Vinsys EC-Council official course addresses the critical areas for developing and maintaining successful information security programs. In addition to focussing on technical knowledge, it also covers applying information security management principles from an executive management point of view.
The ANSI-accredited training expands on 5 CCISO domains while combining audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise for leading highly successful IS programs.
Moreover, the NICE-framework-mapped accreditation course brings together all the components required for C-Level positions and bridges the gap between the executive management knowledge needed by CISOs and the technical know-how of aspiring CISOs.
The CCISO training also prepares you for the EC-Council 712-50 exam, necessary for securing the Certified Chief Information Security Officer (CCISO) credential.
Loading...
Governance, Risk & Compliance
Defining, implementing, managing, and maintaining an information security governance program comprising leadership, organizational structures, and processes.
Aligning information security governance framework with organizational goals/governance (leadership style, philosophy, values, standards, and policies).
Establishing an information security management structure.
A framework for InfoSec governance monitoring (including cost/benefits analyses of controls/ROI).
Understanding the standards, procedures, directives, policies, regulations, and legal issues affecting the information security program.
The enterprise information security compliance program.
Creating a risk management program policy and charter.
A risk assessment methodology/framework.
Creating and managing risk register.
Creating risk assessment schedule/checklists.
Risk reporting metrics and processes.
Analyzing and understanding common external laws, regulations, or standards.
Learning the best practices applicable to organizations and organizational ethics.
Familiarizing with international security and risk standards like ISO 27000 and 31000 series.
Implementing/Managing information security strategies, plans, policies, and procedures for reducing regulatory risks.
Understanding the importance of regulatory information security organizations, appropriate industry groups, and stakeholders.
Information security changes, trends, and best practices.
Understanding/Managing enterprise compliance program controls, information security compliance process/procedures, compliance auditing, and certification programs.
The information security compliance process and procedures.
Compiling, analyzing, and reporting compliance programs.
Understanding the compliance auditing and cortication programs.
Following organizational ethics.
Information Security Controls & Audit Management
Identifying organizational operational-processes/objectives.
Designing information systems controls in alignment with operational needs/goals.
Conducting testing before implementation for ensuring effectiveness.
Identifying/Selecting the resources required to implement and maintain information systems controls (human capital, information, infrastructure, architecture, platforms, operating systems, networks, databases, or applications).
Designing and implementing information systems controls for mitigating risks.
Monitoring/Documenting the information systems control performance in meeting organizational objectives by identifying/measuring metrics and key performance indicators.
Designing/Conducting the testing of information security controls for ensuring effectiveness, discovering deficiencies, and ensuring alignment with the organizational risk management program.
Designing and implementing processes for appropriately remediating deficiencies.
Evaluating problem management practices to ensure errors are recorded, analyzed, and resolved promptly.
Assessing/Implementing tools and techniques for automating information systems control processes.
Measuring/Managing/Reporting on security control implementation and effectiveness.
Understanding the IT audit process.
Familiarizing with IT audit standards.
Applying information systems audit principles, skills or techniques for reviewing and testing information systems technology and applications to design/implement thorough risk-based IT audit strategies.
Executing the audit process per established standards.
Interpreting results against defined criteria for ensuring the information systems are protected, controlled, and effective in supporting organizational objectives.
Evaluating audit results, weighing conclusions' relevancy, accuracy, and perspective against the accumulated evidence.
Assessing the exposures resulting from ineffective or missing control practices and formulating a practical cost-effective plan for improving those areas.
Developing an IT audit documentation process and sharing reports with stakeholders as the basis for decision-making.
Ensuring the necessary changes based on the audit findings are effectively implemented on time.
Security Program Management & Operations
Developing a clear project scope statement for each information systems project in alignment with organizational objectives.
Defining activities needed for successfully executing the information systems program, estimating activity duration, and developing a scheduling/staffing plan.
Developing, managing, and monitoring the information systems program budget.
Estimating and controlling individual project costs.
Identifying, negotiating, acquiring, and managing the resources for successfully designing/implementing the information systems program (people, infrastructure, and architecture).
Acquiring, developing, and managing the information security project team.
Assigning precise InfoSec-personnel job functions.
Providing continuous training for effective performance and accountability.
Directing information security personnel.
Establishing communications and team activities between the information systems team and other security-related personnel (technical support, incident management, security engineering).
Resolving personnel/teamwork issues within time, cost, and quality constraints.
Identifying, negotiating, and managing vendor agreements and community.
Participating with vendors/stakeholders for reviewing/assessing recommended solutions and identifying incompatibilities, challenges or issues.
Evaluating the project management practices/controls to determine whether business requirements are achieved cost-effectively while managing organizational risks.
Developing a plan to continuously measure the effectiveness of the information systems projects for optimal system performance.
Identifying stakeholders, managing stakeholders’ expectations, and communicating effectively for reporting progress/performance.
Ensuring the necessary changes/improvements to information systems processes are implemented as required.
Information Security Core Competencies
Identifying the criteria for mandatory/discretionary access control.
