EC-Council, Cyber Security

Certified Chief Information Security Officer (inclusive of certification exam voucher)

CH-CCISO

Type

Virtual

Classroom ILT

Skill Level

EC-Council: Advanced

Available dates

June 24, 2024

August 26, 2024

Learning Path

Cybersecurity

Virtual

Duration

5 Days

1 Day

TYPE

Virtual

Classroom ILT

LEARNING PATH

Cybersecurity

SKILL LEVEL

EC-Council: Advanced

DURATION

5 Days

AVAILABLE DATES

June 24, 2024

August 26, 2024

Choose date

R36 900,00

Price excluding VAT

Introduction

The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavour to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.

The globally renowned Chief Certified Information Security Officer (CCISO) program, spearheaded by EC-Council, has truly revolutionized the capabilities of senior information security professionals worldwide. With unwavering dedication, EC Council harnessed the collective wisdom of a select group of esteemed senior information security executives within our esteemed CCISO Advisory Board. This exceptional panel of seasoned professionals meticulously crafted the program’s bedrock, delineating the comprehensive content encapsulated in the CCISO exam, the body of knowledge, and the training program. Through them invaluable expertise, EC-Council has empowered countless CISOs to excel in the realm of information security.

Professional experience is required for entry into this certification program. Candidates must meet the basic CCISO requirements to take the certification examination.

Audience profile

This course is best suited for professionals who aspire to attain the highest regarded title within the information security profession – Certified Chief Information Security Officer.

CCISOs (Certified Chief Information Security Officer) are certified in the knowledge of and experience in the following CISO Domains:

Governance, Risk, Compliance
Information Security Controls and Audit Management
Security Program Management & Operations
Information Security Core Competencies
Strategic Planning, Finance, Procurement, and Third-Party Management

Pre-requisites

There are no formal prerequisites to sit on the course, however, there are prerequisites to be met when taking the CCISO exam.

There are Five CCISO Domains, of which candidates must provide proof that they have 5 years of experience in at least 3 of the 5 domains:

A training course is required is a candidate has 5 years of experience in 3 or 4 of the CCISO domains.

If the candidate has 5 years of experience in all 5 domains the training course is not required.

Experience waivers are available for some industry-accepted credentials and higher education within the field of information security. Waivers can be used for a maximum of 3 years of experience for each domain.

Domain	Experience Waivers
Governance and Risk Management	PhD in information security (3 years)
	Master of Science in information security management or information security engineering (2 years)
	Bachelor of Science in information security (2 years)
Information security controls, compliance, and audit management	PhD in information security (3 years)
	Master of Science in information security management or information security engineering (2 years)
	Bachelor of Science in information security (2 years)
Security program management and operations	PhD in information security (3 years)
	Master of Science in information security or Project Management (2 years)
	Bachelor of Science in information security (2 years)
Information security core competencies	PhD in information security (3 years)
	Master of Science in information security (2 years)
	Bachelor of Science in Information security (2 years)
Strategic planning, finance, procurement, and vendor management	Certified Public Accountant (CPA) license, Master of Business Administration, or Master of Science in finance (3 years)

Course objectives

Upon completing this course, the learner will be able to:

Define, implement, manage, and maintain an information security governance program that includes leadership, organisational structures, and processes.
Establish information security management structure
Assess the major enterprise risk factors for compliance
Design and develop a program to monitor firewalls and identify firewall configuration issues
Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools
Deploy and manage anti-virus systems
Understand various system-engineering practices
Identify the volatile and persistent system information
Develop and manage an organisational digital forensic program
Identify the best practices to acquire, store and process digital evidence
Define key performance indicators and measure effectiveness on continuous basis
Allocate financial resources to projects, processes and units within information security program
Identify and report financial metrics to stakeholders.
Design vendor selection process and management policy

Course content

Module 1: Governance (Policy, Legal & compliance)
Topic A: Define, Implement, Manage, and Maintain an Information Security Governance Program
Form of Business Organisation	Organisation Maturity
Industry
Topic B: Information Security Drivers
Security Roles & Responsibilities	Security Management & Operations
Security Standards, Guidelines & Frameworks	Business Resilience
Risk Management	Training & Awareness
Technical Security Architecture	Security Metrics & Reporting
Asset Classification & Management	Information Security Governance
Information Security Compliance
Topic C: Establishing an information security management structure
Organisational Structure	The Executive CISO
Where does the CISO fit within the organisational structure?	Non-executive CISO
Topic D: Laws/Regulations/Standards as drivers of Organisational Policy/Standards/Procedures
NIST Risk Management Guidance	NIST RMF
Topic E: Managing an enterprise information security compliance program
Security Policy: Necessity of a Security Policy Security Policy Challenges	Policy Content: Types of Policies Policy Implementation
Reporting Structure	Leadership and Ethics
Standards and best practices	EC-Council Code of Ethics
Topic F: Risk Management
The Essential of Risk Management
Topic G: Risk mitigation, risk treatment, and acceptable risk
Risk Treatment	Risk Categories
Risk Treatment Option	Risk Avoidance or Elimination
Risk Modification or Mitigation	Risk Sharing or Transfer
Risk Retention or Acceptance
Topic H: Risk Management Frameworks
ISO 27005	Risk Feedback
Context Establishment	Risk Monitoring and Review
Risk Assessment	Risk Communication and Consultation
Risk Assessment ISO 27005 Section 8	Risk Acceptance
Risk Treatment
Topic I: NIST
NIST Risk Management and Assessment	NIST RISK Assessment Process
NIST Risk Management Hierarchy
Topic J: Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
ISO 31000	Factor Analysis of Information Risk (FAIR)
Threat Agent Risk Assessment (TARA)	COBIT Risk Management
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro	ITIL Risk Management
Topic K: Risk management plan implementation
Context Establishment	Risk Analysis
Risk Assessment: Risk Identification	Risk Evaluation
Risk Treatment: Risk Modification	Risk Avoidance
Risk Treatment: Risk Retention	Risk Sharing
Risk Acceptance	Residual Risk
Risk Management Feedback Loops: Risk Communication and Consultation	Risk Monitoring and Review
Topic L: On-going third-party risk management
Ongoing Risk Management	Disposition: Type of Sanitization
Topic M: Risk Management policies and processes
Module 2: Security Risk Management, Controls, & Audit Management
Topic A: Information Security Controls
Identifying the Organisation’s Information Security Needs: Identifying the Optimum Information Security Framework Designing Security Controls Control Lifecycle Management Control Classification Control Selection and	Implementation Control Catalogue Control Maturity Monitoring Security Controls Remediating Control Deficiencies Maintaining Security Controls Reporting Controls Information Security Service Catalogue
Topic B: Compliance Management
Acts, Laws and Statutes	Standards
Regulations
Topic C: Guidelines, Good/Best Practices
CIS
Topic D: Audit Management
Audit Expectations and Outcomes	IS Audit Practices
Module 3: Security Program Management and Operations
Topic A: Program Management
Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies: Security Program Charter Security Program Objectives	Security Program Requirements Security Program Stakeholders Security Program Strategy Development
ISO BCM Standards: Business Continuity Management (BCM) Disaster Recovery Planning (DRP)	Continuity of Security Operations: Integrating the Confidentiality, Integrity and Availability (CIA) Model
Defining and Developing, Managing and Monitoring the Information Security Program: Defining an Information Security Program Budget	Developing an Information Security Program Budget Managing an Information Security Program Budget Monitoring an Information Security Program Budget
Defining and Developing Information Security Program Staffing Requirements	Executing an Information Security Program
Managing the People of a Security Program Resolving Personnel and Teamwork Issues Managing Training and Certification of Security Team Members Clearly Defined Career Path Designing and Implementing a User Awareness Program	Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
Managing the Architecture and Roadmap of the Security Program Information Security Program Architecture Information Security Program Roadmap	Computer Incident Response Incident Response Tools Incident Response Management Incident Response Communications Post-Incident Analysis Testing Incident Response Procedures
Program Management and Governance Understanding Project Management Practices and Controls	Identifying and Managing Project Stakeholders Measuring the Effectives of Projects
Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)	Digital Forensics Crisis Management Digital Forensics Life Cycle
Data Backup and Recovery	BCM Plan Testing
Backup Strategy	DRP Testing
Topic B: Operations Management
Establishing and Operating a Security Operations (SecOps) Capability	Threat Intelligence: Information Sharing and Analysis Centers (ISAC)
Vulnerability Management: Vulnerability Assessments Vulnerability Management in Practice	Penetration Testing Security Testing Teams Remediation
Event Management	Threat Hunting
Incident Response Model Developing Specific Incident Response Scenarios	Security Monitoring and Security Information and Event Management (SIEM)
Threat Management
Module 4: Information Security Core Concepts
Topic A: Access Control
Authentication, Authorization, and Auditing	Types of Access Control Models
Authentication	Designing an Access Controls Plan
Authorization	Access Administration
Auditing	User Access Behaviour Management
User Access Control Restrictions
Topic B: Physical Security
Secure Facility Design: Security Operations Center Sensitive Compartmented Information Facility	Digital Forensics Lab Datacentre
Physical Location Considerations	Preparing for Physical Security Audits
Designing, Implementing, and Managing Physical Security Program: Physical Risk Assessment	Obstacles and Prevention
Topic C: Network Security
Wireless (Wi-Fi) Security: Wireless Risks	Wireless Controls
Network Security Architecture Challenges	Voice over IP Security
Network Security Design	Network Security Assessments and Planning
Network Standards, Protocols, and Controls: Network Security Standards	Protocols Network Security Controls
Topic D: Endpoint Protection
Endpoint Threats	Endpoint Device Logging
Endpoint Vulnerabilities	End User Security
Internet of Things Security: Protecting IoT (Internet of Things) Devices	Endpoint Device Hardening
Mobile Device Security: Mobile Device Risks	Mobile Device Security Controls
Topic E: Application Security
Secure SDLC (Systems Development Life Cycle) Model	Separation of Development, Test, and Production Environments
Application Security Testing Approach	DevSecOps
Waterfall Methodology and Security	Agile Methodology and Security
Other Application Development Approaches	Application Hardening
Application Security Technologies	Version Control and Patch Management
Database Security	Database Hardening
Secure Coding Practices
Topic G: Encryption Technologies
Encryption and decryption	Hashing
Cryptosystems: Blockchain Digital Signatures and Certificates	PKI (Public Key Infrastructure) Key Management
Encryption Strategy Development: Determining Critical Data Location and Type Deciding What to Encrypt	Determining Encryption Requirements Selecting, Integrating, and Managing Encryption Technologies
Encryption Algorithms
Topic H: Virtualization Security
Virtualization Overview	Virtualization Security Controls
Virtualization Risks	Virtualization Security Reference Model
Virtualization Security Concerns
Topic I: Cloud Computing Security
Overview of Cloud Computing	Cloud Security Controls
Security and Resiliency Cloud Services	Cloud Computing Protection Consideration
Cloud Security Concerns
Topic J: Transformative Technologies
Artificial Intelligence	Dynamic Deception
Augmented Reality	Software-Defined Cybersecurity
Autonomous SOC (Security Operations Center)
Module 5: Strategic Planning, Finance, Procurement and Vendor Management
Topic A: Strategic Planning
Understanding the Organisation: Understanding the Business Structure Determining and Aligning Business and Information Security Goals	Identifying Key Sponsors, Stakeholders, and Influencers Understanding Organisational Financials
Creating an Information Security Strategy Plan: Strategic Planning Basics Alignment to Organisational Strategy and Goals	Defining Tactical Short, Medium, and Long-Term Information Security Goals Information Security Strategy Communication Creating a Culture of Security
Topic B: Designing, Developing, and Maintaining an Enterprise Information Security Program
Ensuring a Sound Program Foundation	Continuous Monitoring and Reporting Outcomes
Architectural Views	Continuous Improvement
Creating Measurements and Metrics	Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)
Balanced Scorecards
Topic C: Understanding the Enterprise Architecture (EA)
EA Types: The Zachman Framework: The Open Group Architecture Framework (TOGAF)	Sherwood Applied Business Security Architecture (SABSA) Federal Enterprise Architecture Framework (FEAF)
Topic D: Finance
Analysing, Forecasting, and Developing a Security Budget: Resource Requirements Define Financial Metrics	Technology Refresh New Project Fund Contingency Funding
Managing the information Security Budget: Obtain Financial Resources Allocate Financial Resources	Monitor and Oversight of Information Security Budget Report Metrics to Sponsors and Stakeholders Balancing the Information Security Budget
Understanding Security Program Funding
Topic E: Vendor Management
Understanding the Organisation’s Acquisition Policies and Procedures: Procurement Life cycle	Applying Cost-Benefit Analysis (CBA) During the Procurement Process
Contract Administration Policies: Service and Contract Delivery Metrics Contract Delivery Reporting	Change Requests Contract Renewal Contract Closure
Delivery Assurance: Validation of Meeting Contractual Requirements Formal Delivery Audits	Periodic Random Delivery Audits Third-Party Attestation Services (TPRM)
Vendor Management Policies

Associated certifications and exam

The exam focuses on scenario-based questions that require applicants to apply their real-world experience to answer the questions successfully. To that end, to qualify to sit for the CCISO Exam, applicants must be approved by EC-Council to verify that they have at least five years of information security management experience in each of the five CCISO domains. Applicants with experience in three or less of the CCISO domains must first complete an Exam Eligibility Application and submit this to EC-Council for approval before attempting the exam

– Exam Eligibility Application.

Upon passing the CCISO exam, candidates will receive their CCISO certificate and associated community privileges. The CCISO certification is valid for 3 years from the date of issuance. After 3 years, members must adhere to the certification renewal policy as outlined in the EC-Council Continuing Education (ECE) requirements.

CCISO Associate Exam Program

Candidates who do not meet 5 years of experience in 3 of the CCISO domains but have 2 or more years of experience in at least 1 domain (or currently hold any one of the CISSP, CISM, and CISA certifications) can participate in the Associate CCISO program. Candidates participating in the Associate CCISO will have the opportunity to attend the same training as our CCISO candidates and learn the job requirements of a security executive so they can plan their careers to meet their career goals of security industry leadership. CCISO training is mandatory for all Associate CCISO candidates prior to taking the Associate CCISO examination.

Exam Details	CCISO Exam	Associate CCISO Exam
Exam Title	EC-Council Certified Chief Information Security Officer (CCISO)	EC-Council Associate CCISO Certification
Number of Questions/Practical Challenges	150 Questions	150 Questions
Test Duration	2.5 Hours	2 Hours
Test Format	Scenario-based multiple-choice questions	Multiple- choice questions
Test Delivery	ECC EXAM portal
Availability
Exam Prefix	712-50 (ECC Exam)
Passing Score	60% – 85%, depending on the exam form	70%

On successful completion of this course students will receive a Torque IT attendance certificate

Note:

When you attend any authorised EC Council training course at Torque IT you will receive the associated examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorised EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your examination voucher into a Pearson VUE examination voucher (Remote Procuring Services), at an additional cost.

EC-Council Overview

To beat a hacker, you need to think like one…

Ethical Hacking is the process of proactively penetrating systems, to which one has official permission to do so, with a view to determining whether vulnerabilities exist and then to undertake the necessary preventive, corrective, and protective countermeasures before an actual compromise to the systems can occur.

Torque IT’s authorised EC-Council training, and associated certification, solutions empower you to identify vulnerabilities and to assess the security posture of target systems. EC-Council certifications are universally recognised as demonstrating a high level of expertise and credibility for individuals and the organisations that employ them.

Torque IT being an EC-Council Accredited Training Center (ATC) has been the recipient of EC-Council’s most prestigious ATC of the year awards for 2016, 2014 and EC-Council’s Circle of Excellence Awards for 2015.

These achievements reflect our commitment to providing you with quality skills development, enablement, training, and certification solutions that demonstrate exceptional quality, depth and breadth.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Certified Chief Information Security Officer (inclusive of certification exam voucher)

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

EC-Council Overview

contact

Vendor
Authorised

Details

Menu

newsletter

Certified Chief Information Security Officer (inclusive of certification exam voucher)

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

EC-Council Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised