Стартира прием за обучение за Certified Chief Information Security Officer v3
ОПИСАНИЕ НА ОБУЧЕНИЕТО
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.
In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
WHAT DOES THE CCISO TEACH?
The program focuses on five domains to bring together all the components required for a C-Level position.
It combines governance, security risk management, controls, audit management, security program
management and operations, information-security core concepts, and strategic planning, finance, and
vendor management––skills that are vital to leading a highly successful information security program.
The five domains were mapped in alignment to the NICE Cybersecurity Workforce Framework (NCWF),
a national resource that categorizes and describes cybersecurity work, listing common sets of duties and
skills needed to perform specific tasks.
The framework consists of seven highly important categories; one of which is “Oversight and Development”
and deals with leadership, management, direction, and advocacy. It was upon these requirements that
the CCISO program was created, with skill development courses in legal advice and advocacy, strategic
planning and policy development, Information Systems Security Operations (ISSO), and Security Program
Management (CISO) being 95% related to the NCWF.
ЗА КОГО Е ПРЕДНАЗНАЧЕНО ОБУЧЕНИЕТО
The CCISO is for information security executives aspiring to be CISOs through refining their skills and learning to align information security programs with business goals and objectives. This program also encourages existing CISOs to improve their technical and management skills, as well as business
Elements that make CCISO one of a kind
Accredited by ANSI
EC-Council has been accredited by the American National Standards Institute (ANSI) for its CCISO
certification program. It is one of the few certification bodies whose primary specialization is information
security in order to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard.
Compliant to the NICE Framework
The five domains of the CCISO program are mapped to the NICE Cybersecurity Workforce Framework
(NCWF), a national resource that categorizes and describes cybersecurity work, listing common sets of
duties and skills needed to perform specific tasks.
It brings together all the components required for a C-Level position:
The CCISO program combines audit management, governance, IS controls, human capital management,
strategic program development, and the financial expertise vital to leading a highly successful IS program.
Focuses on the application of technical knowledge:
Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend
much time on strictly technical information, but rather on the application of technical knowledge to an
information security executive’s day-to-day work.
Bridges the Gap between Technical Knowledge, Executive Management, and Financial Management
The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
Recognizes the Importance of Real-World Experience
To reach a C-Level position, an information security officer must have prior experience to gain a holistic
idea of what to expect while in the field. With this in mind, the CCISO program consists of many real-world
experiences faced by current CISOs around the world.
The CCISO exam also challenges students to develop a business continuity plan for a company in a given
industry and situation, use metrics to communicate risk for different audiences, and describes how to align security programs with the goals of the business–among many other exercises.
Designed by the Experts
The CCISO Advisory board is comprised of practicing CISOs who designed the program based on their day-to-day experiences – based on both technical and management concerns. The board is made up of security leaders from Amtrak, HP, the City of San Francisco, Lennar, the Center for Disease Control, universities, and consulting firms who have contributed their vast knowledge to create this program to address the lack of leadership training in information security.
ТЕМИ, КОИТО СЕ РАЗГЛЕЖДАТ ПО ВРЕМЕ НА ОБУЧЕНИЕТО
Domain 01: Governance and Risk Management
1. Define, Implement, Manage, and Maintain an Information Security Governance Program
2. Information Security Drivers
3. Establishing an information security management structure
4. Laws/Regulations/Standards as drivers of Organizational Policy/ Standards/ Procedures
5. Managing an enterprise information security compliance program
6. Risk Management
7. Risk mitigation, risk treatment, and acceptable risk
8. Risk management frameworks
10. Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
11. Risk management plan implementation
12. Ongoing third-party risk management
13. Risk management policies and processes
Domain 02: Information Security Controls, Compliance, and Audit Management
1. INFORMATION SECURITY CONTROLS
2. COMPLIANCE MANAGEMENT
3. GUIDELINES, GOOD AND BEST PRACTICES
4. AUDIT MANAGEMENT
Domain 03: Security Program Management & Operations
1. PROGRAM MANAGEMENT
2. OPERATIONS MANAGEMENT
Domain 04: IS Core Competencies
1. ACCESS CONTROL
2. PHYSICAL SECURITY
3. NETWORK SECURITY
4. ENDPOINT PROTECTION
5. APPLICATION SECURITY
6. ENCRYPTION TECHNOLOGIES
7. VIRTUALIZATION SECURITY
8. CLOUD COMPUTING SECURITY
9. TRANSFORMATIVE TECHNOLOGIES
Domain 05: Strategic Planning, Finance, Procurement, & Vendor Management
1. STRATEGIC PLANNING
2. Designing, Developing, and Maintaining an Enterprise Information Security Program
3. Understanding the Enterprise Architecture (EA)
6. VENDOR MANAGEMENT
САМОСТОЯТЕЛНА ЛАБОРАТОРНА СРЕДА
Всеки участник получава онлайн достъп до самостоятелна виртуална работна среда и материали за обучение.
ПРОДЪЛЖИТЕЛНОСТ НА ОБУЧЕНИЕТО
Продължителността на обучението е 40 уч.ч. Занятията се провеждат събота и неделя по 5 уч.ч., общо четири седмици.
3 days (9 am – 5 pm)
• Minimum of 24 hours
ФОРМИ НА ОБУЧЕНИЕ
Обучението се провежда в самостоятелна форма или в онлайн форма с инструктор.
Такса за обучение се заплаща след потвърдено участие от Ваша страна, официалната Ви регистрация и преди началото на самото обучение.
КРАЕН СРОК НА ЗАПИСВАНЕ
Крайнията срок за записване е до ……,
За да се регистрирате за обучение е необходимо да попълните онлайн формата за регистрация за обучение или да се обадите на телефони: +(359) 885 157 577; +(359) 889 957 577, или да изпратите имейл на адрес: firstname.lastname@example.org .
Допълнително ще получите обаждане от нас за официалната регистрация за обучението и конкретен график на провеждане на занятията.
Студентите, успешно завършили обучението, получават сертификат EC COUNCIL академията.
ATTAINING THE CCISO CREDENTIAL
Exam Title: EC-Council Certified CISO
Exam Code: 712-50
Number of Questions: 150
Duration: 2.5 Hours
Availability: ECC Exam Portal
Test Format: Scenario-based Multiple Choice
Passing Score: Please refer to https://cert.eccouncil.org/faq.html