C|CISO-iLearn 12 Proven Ways to Improve Your CISO Toolkit

C|CISO Certified Chief Information Security Officer - iLearn by EC-Council

Learn 12 major ways to dramatically improve your CISO skillset

CISO Course Description

This course brings together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. EC-Council presents this course from its iLearn library. iLearn courses are all self-study at your pace courses. After completing the course, you will be able to take the exam (see more information in the "Exam" tab below). Once you pass the exam you will be able to obtain your credential and certificate.

 

Why should I take this course?

This course assumes that you have great technical skills in information security. This course focuses on how to manage your organization's information security program at an executive level.

This course prepares you to look at more risk management issues than just for information security.

How does it work?

FSE|ICC is an EC-Council reseller. We handle the transaction with you and then EC-Council will provide you access to course content, instruction, examinations, certifications and anything else associated with the course.

 

How do I get started?

Add this course to you cart and finish the checkout process. EC-Council will work directly with us to get you registered for your course. We'll send your course materials, login information any other information that you'll need to take and finish the course.

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

Domain 1: Governance and Risk Management

1. Define, Implement, Manage, and Maintain an Information Security Governance Program

 

  • 1.1. Form of Business Organization
  • 1.2. Industry
  • 1.3. Organizational Maturity

 

2. Information Security Drivers

3. Establishing an information security management structure

 

  • 3.1. Organizational Structure
  • 3.2. Where does the CISO fit within the organizational structure
  • 3.3. The Executive CISO
  • 3.4. Nonexecutive CISO

 

4. Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures

5. Managing an enterprise information security compliance program

 

  • 5.1. Security Policy
  • 5.1.1. Necessity of a Security Policy
  • 5.1.2. Security Policy Challenges
  • 5.2. Policy Content
  • 5.2.1. Types of Policies
  • 5.2.2. Policy Implementation
  • 5.3. Reporting Structure
  • 5.4. Standards and best practices
  • 5.5. Leadership and Ethics
  • 5.6. EC-Council Code of Ethics

 

6. Introduction to Risk Management

 

  • 3.1. Organizational Structure
  • 3.2. Where does the CISO fit within the organizational structure
  • 3.3. The Executive CISO
  • 3.4. Nonexecutive CISO

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

Domain 2: Information Security Controls, Compliance, and Audit Management

1. Information Security Controls

 

  • 1.1. Identifying the Organization’s Information Security Needs
  • 1.1.1. Identifying the Optimum Information Security Framework
  • 1.1.2. Designing Security Controls
  • 1.1.3. Control Lifecycle Management
  • 1.1.4. Control Classification
  • 1.1.5. Control Selection and Implementation
  • 1.1.6. Control Catalog
  • 1.1.7. Control Maturity
  • 1.1.8. Monitoring Security Controls
  • 1.1.9. Remediating Control Deficiencies
  • 1.1.10. Maintaining Security Controls
  • 1.1.11. Reporting Controls
  • 1.1.12. Information Security Service Catalog

 

2. Compliance Management

 

  • 2.1. Acts, Laws, and Statutes
  • 2.1.1. FISMA
  • 2.2. Regulations
  • 2.2.1. GDPR
  • 2.3. Standards
  • 2.3.1. ASD—Information Security Manual
  • 2.3.2. Basel III
  • 2.3.3. FFIEC
  • 2.3.4. ISO 00 Family of Standards
  • 2.3.5. NERC-CIP
  • 2.3.6. PCI DSS
  • 2.3.7. NIST Special Publications
  • 2.3.8. Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

 

3. Guidelines, Good and Best Practices

 

  • 3.1. CIS
  • 3.1.1. OWASP

 

4. Audit Management

 