Understanding different factors helpful in implementing access controls.
Designing an access control plan.
Implementing and managing an access control plan in alignment with fundamental principles governing the access control systems.
Identifying multiple access control systems such as ID cards and biometrics.
Understanding the importance of warning banners for implementing access rules.
Developing procedures to ensure system users are aware of IA responsibilities before granting access to information systems.
Understanding various social engineering concepts and their roles in insider attacks.
Developing best practices for countering social engineering attacks.
Designing a response plan for identity theft incidences.
Identifying and designing a plan for overcoming phishing attacks.
Identifying standards, procedures, directives, policies, regulations, and laws for physical security.
Determining the value of physical assets and the impact if unavailable.
Designing/Implementing/Managing a comprehensive, coordinated, and holistic physical security plan.
Ensuring overall organizational security, covering an audit schedule and performance metrics.
Developing/Implementing/Monitoring business continuity, contingency, and disaster recovery plans in case of disruptive events.
Ensuring plans' alignment with organizational goals/objectives.
Direct contingency planning, operations, and programs for managing risks.
Designing documentation processes as part of the continuity of operations program.
Designing/Executing a testing and updating plan for the continuity of operations program.
Understanding the importance of integrating IA requirements into the Continuity of Operations Plan (COOP).
Understanding and managing the network cloud security.
Identifying the appropriate intrusion detection/prevention systems for organizational information security.
Designing/Developing a program for monitoring firewalls and identifying firewall configuration issues.
Understanding perimeter defense systems like grid sensors and access control lists on routers, firewalls, and other network devices.
Identifying the basic network architecture, models, protocols, and components such as routers/hubs that play a role in network security.
Understanding network segmentation.
Managing DMZs, VPN, and telecommunication technologies such as PBX/VoIP.
Identifying network vulnerabilities.
Exploring network security controls like using SSL/TLS for transmission security.
Supporting, monitoring, testing, and troubleshooting issues with hardware/software.
Managing accounts, network rights, and access to systems/equipment.
Identifying vulnerabilities/attacks associated with wireless networks.
Managing different wireless network security tools.
Assessing the threat of viruses, Trojan, and malware to organizational security.
Identifying sources/mediums of malware infection.
Deploying and managing anti-virus systems.
Developing processes to counter virus, Trojan, and malware threats.
Training security and non-security teams on secure development processes.
Developing/Maintaining software assurance programs in alignment with secure coding principles and phases of the System Development Life Cycle (SDLC).
Understanding system-engineering practices.
Configuring/Running tools that help in developing secure programs.
Understanding software vulnerability analysis techniques.
Learning static code, dynamic code, and software composition analysis.
Installing/Operating IT systems in a test configuration manner that does not alter program codes or compromise security safeguards.
Identifying web application vulnerabilities/attacks and security tools for countering these attacks.
Identifying various OS vulnerabilities/attacks.
Developing a plan for hardening OS systems.
Understanding system logs, the patch management process, and configuration management for information system security.
Understanding encryption/decryption, digital certificates, and critical public infrastructure.
The key differences between cryptography and steganography.
Identifying the components of a cryptosystem.
Developing a plan for information security encryption techniques.
Designing, developing, and implementing a penetration testing program based on penetration testing methodology for ensuring organizational security.
Identifying the vulnerabilities associated with information systems and legal issues involved in penetration testing.
Developing pre/post testing procedures.
Developing a plan for pen test reporting and implementation of technical vulnerability corrections.
Developing vulnerability management systems.
Creating and managing a threat management program.
Including threat intelligence, third-party threats, and security bulletins regarding hardware/software, particularly open-source software.
Developing a plan to identify a potential security violation, and taking appropriate action for reporting the incident.
Complying with system termination procedures and incident reporting requirements related to potential security incidents or actual breaches.
Assessing potential security violations for determining if the network security policies have been breached.
Assessing the impact and preserving evidence.
Diagnosing/Resolving IA problems in response to reported incidents.
Designing incident response procedures (testing, tabletop exercises, and playbooks).
Developing guidelines for determining whether a security incident is indicative of any legal violation that requires special action.
Identifying the volatile/persistent system information.
Setting-up/Managing forensic labs and programs.
Understanding digital media devices, e-discovery principles/practices, and file systems.
Developing and managing an organizational digital forensic program.
Establishing, developing, and managing forensic investigation teams.
Designing investigation processes (evidence collection, imaging, data acquisition, and analysis).
Identifying best practices for acquiring, storing, and processing digital evidence.
Configuring and utilizing forensic investigation tools.
Designing anti-forensic techniques.
Strategic Planning, Finance, Procurement & Third-party Management
Designing/Developing/Maintaining the enterprise information security architecture (EISA) by aligning business processes, IT software/hardware, local/wide area networks, people, operations, and projects with the organizational security strategy.
Performing external/internal analysis of the organization (analysis of customers, competitors, markets and industry environment, risk management, organizational capabilities, performance measurement) and utilizing it for aligning information security programs with organizational objectives.
Identifying and consulting with key stakeholders to ensure the correct understanding of organizational objectives.
Defining a forward-looking, visionary, and innovative strategic plan for the role of the information security program with clear objectives/targets supporting the organization's operational needs.
Defining key performance indicators and measuring their effectiveness continuously.
Assessing and adjusting security resources to ensure they support organizational strategic objectives.
Monitoring/Updating activities for accountability and progress.
Analyzing, forecasting, and developing the operational budget of the security department.
Acquiring/Managing the necessary resources for implementing and managing the information security plan.
Allocating financial resources to projects, processes, and units within the information security program.
Monitoring/Overseeing the cost management of information security projects and return on investment (ROI) of essential IT infrastructure and security purchases, and ensuring alignment with the strategic plan.
Identifying and reporting financial metrics to stakeholders.
Balancing the IT security investment portfolio based on EISA considerations and enterprise security priorities.
Understanding the acquisition life cycle.
Determining the importance of procurement by performing Business Impact Analysis.
Identifying procurement strategies.
Understanding the value of cost-benefit analysis during procurement of an information system.
The basic procurement concepts like Statement of Objectives (SOO), Statement of Work (SOW), and Total Cost of Ownership (TCO).
Collaborating with stakeholders (internal clients, lawyers, IT security, privacy professionals, security engineers, suppliers, and others) to procure IT security products and services.
Including risk-based security requirements in acquisition plans, cost estimates, statements of work, contracts or evaluation factors for service level agreements and other procurement documents.
Designing the vendor selection process and management policy.
Developing contract administration policies directing the evaluation or acceptance of delivered IT security products and services under a contract.
Developing standards for measuring and reporting key objectives in procurements aligned with IT security policies/procedures.
Understanding the IA security requirements to be included in work statements and other appropriate procurement documents.
Designing the third-party selection process.
The third-party management policy, metrics, and processes.
Designing and managing the third-party assessment process, including ongoing compliance management.
Developing standards for measuring and reporting critical objectives in procurements aligned with IT security policies and procedures.
Adding risk-based security requirements to acquisition plans, cost estimates, statements of work, contracts, and evaluation factors for service level agreements and other relevant procurement documents.
Understanding the security/privacy/compliance requirements to be included in Statements of Work (SOW), Master Service Agreements (MSA), and other appropriate procurement documents.
What's the Credibility of EC-Council?
EC-Council, or the International Council of E-Commerce Consultants, is a premier member-based organization that certifies individuals in multiple e-businesses and information security skills.
Who Designed & Developed the Certified Chief Information Security Officer Program?
A core group of high-level information security executives and sitting CISOs called "The CCISO Advisory Board."
What's Included in the CCISO Body of Knowledge?
The following CCISO InfoSec management domains in depth:
Why Zero-in on the Certified CISO (CCISO) Accreditation?
The coveted program is created by well-acknowledged CISOs from private/public sectors carrying a wide range of expertise and knowledge. It explores the subject from the executive management perspective and pays sufficient attention to business acumen or strategic/financial management.
Altogether, the certification proves immensely beneficial for successful transitions to the highest ranks of InfoSec management.
Is CCISO Similar to CISSP (Certified Information Systems Security Professional)?
Unlike the popular perception, it is not. Instead, CCISO is the path anyone interested in an executive career in InfoSec may take after completing CISSP.
It should also be noted that CISSP assigns more weightage to Governance, IS Management Controls & Auditing Management and Information Security Core Competencies, with less coverage of Strategic Planning, Finance, Procurement & Third-Party Management.
Is it Binding to Attend the EC-Council Authorized Course Before CCISO Exam?
It is not; however, in such a scenario, you will have to present the evidence and verifiers validating 5 years of experience in each of the five CCISO domains.
What If I Complete the CCISO Training & Fail to Substantiate the Required Experience?
The EC-Council CCISO examination voucher will not be issued.
How Can I Apply for the CCISO Exam?
By filling out the CCISO Exam Eligibility Application and emailing it to cciso@eccouncil.org.
Is Certified Chief Information Security Officer (CCISO) Credential Renewable?
Yes, the CCISO accreditation valid for 3 years can be renewed for another 3 years by updating your EC-Council Continuing Education (ECE) credit account in the EC-Council Aspen portal and submitting the proof of earned credits.
Why Prefer Vinsys for CCISO Training?
Besides being a globally-respected Individual/Corporate IT training provider, Vinsys is also admired as the top EC-Council Accredited Training Partner (ATP). Its unmatchable offerings, accredited instructors, customizable skilling programs, and round-the-clock learner support ensure the most detailed upskilling experiences, a must for capitalizing on valuable InfoSec opportunities.
Can't ignore the CCISO learning experience if you intend to develop an information governance model with senior management. Vinsys' carefully-crafted training brought more than I expected.
Our cyber security efforts needed a boost, and we couldn't think of a better approach than taking our teams through this comprehensive CCISO course from Vinsys. Highly recommended!