Certified Chief Information Security Officer CCISO v3

Governance (Policy, Legal & Compliance)

• Definitions
• Information Security Management Program
• Information Security Laws, Regulations, & Guidelines
• Privacy Laws

IS Risk, Controls and Auditing Management

• Design, Deploy, and Manage Security Controls in Alignment with Business
• Goals, Risk Tolerance, and Policies and Standards
• Information Security Risk Assessment
• Risk Treatment
• Residual Risk
• Risk Acceptance
• Risk Management Feedback Loops
• Business Goals
• Risk Tolerance
• Policies and Standards
• Understanding Security Controls Types and Objectives
• Implementing Control Assurance Frameworks
• COBIT (Control Objectives for Information and Related Technology)
• BAI06 Manage Changes
• COBIT 4.1 vs. COBIT 5
• ISO 27001/27002
• Automate Controls
• Understanding the Audit Management Process

Information security leadership – projects and operations

• The Role of the CISO
• Information Security Projects
• Security Operations Management

IS Core Competencies

• Access Controls
• Physical Security
• Disaster Recovery
• Network Security
• Threat and Vulnerability Management
• Application Security
• Systems Security
• Encryption
• Computer Forensics and Incident Response

Strategic Planning and Finance

• Security Strategic Planning
• Alignment with Business Goals and Risk Tolerance
• Relationship between Security, Compliance, & Privacy
• Leadership
• Enterprise Information Security Architecture (EISA) Models, Frameworks, and Standards
• Security Emerging Trends
• It’s all about the Data
• Key Performance Indicators (KPI)
• Systems Certification and Accreditation Process
• Resource Planning
• Financial Planning
• Procurement
• Vendor Management
• Request for Proposal (RFP) Process
• Integrate Security Requirements into the Contractual Agreement and Procurement Process
• Statement of Work
• Service Level Agreements