  • 4.1. Audit Expectations and Outcomes
  • 4.2. IS Audit Practices
  • 4.2.1. ISO/IEC Audit Guidance
  • 4.2.2. Internal versus External Audits
  • 4.2.3. Partnering with the Audit Organization
  • 4.2.4. Audit Process
  • 4.2.5. General Audit Standards
  • 4.2.6. Compliance-Based Audits
  • 4.2.7. Risk-Based Audits
  • 4.2.8. Managing and Protecting Audit Documentation
  • 4.2.9. Performing an Audit
  • 4.2.10. Evaluating Audit Results and Report
  • 4.2.11. Remediating Audit Findings
  • 4.2.12. Leverage GRC Software to Support Audits

 

5. Summary

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

Domain 3: Security Program Management & Operations

1. Program Management

 

  • 1.1. Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
  • 1.1.1. Security Program Charter
  • 1.1.2. Security Program Objectives
  • 1.1.3. Security Program Requirements
  • 1.1.4. Security Program Stakeholders
  • 1.1.5. Security Program Strategy Development
  • 1.2. Executing an Information Security Program
  • 1.3. Defining and Developing, Managing and Monitoring the Information Security Program
  • 1.3.1. Defining an Information Security Program Budget
  • 1.3.2. Developing an Information Security Program Budget
  • 1.3.3. Managing an Information Security Program Budget
  • 1.3.4. Monitoring an Information Security Program Budget
  • 1.4. Defining and Developing Information Security Program Staffing Requirements
  • 1.5. Managing the People of a Security Program
  • 1.5.1. Resolving Personnel and Teamwork Issues
  • 1.5.2. Managing Training and Certification of Security Team Members
  • 1.5.3. Clearly Defined Career Path
  • 1.5.4. Designing and Implementing a User Awareness Program
  • 1.6. Managing the Architecture and Roadmap of the Security Program
  • 1.6.1. Information Security Program Architecture
  • 1.6.2. Information Security Program Roadmap
  • 1.7. Program Management and Governance
  • 1.7.1. Understanding Project Management Practices
  • 1.7.2. Identifying and Managing Project Stakeholders
  • 1.7.3. Measuring the Effectives of Projects
  • 1.8. Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
  • 1.9. Data Backup and Recovery
  • 1.10. Backup Strategy
  • 1.11. ISO BCM Standards
  • 1.11.1. Business Continuity Management (BCM)
  • 1.11.2. Disaster Recovery Planning (DRP)
  • 1.12. Continuity of Security Operations
  • 1.12.1. Integrating the Confidentiality, Integrity and Availability (CIA) Model
  • 1.13. BCM Plan Testing
  • 1.14. DRP Testing
  • 1.15. Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
  • 1.16. Computer Incident Response
  • 1.16.1. Incident Response Tools
  • 1.16.2. Incident Response Management
  • 1.16.3. Incident Response Communications
  • 1.16.4. Post-Incident Analysis
  • 1.16.5. Testing Incident Response Procedures
  • 1.17. Digital Forensics
  • 1.17.1. Crisis Management
  • 1.17.2. Digital Forensics Life Cycle

 

2. Operations Management

 

  • 2.1. Establishing and Operating a Security Operations (SecOps) Capability
  • 2.2. Security Monitoring and Security Information and Event Management (SIEM)
  • 2.3. Event Management
  • 2.4. Incident Response Model
  • 2.4.1. Developing Specific Incident Response Scenarios
  • 2.5. Threat Management
  • 2.6. Threat Intelligence
  • 2.6.1. Information Sharing and Analysis Centers (ISAC)
  • 2.7. Vulnerability Management
  • 2.7.1. Vulnerability Assessments
  • 2.7.2. Vulnerability Management in Practice
  • 2.7.3. Penetration Testing
  • 2.7.4. Security Testing Teams
  • 2.7.5. Remediation
  • 2.8. Threat Hunting

 

3. Summary

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

Domain 4: Information Security Core Competencies

1. Access Control

 

  • 1.1. Authentication, Authorization, and Auditing
  • 1.2. Authentication
  • 1.3. Authorization
  • 1.4. Auditing
  • 1.5. User Access Control Restrictions
  • 1.6. User Access Behavior Management
  • 1.7. Types of Access Control Models
  • 1.8. Designing an Access Control Plan
  • 1.9. Access Administration

 

2. Physical Security

 

  • 2.1. Designing, Implementing, and Managing Physical Security Program
  • 2.1.1. Physical Risk Assessment
  • 2.2. Physical Location Considerations
  • 2.3. Obstacles and Prevention
  • 2.4. Secure Facility Design
  • 2.4.1. Security Operations Center
  • 2.4.2. Sensitive Compartmented Information Facility
  • 2.4.3. Digital Forensics Lab
  • 2.4.4. Datacenter
  • 2.5. Preparing for Physical Security Audits

 

3. Network Security

 

  • 3.1. Network Security Assessments and Planning
  • 3.2. Network Security Architecture Challenges
  • 3.3. Network Security Design
  • 3.4. Network Standards, Protocols, and Controls
  • 3.4.1. Network Security Standards
  • 3.4.2. Protocols

 

4. Certified Chief

 

  • 4.1.1. Network Security Controls
  • 4.2. Wireless (Wi-Fi) Security
  • 4.2.1. Wireless Risks
  • 4.2.2. Wireless Controls
  • 4.3. Voice over IP Security

 

5. Endpoint Protection

 

  • 5.1. Endpoint Threats
  • 5.2. Endpoint Vulnerabilities
  • 5.3. End User Security Awareness
  • 5.4. Endpoint Device Hardening
  • 5.5. Endpoint Device Logging
  • 5.6. Mobile Device Security
  • 5.6.1. Mobile Device Risks
  • 5.6.2. Mobile Device Security Controls
  • 5.7. Internet of Things Security (IoT)
  • 5.7.1. Protecting IoT Devices

 

6. Application Security

 

  • 6.1. Secure SDLC Model
  • 6.2. Separation of Development, Test, and Production Environments
  • 6.3. Application Security Testing Approaches
  • 6.4. DevSecOps
  • 6.5. Waterfall Methodology and Security
  • 6.6. Agile Methodology and Security
  • 6.7. Other Application Development Approaches
  • 6.8. Application Hardening
  • 6.9. Application Security Technologies
  • 6.10. Version Control and Patch Management
  • 6.11. Database Security
  • 6.12. Database Hardening
  • 6.13. Secure Coding Practices

 

7. Encryption Technologies

 

  • 7.1. Encryption and Decryption
  • 7.2. Cryptosystems
  • 7.2.1. Blockchain
  • 7.2.2. Digital Signatures and Certificates
  • 7.2.3. PKI
  • 7.2.4. Key Management
  • 7.3. Hashing
  • 7.4. Encryption Algorithms
  • 7.5. Encryption Strategy Development
  • 7.5.1. Determining Critical Data Location and Type
  • 7.5.2. Deciding What to Encrypt
  • 7.5.3. Determining Encryption Requirements
  • 7.5.4. Selecting, Integrating, and Managing Encryption Technologies

 

8. Virtualization Security

 

  • 8.1. Virtualization Overview
  • 8.2. Virtualization Risks
  • 8.3. Virtualization Security Concerns
  • 8.4. Virtualization Security Controls
  • 8.5. Virtualization Security Reference Model

 

9. Cloud Computing Security

 

  • 9.1. Overview of Cloud Computing
  • 9.2. Security and Resiliency Cloud Services
  • 9.3. Cloud Security Concerns
  • 9.4. Cloud Security Controls
  • 9.5. Cloud Computing Protection Considerations

 

10. Transformative Technologies

 

  • 10.1. Artificial Intelligence
  • 10.2. Augmented Reality
  • 10.3. Autonomous SOC
  • 10.4. Dynamic Deception
  • 10.5. Software-Defined Cybersecurity

 

11. Summary

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

1. Strategic Planning

 

  • 1.1. Understanding the Organization
  • 1.1.1. Understanding the Business Structure
  • 1.1.2. Determining and Aligning Business and Information Security Goals
  • 1.1.3. Identifying Key Sponsors, Stakeholders, and Influencers
  • 1.1.4. Understanding Organizational Financials
  • 1.2. Creating an Information Security Strategic Plan
  • 1.2.1. Strategic Planning Basics
  • 1.2.2. Alignment to Organizational Strategy and Goals
  • 1.2.3. Defining Tactical Short, Medium, and Long-Term Information Security Goals
  • 1.2.4. Information Security Strategy Communication
  • 1.2.5. Creating a Culture of Security

 

2. Designing, Developing, and Maintaining an Enterprise Information Security Program

 

  • 2.1. Ensuring a Sound Program Foundation
  • 2.2. Architectural Views
  • 2.3. Creating Measurements and Metrics
  • 2.4. Balanced Scorecard
  • 2.5. Continuous Monitoring and Reporting Outcomes
  • 2.6. Continuous Improvement
  • 2.7. Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)

 

3. Understanding the Enterprise Architecture (EA)

 

  • 3.1. EA Types
  • 3.1.1. The Zachman Framework
  • 3.1.2. The Open Group Architecture Framework (TOGAF)
  • 3.1.3. Sherwood Applied Business Security Architecture (SABSA)
  • 3.1.4. Federal Enterprise Architecture Framework (FEAF)

 

4. Finance

 

  • 4.1. Understanding Security Program Funding
  • 4.2. Analyzing, Forecasting, and Developing a Security Budget
  • 4.2.1. Resource Requirements
  • 4.2.2. Define Financial Metrics
  • 4.2.3. Technology Refresh
  • 4.2.4. New Project Funding
  • 4.2.5. Contingency Funding
  • 4.3. Managing the information Security Budget
  • 4.3.1. Obtain Financial Resources
  • 4.3.2. Allocate Financial Resources
  • 4.3.3. Monitor and Oversight of Information Security Budget
  • 4.3.4. Report Metrics to Sponsors and Stakeholders
  • 4.3.5. Balancing the Information Security Budget

 

5. Procurement

 

  • 5.1. Procurement Program Terms and Concepts
  • 5.1.1. Statement of Objectives (SOO)
  • 5.1.2. Statement of Work (SOW)
  • 5.1.3. Total Cost of Ownership (TCO)
  • 5.1.4. Request for Information (RFI)
  • 5.1.5. Request for Proposal (RFP)
  • 5.1.6. Master Service Agreement (MSA)
  • 5.1.7. Service Level Agreement (SLA)
  • 5.1.8. Terms and Conditions (T&C)
  • 5.2. Understanding the Organization’s Procurement Program
  • 5.2.1. Internal Policies, Processes, and Requirements
  • 5.2.2. External or Regulatory Requirements
  • 5.2.3. Local Versus Global Requirements
  • 5.3. Procurement Risk Management
  • 5.3.1. Standard Contract Language

 

6. Vendor Management

 

  • 6.1. Understanding the Organization’s Acquisition Policies and Procedures
  • 6.1.1. Procurement Life cycle
  • 6.2. Applying Cost-Benefit Analysis (CBA) During the Procurement Process5
  • 6.3. Vendor Management Policies
  • 6.4. Contract Administration Policies
  • 6.4.1. Service and Contract Delivery Metrics
  • 6.4.2. Contract Delivery Reporting
  • 6.4.3. Change Requests
  • 6.4.4. Contract Renewal
  • 6.4.5. Contract Closure
  • 6.5. Delivery Assurance
  • 6.5.1. Validation of Meeting Contractual Requirements
  • 6.5.2. Formal Delivery Audits
  • 6.5.3. Periodic Random Delivery Audits
  • 6.5.4. Third-Party Attestation Services (TPRM)

 

7. Summary

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

Course Video

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

ANSI:

EC-Council is dedicated to working with the US Department of Defense to bring the highest standards of Training, Education and Certification to our military.

Independent Accreditation ensures Quality of Certification

EC-Council Certifications are developed to the highest standards and have achieved numerous accreditations including ANSI 17024 for:

iclass
iclass


DoD:

DoD Directive 8570/ 8140

EC-Council’s Certified Chief Information Security Officer is an approved baseline certification for the following Cyber Security Service Provider sections:

IAM Level II • IAM Level III • CSSP Manager

Information on DoD 8570 can be found at the following DISA website: https://public.cyber.mil/cwmp/dod-approved-8570-baseline-certifications/

Certification to Framework Mappings

A core component of EC-Council Certification development is the Job Task Analysis (JTA) Process we undertake before any certification is built. Major frameworks like the NICE/NIST Framework, NIST 800-171, GCHQ, and others contribute to content areas of each of our programs. As a result, EC-Council Certifications and Training programs are mapped to most major published Frameworks.

EC-Council Maps to the National Initiative for Cybersecurity Education Framework

Download the comprehensive mapping of EC-Council program sections to The Roles and their associated Knowledge, Skills and abilities.


NAVY COOL:

EC-Council Cyber Security Certifications and the US NAVY

Six EC-Council Certifications are recognized by the United States Navy in over 100 Cyber Security Job roles, across 18 occupations. Ranging from Commander in Executive Cyberspace Leadership to Cyber Warfare Engineer, Special Agents, Incident Handlers, to Cryptologic Warfare Engineers, Cybersecurity careers with the US NAVY are exciting, holding an EC-Council certification provides great opportunity for advancement in a US NAVY career.

The decisions of Department of the NAVY to incorporate industry recognized certifications into the Cyber IT & Cyber Security Workforce Framework ensures as our service personnel advance their careers and eventually transition to civilian life, their skills and credentials are widely recognized by the Industries they will continue to work in as Veterans.

Certifications recognized, accepted, and often funded by the US NAVY include:

iclass

Funding opportunities for career advancement are available for Active Duty NAVY personnel through the NAVY COOL program.

US NAVY approves EC-Council Certifications across 18 Occupations and over 100 Job roles

  • Cryptologic Warfare LDO
  • CTN-Cryptologic Technician Networks
  • Cyber IT/CSWF Cyber Defense Infrastructure Support
  • Cyber IT/CSWF Executive Cyberspace Leadership
  • Cyber IT/CSWF Security Program Management (CISO)
  • Cyber IT/CSWF Vulnerability Assessment and Management
  • Cryptologic Warfare Officer
  • Cyber IT/CSWF All Source Analysis
  • Cyber IT/CSWF Cyber Operations Planning
  • Cyber IT/CSWF Incident Response
  • Cyber IT/CSWF Strategic Planning and Policy Development
  • Cyber Warfare Engineer
  • Cryptologic Warfare Technician CWO
  • Section 2Cyber IT/CSWF Cyber Defense Analysis
  • Cyber IT/CSWF Digital Forensics
  • Cyber IT/CSWF Investigation
  • Cyber IT/CSWF Threat Analysis
  • Cyber Warrant Officer CWO

*All information represented here can be found on the NAVY COOL site. To find what EC-Council Certifications map to your eligible Job role, select “Full Credential Search” then under Credential Agency, select or search for “International Council of E-Commerce Consultants”.


ARMY COOL:

 

EC-Council Cyber Security Certifications and the US ARMY

Five EC-Council Certifications are recognized by the United States ARMY across 15 occupations. Ranging from Cyber Operations Technician to Target Digital Network Analyst. Our certifications are in use as baseline credentials across ARMY Cyber throughout intelligence as well as deployed infantry. EC-Council is proud to work with various groups in the ARMY to support the Mission of ARMY Cyber.

Certifications recognized, accepted, and often funded by the US ARMY include:

iclass

Funding opportunities for career advancement are available for Active Duty ARMY personnel through the ARMY COOL program.

US ARMY approves EC-Council Certifications across 15 Occupations

 

  • Cryptologic Cyberspace Intelligence Collector – Analyst
  • CYBER Operations Technician
  • Information Protection Technician
  • Military Intelligence (MI) Systems Maintainer/Integrator
  • Senior Network Operations Technician
  • Cryptologic Cyberspace Intelligence Collector – Analyst
  • CYBER Operations Technician
  • Information Protection Technician

 

 

  • Military Intelligence (MI) Systems Maintainer/Integrator
  • Senior Network Operations Technician
  • Counterintelligence Agent
  • Cyber Operations Specialist
  • Infantryman
  • Information Technology Specialist
  • Nodal Network Systems Operator-Maintainer

MARINE CORPS COOL:

 

EC-Council Cyber Security Certifications and the Marine Corps

Five EC-Council Certifications are recognized by the United States Marine Corps in 79 Cyber Security Job roles, across 17 occupations. Ranging from Cyber Security Technician, to Signals Intelligence and Electronic Warfare Operator, to Cyber Security Chief.

Certifications recognized, accepted, and often funded by the US Marine Corps include:

iclass

Funding opportunities for career advancement are available for Active Duty MARINE CORPS personnel through the Marine COOL program.

US Marine Corps approves EC-Council Certifications across 15 Occupations

  • Aviation Logistics Information Management System (ALIMS) Specialist
  • Cyber IT/CSWF Cyber Defense Analysis
  • Cyber IT/CSWF Investigation
  • Cybersecurity Technician
  • Cyber IT/CSWF All Source Analysis
  • Signals Intelligence and Electronic Warfare Operator/Analyst
  • Communications Chief
  • Cyber IT/CSWF Cyber Defense Infrastructure Support
  • Cyber IT/CSWF Threat Analysis
  • Information Security Technician
  • Cyber IT/CSWF Incident Response
  • Signals Intelligence/Electronic Warfare Technician
  • Cryptologic Cyberspace Analysts
  • Cyber IT/CSWF Digital Forensics
  • Cyber IT/CSWF Vulnerability Assessment and Management
  • Intelligence Surveillance Reconnaissance (ISR) Systems Engineer
  • Cyber Security Chief

AIR FORCE COOL:

 

EC-Council Cyber Security Certifications and the US Air Force

Four EC-Council Certifications are recognized by the United States Air Force in 150 Cyber Security Job roles, across 8 occupations. Occupations are recognized in fields like; Cyber Transport Systems, Intelligence, and Cyber Warfare Operations.

Certifications recognized, accepted, and often funded by the US AIR FORCE include:

iclass

Funding opportunities for career advancement are available for Active Duty AIR FORCE personnel through the AIR FORCE COOL program.

  • Client Systems
  • Cyber Surety
  • Cyber Transport Systems
  • Flight Engineer
  • Computer Systems Programming
  • Cyber Systems Operations
  • Cyberspace Warfare Operations
  • Fusion Analyst

GI BILL:

Qualifying Chapter 31 (VR&E) United States Veterans may use their benefits to quickly study and attempt industry certifications and career training.

C|CISO Certified Chief Information Security Officer – iLearn by EC-Council

About OhPhish

OhPhish is a great way for CCISOs to jumpstart the security awareness programs at their companies at no cost. OhPhish is a simple and user-friendly solution for driving phishing simulations and online trainings. Launching phishing simulations is made easy through pre-existing phishing templates and connectors for authoritative identity repositories (like Active Directory). The solution not only sends customized emails and campaigns, but also tracks responses and actions (like clicking links or opening attachments) in real time, giving trends as well as detailed reports by user, department, or other key demographics.

$1,899.00

Learn 12 major ways to dramatically improve your CISO toolkit

Category: Tag: