Certified Chief Information Security Officer (inclusive of certification exam voucher)

Name: Certified Chief Information Security Officer (inclusive of certification exam voucher) | Torque IT - Future Fit Skills Today!
Price: 36900.00 ZAR
Availability: InStock

CH-CCISO

Type

Virtual

Classroom ILT

Skill Level

EC-Council: Advanced

Available dates

Learning Path

Cybersecurity

Virtual

Duration

5 Days

1 Day

TYPE

Virtual

Classroom ILT

LEARNING PATH

Cybersecurity

SKILL LEVEL

EC-Council: Advanced

DURATION

5 Days

AVAILABLE DATES

Available on request.

For more information click on button below

Introduction:

The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavours to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Audience profile:

This course is best suited for professionals who aspire to attain the highest regarded title within the information security profession – Certified Chief Information Security Officer.

Pre-requisites:

There are no formal prerequisites to sit on the course however there are prerequisites to be met when taking the CCISO exam.

Upon completing this course, the learner will be able to:

Define, implement, and manage an information security governance program that includes leadership, organizational structures and processes.
Establish information security management structure.
Assess the major enterprise risk factors for compliance.
Design and develop a program to monitor firewalls and identify firewall configuration issues.
Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools.
Deploy and manage anti-virus systems.
Understand various system-engineering practices.
Identify the volatile and persistent system information.
Develop and manage an organizational digital forensic program.
Identify the best practices to acquire, store and process digital evidence.
Define key performance indicators and measure effectiveness on continuous basis.
Allocate financial resources to projects, processes and units within information security program.
Identify and report financial metrics to stakeholders.
Design vendor selection process and management policy.

Domain 1: Governance (Policy, Legal & compliance) Session 1: Definitions
Governance	Privacy
Compliance	Risk Management
Session 2: Information Security Management Program
Security Roles & Responsibilities	Security Management & Operations
Security Standards, Guidelines & Frameworks	Business Resilience
Risk Management	Training & Awareness
Technical Security Architecture	Security Metrics & Reporting
Asset Classification & Management	Information Security Governance
Information Security Compliance
Session 3: Information Security Laws, Regulations & Guidelines
Broadly Applicable Laws and Regulations	Key State Regulations
Industry-Specific Regulations and Guidelines	International Laws
Session 4: Privacy Laws
Data Breach Disclosure Laws	International Privacy Laws
Security Breach Notification Law Components
Domain 2 –IS Management Controls and Auditing Session 5: Design, Deploy, and Manage Security Controls in Alignment with Business Goals, Risk Tolerance, and Policies and Standards
Information Security Risk Management	Context Establishment
Session 6: Information Security Risk Assessment
Risk Identification	Risk Evaluation
Risk Analysis
Session 7: Risk Treatment
Risk Modification	Risk Avoidance
Risk Retention	Risk Sharing
Session 8: Residual Risk
Session 9: Risk Acceptance
Session 10: Risk Management Feedback Loops
Risk Communication and Consultation	Risk Monitoring and Review
Session 11: Business Goals
COBIT 4.1 PO1.2 Business IT-Alignment	COBIT 5.0 AP002 Manage Strategy
Session 12: Risk Tolerance
Session 13: Policies and Standards
Session 14: Understanding Security Controls Types and Objectives: Management Controls, Technical Controls, Policy and Procedural Controls, Organization Controls, and more
Introduction	Reliance upon controls
What the control does	Choosing controls
How the control is performed	Common Types of Controls on controls.
Session 15: Implement Control Assurance Framework to: Define Key Performance Metrics (KPIs), Measure and Monitor Control Effectiveness, and Automate Controls
Session 16: COBIT (Control Objectives for Information and Related Technology)
Session 17: BAI06 Manage Changes
Domain	Goals and Metrics
Process Description	RACI Chart
Process Purpose Statement	Process Practices, Inputs/Outputs, and Activities
Session 18: COBIT 4.1 vs. COBIT 5
Session 19: ISO 27001/27002
Change Management
Session 20: Automate Controls
Session 21 : Wrap-up
Session 22 : Understanding the Audit Management Process
Let’s begin by defining what an audit is.	Audit management standards and best practices (COBIT, etc.)
Risk Assessment of Ineffective or Missing Controls	Analysis and Interpretation of Audit Reports
Monitor Effectiveness of Remediation Efforts	Formulation of Remediation Plans
Reporting Process to Business Stakeholders
Session : 23 Conclusion
Domain 3: Management – Projects & Operations Session 24: The Role of the CISO
Assessing	Designing
Planning	Executing
Metrics and Reporting
Session 25: Information Security Projects
Alignment with Business Goals	Alignment with Risk Tolerance
Identification of Project Stakeholders	Infosec Project Execution Best Practices
Session 26: Security Operations Management
Staff Functions and Skills	Vendor Management
Communication Planning	Accountability
Integration of Security Requirements into Other Operational Processes
Domain 4: Information Security Core Competencies Session 27: Access Control
Access Control Design	Authentication Principles
Types of Access Control	Authorization Principles
Access Administration
Session 28: Physical Security
Physical Risk Analysis	Physical Security Audits
Facility Design Considerations	Monitoring of Physical Security Controls
Guards	Physical Mobile Security
Personnel Security
Session 29: Disaster Recovery
Disaster Recovery vs. Business Continuity	Business Impact Analysis
Risk Appetite	Disaster Recovery Facilities
Project Charters, Scope, Work Plans	Disaster Recovery Testing
Data Backup and Recovery Solutions	Crisis Management
Session 30: Network Security
Plans, Standards, and Best Practices	Wireless Network Security
Network Planning	Securing the Network
Network Intrusion Detection and Intrusion Prevention	Voice-over-IP (VoIP) Security
Network Access Control (NAC)	Network Architecture Models
Virtual Private Networks (VPN)	Network Standards and Protocols
Session 31: Threat and Vulnerability Management
Human Threats	Vulnerability Scanning
Environmental/Physical Threats	Penetration Testing
Technical Threats	Social Engineering
Natural Threats	Human Social Engineering
Vulnerability Management	Computer-based Social Engineering
Monitoring and Alerting	Social Media Countermeasures
Patch Management
Session 32: Application Security
Systems Development Life Cycle (SDLC) Practices	Dynamic and Static Application Security Testing
Phases of the Systems Development Life Cycle (SDLC)	Change Management
Top-10 Application Vulnerabilities	Other SDLC Considerations
Separation of Production, Development, and Test Environments
Session 33: Systems Security
Plans	Vulnerability Assessment
Best Practices	Configuration Management
OS Hardening	Asset Management
Application Hardening	Change Control
Database Hardening	Logging
Session 34: Encryption
Encryption Algorithms	Secure Sockets Layer/Transport Layer Security
Digital Signatures	Security Protocols
Public Key Infrastructure
Session 35: Computer Forensics and Incident Response
Development of Incident Response Procedures	Computer Forensics Process
Responsibilities and Escalation Processes	Chain of Custody
Testing Incident Response Procedures	Collecting and Preserving Digital Evidence
Coordination with Law Enforcement and Other External Entities
Domain 5: Strategic Planning & Finance Session 36: Alignment with Business Goals and Risk Tolerance
Compliance as Security	Ethics
Session 37: Relationship between Security, Compliance, & Privacy
Session 38: Leadership
Visibility & Accessibility	How Are Teams Most Effective?
Intimacy	Effective Team Characteristics
Responsibility	Common Misconceptions about Teams
Accountability	Dysfunctional Teams
Education, Mentoring, and Guidance	Key Elements of High Performance Teams
Team Building
Session 39: Enterprise Information Security Architecture (EISA) Models, Frameworks and Standards
EISA Goals	Cap Gemini’s Integrated Architecture Framework
EISA Methodology	UK Ministry of Defense (MOD) Architecture Framework (MODAF)
SABSA	Zachman Framework
US Department of Defense (DoD) Architecture Framework (DoDAF)	The Open Group Architecture Framework (TOGAF)
Federal Enterprise Architecture
Session 40: Emerging Trends in Security
Inevitability of Breach	Philosophy Clash
Getting Integrated	Big Data, Big Threats
Control Systems	Cloud Computing Security
Consumerization	Social Media
Mobile Devices in the Enterprise	Hacktivism
Ransomware	Advanced Persistent Threat
Session 41: It’s all about the Data (Stradley 2009)
The Need to Protect Data and Information	Technology Controls to Protect Data and Information
How Data Leaks Occur	The DRM –DLP Conundrum
How to Protect Against Data Leaks	Reducing the Risk of Data Loss
Key Performance Indicators (KPI)
Session 42: Systems Certification and Accreditation Process
PHASE 1:PRECERTIFICATION	PHASE 4: SECURITY ACCREDITATION
PHASE 2: INITIATION	PHASE 5: MAINTENANCE
PHASE 3: SECURITY CERTIFICATION	PHASE 6: DISPOSITION
Session 43: Resource Planning
Full-time Employees	Consulting Firms
Operationalize Security Resources	Outsourcing
Staff Augmentation	How to proceed?
Session 44: Financial Planning
Development of Business Cases for Security	Analyze, forecast and Develop Operating Expense Budget
Long Term Planning –Road Map	Return on Investment (ROI) and Cost-Benefit Analysis
Analyze, Forecast And Develop Capital Expense Budget
Session 45: Procurement
Solution Selection	Technology acquisition lifecycle
Session 46: Vendor Management
Pre Sales	Vendor Management Office
Post Sales
Session 47: Request for Proposal (RFP) Process
Competitive Environment	Demonstrate the Importance of the Transition Period
Accentuate the Positive Aspects of the Deal	Clearly Define the Solution Being Procured
Tell the Vendors What You Hope to Achieve	Enable the Objective Evaluation of Vendor Responses
Provide Opportunity for the Vendors to Differentiate Themselves	Achieve the Optimal Terms, Conditions, and Pricing in the Competitive Environment
Ensure the Vendors Understand The Overall Environment	Develop a Robust RFP
Session 48: Integrate Security Requirements into the Contractual Agreement and Procurement Process
Section 1 –Definitions	Section 6 – Return or Destruction of Personal Information
Section 2 – Standard of Care	Section 7 – Equitable Relief
Section 3 – Restrictions on Disclosure to Third Parties	Section 8 Material Breach
Section 4 – Security Breach Procedures	Section 9 Indemnification
Section 5 – Oversight of Security Compliance
Session 49: Statement of Work
Session 50: Service Level Agreements-What is an SLA?
Why are SLAs needed?	Verification of Service Levels
Who Provides the SLA?	Monitoring of Metrics
What’s in an SLA?	Metrics Selection
What Are Key Components of an SLA?	When Should We Review our SLAs
Indemnification	Is an SLA Transferable?

