Security Testing Teams
- Remediation
- Threat Hunting
Module 13: Summary
Domain 4: Information Security Core Competencies
Module 14: Access Control
- Authentication, Authorisation, and Auditing
- Authentication
- Authorisation
- Auditing
- User Access Control Restrictions
- User Access Behaviour Management
- Types of Access Control Models
- Designing an Access Control Plan
- Access Administration
Module 15: Physical Security
- Designing, Implementing, and Managing Physical Security Program
- Physical Risk Assessment
- Physical Location Considerations
- Obstacles and Prevention
- Secure Facility Design
- Security Operations Centre
- Sensitive Compartmented Information Facility
- Digital Forensics Lab
- Datacentre
- Preparing for Physical Security Audits
Module 16: Network Security
- Network Security Assessments and Planning
- Network Security Architecture Challenges
- Network Security Design
- Network Standards, Protocols, and Controls
- Network Security Standards
- Protocols
Module 17: Certified Chief
- Network Security Controls
- Wireless (Wi-Fi) Security
- Wireless Risks
- Wireless Controls
- Voice over IP Security
Module 18: Endpoint Protection
- Endpoint Threats
- Endpoint Vulnerabilities
- End User Security Awareness
- Endpoint Device Hardening
- Endpoint Device Logging
- Mobile Device Security
- Mobile Device Risks
- Mobile Device Security Controls
- Internet of Things Security (IoT)
- Protecting IoT Devices
Module 19: Application Security
- Secure SDLC Model
- Separation of Development, Test, and Production Environments
- Application Security Testing Approaches
- DevSecOps
- Waterfall Methodology and Security
- Agile Methodology and Security
- Other Application Development Approaches
- Application Hardening
- Application Security Technologies
- Version Control and Patch Management
- Database Security
- Database Hardening
- Secure Coding Practices
Module 20: Encryption Technologies
- Encryption and Decryption
- Cryptosystems
- Blockchain
- Digital Signatures and Certificates
- PKI
- Key Management
- Hashing
- Encryption Algorithms
- Encryption Strategy Development
- Determining Critical Data Location and Type
- Deciding What to Encrypt
- Determining Encryption Requirements
- Selecting, Integrating, and Managing Encryption Technologies
Module 21: Virtualisation Security
- Virtualisation Overview
- Virtualisation Risks
- Virtualisation Security Concerns
- Virtualisation Security Controls
- Virtualisation Security Reference Model
Module 22: Cloud Computing Security
- Overview of Cloud Computing
- Security and Resiliency Cloud Services
- Cloud Security Concerns
- Cloud Security Controls
- Cloud Computing Protection Considerations
Module 23: Transformative Technologies
- Artificial Intelligence
- Augmented Reality
- Autonomous SOC
- Dynamic Deception
- Software-Defined Cybersecurity
Domain 5: Strategic Planning, Finance, Procurement and Vendor Management
Module 24: Strategic Planning
- Understanding the Organisation
- Understanding the Business Structure
- Determining and Aligning Business and Information Security Goals
- Identifying Key Sponsors, Stakeholders, and Influencers
- Understanding Organisational Financials
- Creating an Information Security Strategic Plan
- Strategic Planning Basics
- Alignment to Organisational Strategy and Goals
- Defining Tactical Short, Medium, and Long-Term Information Security Goals
- Information Security Strategy Communication
- Creating a Culture of Security
Module 25: Designing, Developing, and Maintaining an Enterprise Information Security Program
- Ensuring a Sound Program Foundation
- Architectural Views
- Creating Measurements and Metrics
- Balanced Scorecard
- Continuous Monitoring and Reporting Outcomes
- Continuous Improvement
- Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)
Module 26: Understanding the Enterprise Architecture (EA)
- EA Types
- The Zachman Framework
- The Open Group Architecture Framework (TOGAF)
- Sherwood Applied Business Security Architecture (SABSA)
- Federal Enterprise Architecture Framework (FEAF)
Module 27: Finance
- Understanding Security Program Funding
- Analysing, Forecasting, and Developing a Security Budget
- Resource Requirements
- Define Financial Metrics
- Technology Refresh
- New Project Funding
- Contingency Funding
- Managing the information Security Budget
- Obtain Financial Resources
- Allocate Financial Resources
- Monitor and Oversight of Information Security Budget
- Report Metrics to Sponsors and Stakeholders
- Balancing the Information Security Budget
Module 28: Procurement
- Procurement Program Terms and Concepts
- Statement of Objectives (SOO)
- Statement of Work (SOW)
- Total Cost of Ownership (TCO)
- Request for Information (RFI)
- Request for Proposal (RFP)
- Master Service Agreement (MSA)
- Service Level Agreement (SLA)
- Terms and Conditions (T&C)
- Understanding the Organisation’s Procurement Program
- Internal Policies, Processes, and Requirements
- External or Regulatory Requirements
- Local Versus Global Requirements
- Procurement Risk Management
- Standard Contract Language
Module 29: Vendor Management
- Understanding the Organisation’s Acquisition Policies and Procedures
- Procurement Life cycle
- Applying Cost-Benefit Analysis (CBA) During the Procurement Process
- Vendor Management Policies
- Contract Administration Policies
- Service and Contract Delivery Metrics
- Contract Delivery Reporting
- Change Requests
- Contract Renewal
- Contract Closure
- Delivery Assurance
- Validation of Meeting Contractual Requirements
- Formal Delivery Audits
- Periodic Random Delivery Audits
- Third-Party Attestation Services (TPRM)
Who should attend this Certified Chief Information Security Officer Certification?
This CCISO Training is tailored for experienced professionals aiming to elevate their careers by leading cybersecurity strategies at an organisational level. It's ideal for those looking to gain a comprehensive understanding of the complexities of information security management and governance. It is particularly beneficial for:
- Chief Information Security Officers
- IT Directors
- Security Analysts
- Network Architects
- Security Architects
- Senior IT Managers
- Compliance Officers
Prerequisites of the Certified Chief Information Security Officer Certification
To attend the CCISO Training, delegates should meet the following prerequisites:
- Professional Experience: Delegates must have five years of experience in three of the five CCISO Domains:
- Governance, Risk, Compliance
- Information Security Controls and Audit Management
- Security Program Management & Operations
- Information Security Core Competencies
- Strategic Planning, Finance, Procurement, and Third-Party Management
- Educational Background: A bachelor's degree or higher in Information Technology, Computer Science, or a related field is highly recommended, though extensive relevant experience may substitute for formal education in some cases.
Certified Chief Information Security Officer Course Overview
The role of a Chief Information Security Officer (CISO) is pivotal in shaping the cybersecurity landscape of modern enterprises. As cyber threats evolve in complexity and scale, the need for strategic and knowledgeable leadership in the field of information security has never been more critical. The Certified Chief Information Security Officer Training Course equips professionals with the necessary skills to assume top-tier security roles within organisations.
Understanding the full scope of information security management is essential for those who protect organisations from cyber threats. The CCISO Course is designed for senior-level professionals committed to advancing their expertise in cybersecurity management, strategy, and governance. It's particularly crucial for those aspiring to leadership roles where they will dictate security policies and frameworks.
This 5-day Certified Chief Information Security Officer Course provided by The Knowledge Academy offers intensive, focused instruction that prepares delegates for high-stakes roles in cybersecurity leadership. Delegates will gain insights into the latest security challenges and best practices, enhancing their strategic decision-making and leadership capabilities in information security, all condensed into an efficient one-day format.
Course Objectives
- To deepen understanding of strategic cybersecurity leadership
- To master governance, risk management, and compliance
- To develop skills for managing robust security programs
- To apply strategies in real-world scenarios
- To prepare for senior roles and certification success
Upon completion of the Certified Chief Information Security Officer Course, delegates will have acquired the strategic insights and practical tools necessary for leading complex security initiatives. They will be better positioned to influence their organisations' security strategies and contribute effectively at the highest levels of leadership.
What’s included in this Certified Chief Information Security Officer Certification?
- Certified Chief Information Security Officer Exam
- World-Class Training Sessions from Experienced Instructors
- CCISO Certification
- Digital Delegate Pack
Certified Chief Information Security Officer Certification Exam Information
The CCISO Exam assesses a candidate knowledge and skills in areas crucial for a Chief Information Security Officer. It is designed to validate comprehensive leadership abilities in managing an organisation’s information security.
Eligibility requirements: Candidates can sit for the CCISO Exam without training if they have five years of experience in each of the five CCISO domains. Alternatively, those who opt for training must have five years of experience in three of the five domains.
- Question Type: Multiple-Choice
- Total Questions: 150
- Pass Marks: 60%
- Duration: 2.5 Hours
- Exam Mode: ECC Exam Portal
Why choose us
Ways to take this course
Experience live, interactive learning from home with The Knowledge Academy's Online Instructor-led Certified Chief Information Security Officer Certification. Engage directly with expert instructors, mirroring the classroom schedule for a comprehensive learning journey. Enjoy the convenience of virtual learning without compromising on the quality of interaction.
Live classes
Join a scheduled class with a live instructor and other delegates.
Interactive
Engage in activities, and communicate with your trainer and peers.
Global Pool of the Best Trainers
We handpick from a global pool of expert trainers for our Online Instructor-led courses.
Expertise
With 10+ years of quality, instructor-led training, we equip professionals with lasting skills for success.
Global Reach
With classes running in all timezones, access any of our courses and course material from anywhere, anytime.
Unlock your potential with The Knowledge Academy's Certified Chief Information Security Officer Certification, accessible anytime, anywhere on any device. Enjoy 90 days of online course access, extendable upon request, and benefit from the support of our expert trainers. Elevate your skills at your own pace with our Online Self-paced sessions.
What our customers are saying
Certified Chief Information Security Officer Certification FAQs
Please arrive at the venue at 8:45am.
We are able to provide support via phone & email prior to attending, during and after the course.
Delegate pack consisting of course notes and exercises, Manual, Experienced Instructor, and Refreshments
This course is [ ] day(s)
Once your booking has been placed and confirmed, you will receive an email which contains your course location, course overview, pre-course reading material (if required), course agenda and payment receipts
The training fees for Certified Chief Information Security Officer Certificationin the United States starts from $6995
The Knowledge Academy is the Leading global training provider for Certified Chief Information Security Officer Certification.
Please see our EC – Council Certification Training courses available in the United States
Why choose us
Best price in the industry
You won't find better value in the marketplace. If you do find a lower price, we will beat it.
Many delivery methods
Flexible delivery methods are available depending on your learning style.
High quality resources
Resources are included for a comprehensive learning experience.
"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"
Joshua Davies, Thames Water
Related courses
Certified Chief Information Security Officer Certification in United States
Washington D.C.
AtlantaNew YorkHoustonDallasDenverSeattleLos AngelesChicagoSan FranciscoPhiladelphiaSan DiegoPhoenixBostonAustinDetroitSan JoseTampaColorado SpringsPortlandSacramentoMinneapolisSan AntonioIrvineLas VegasMiamiBellevuePittsburghBaltimoreFairfaxOrlandoRaleighSalt Lake CityColumbusOklahoma CityNashvilleCharlestonColumbiaClevelandCincinnatiMemphisRichmondVirginia BeachLouisvilleFort LauderdaleIndianapolisDes MoinesGrand RapidsNew OrleansWichitaCharlotteHartfordNew JerseyAnchorageOmahaHonoluluAlbuquerqueBaton RougeIowa CityAlbany, NYBoiseMilwaukeeTucsonKansas CitySt LouisJacksonville
AtlantaNew YorkHoustonDallasDenverSeattleLos AngelesChicagoSan FranciscoPhiladelphiaSan DiegoPhoenixBostonAustinDetroitSan JoseTampaColorado SpringsPortlandSacramentoMinneapolisSan AntonioIrvineLas VegasMiamiBellevuePittsburghBaltimoreFairfaxOrlandoRaleighSalt Lake CityColumbusOklahoma CityNashvilleCharlestonColumbiaClevelandCincinnatiMemphisRichmondVirginia BeachLouisvilleFort LauderdaleIndianapolisDes MoinesGrand RapidsNew OrleansWichitaCharlotteHartfordNew JerseyAnchorageOmahaHonoluluAlbuquerqueBaton RougeIowa CityAlbany, NYBoiseMilwaukeeTucsonKansas CitySt LouisJacksonville 
Back to course information
Limited budget?
To help and support our clients we are providing a limited number of 250 daily discount codes. Hurry, first come, first served!
If you miss out, enquire to get yourself on the waiting list for the next day!
If you wish to make any changes to your course, please