Associated certifications and exam:

The exam focuses on scenario-based questions that require applicants to apply their real-world experience in order to answer the questions successfully. To that end, in order to qualify to sit for the CCISO Exam, applicants must be approved by EC-Council in order to verify that they have at least five years of information security management experience in each of the five CCISO domains. Applicants with experience in three or less of the CCISO domains must first complete an Exam Eligibility Application and submit this to EC-Council for approval before attempting the exam – Exam Eligibility Application

Applicants who do not meet these requirements have the option of sitting for the EC-Council Information Security Manager (E|ISM) exam as part of the Associate CCISO Program. This option is available to candidates who do not yet possess the required years of experience. Associate CCISOs may sit for official CCISO training and then take and pass the EC-Council Information Security Manager (EISM) exam to enter the program at the associate level. Once the prerequisite years of experience have been completed, Associate CCISOs may take the full CCISO exam and earn the full certification.

CCISO Exam Info:

Number of Questions: 250

Passing Score: 70%

Test Duration: 4 Hours

Test Format: Multiple Choice

EISM Exam Info:

Number of Questions: 150

Passing Score: 70%

Test Duration: 2 Hours

Test Format: Multiple Choice

On successful completion of this course students will receive a Torque IT attendance certificate

*When you attend any authorized EC Council training course at Torque IT you will receive the associated examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorized EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your examination voucher into a Pearson VUE examination voucher, at an additional cost.

EC-Council Overview

To beat a hacker, you need to think like one…

Ethical Hacking is the process of proactively penetrating systems, to which one has official permission to do so, with a view to determining whether vulnerabilities exist and then to undertake the necessary preventive, corrective, and protective countermeasures before an actual compromise to the systems can occur.

Torque IT’s authorised EC-Council training, and associated certification, solutions empower you to identify vulnerabilities and to assess the security posture of target systems. EC-Council certifications are universally recognised as demonstrating a high level of expertise and credibility for individuals and the organisations that employ them.

Torque IT being an EC-Council Accredited Training Center (ATC) has been the recipient of EC-Council’s most prestigious ATC of the year awards for 2016, 2014 and EC-Council’s Circle of Excellence Awards for 2015.

These achievements reflect our commitment to providing you with quality skills development, enablement, training, and certification solutions that demonstrate exceptional quality, depth and breadth.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Certified Chief Information Security Officer (inclusive of certification exam voucher)

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

EC-Council Overview

contact

Vendor
Authorised

Details

Menu

newsletter

Certified Chief Information Security Officer (inclusive of certification exam voucher)

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

EC-Council Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised