LMS Settings
Master Class Executive Management Program
Master Class Executive Management Program
CISO is the highest paid job title in cybersecurity. Here at EC-Council Master Class, we’ve developed the most robust and cost-effective training program to help you gain the credentials you need to learn the skills you need to lead as an executive in cyber-security.
Our Executive Management Program combines the industry leading CCISO program with deep dives into risk and project management via our Risk Management Approach and Practice and Certified Project Manager classes. When you combine the unparalleled in-person training you’ll receive in our CCISO class with the ability to study risk and project management in depth on your own time via our on-demand video training, you get a wholistic view of the role of a CISO and how to align your security expertise with the goals of a company.
In addition to the executive management training, our Program includes an annual standing invitation to the Global CISO Forum, EC-Council’s executive conference, to boost your network; a free OhPhish license that enables you to run a phishing simulation to test your company’s user awareness; and a 100-user license of EC-Council’s Certified Secure Computer User class to train any of your users who need it!
The Master Class Package Includes
Certified Chief Information Security Officer (CCISO)
- EC-Council Certified CISO (CCISO) Live Course –
- CCISO Printed Courseware (US courses Only)
- CCISO Certification Exam
- Exam Insurance Program – $500
- CCISO Online Self-Paced Streaming Video Course (1 year access
- Risk Management Approach & Practices
- Automatic invitation and free pass to Global CISO Forum, EC-Council’s annual executive invite-only event – $399
- Cybersecurity *Meet Up Networking Event (Priceless)
Certified Project Manager
- Certified Project Manager (CPM) Online Self-Paced Streaming Video Course
- CPM E-Courseware
- CPM Exam Voucher
- Oh Phish license [One free OhPhish License capable of launching one email phishing simulation campaign for up to 2,000 users and is valid for 3 months after activation. ]
Risk Management Approach & Practices
- Risk Management Approach and Practices Deep Dive Online Self-Paced Streaming Video Course –
- RM E-Courseware
- 20% off Voucher for next course
- Certified Secure Computer User (CSCU) License up to 100 users
About CCISO
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.
In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
Why CCISO?
The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. The job of the CISO is far too important to be learned by trial and error. Executive-level management skills are not areas that should be learned on the job.
Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as the practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
CCISO Domains
Domain 1: Governance and Risk Management
1
1.1. Form of Business Organization
2
1.2. Industry
3
1.3. Organizational Maturity
4
2. Information Security Drivers
5
3. Establishing an information security management structure
6
3.1. Organizational Structure
7
3.2. Where does the CISO fit within the organizational structure
8
3.3. The Executive CISO
9
3.4. Nonexecutive CISO
10
4.Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures
11
5. Managing an enterprise information security compliance program
12
5.1. Security Policy
13
5.1.1. Necessity of a Security Policy
14
5.1.2. Security Policy Challenges
15
5.2. Policy Content
16
5.2.1. Types of Policies
17
5.2.2. Policy Implementation
18
5.3. Reporting Structure
19
5.4. Standards and best practices
20
5.5. Leadership and Ethics
21
5.6. EC-Council Code of Ethics
22
6. Introduction to Risk Management
23
3.1. Organizational Structure
24
3.2. Where does the CISO fit within the organizational structure
25
3.3. The Executive CISO
26
3.4. Nonexecutive CISO
Domain 2: Information Security Controls Compliance and Audit Management
1
1.1. Identifying the Organization’s Information Security Needs
2
1.1.1. Identifying the Optimum Information Security Framework
3
1.1.2. Designing Security Controls
4
1.1.3. Control Lifecycle Management
5
1.1.4. Control Classification
6
1.1.5. Control Selection and Implementation
7
1.1.6. Control Catalog
8
1.1.7. Control Maturity
9
1.1.8. Monitoring Security Controls
10
1.1.9. Remediating Control Deficiencies
11
1.1.10. Maintaining Security Controls
12
1.1.11. Reporting Controls
13
1.1.12. Information Security Service Catalog
14
2. Compliance Management
15
2.1. Acts, Laws, and Statutes
16
2.1.1. FISMA
17
2.2. Regulations
18
2.2.1. GDPR
19
2.3. Standards
20
2.3.1. ASD—Information Security Manual
21
2.3.2. Basel III
22
2.3.3. FFIEC
23
2.3.4. ISO 00 Family of Standards
24
2.3.5. NERC-CIP
25
2.3.6. PCI DSS
26
2.3.7. NIST Special Publications
27
2.3.8. Statement on Standards for Attestation Engagements No. 16 (SSAE 16)
28
3. Guidelines, Good and Best Practices
29
3.1. CIS
30
3.1.1. OWASP
31
4. Audit Management
32
4.1. Audit Expectations and Outcomes
33
4.2. IS Audit Practices
34
4.2.1. ISO/IEC Audit Guidance
35
4.2.2. Internal versus External Audits
36
4.2.3. Partnering with the Audit Organization
37
4.2.4. Audit Process
38
4.2.5. General Audit Standards
39
4.2.6. Compliance-Based Audits
40
4.2.7. Risk-Based Audits
41
4.2.8. Managing and Protecting Audit Documentation
42
4.2.9. Performing an Audit
43
4.2.10. Evaluating Audit Results and Report
44
4.2.11. Remediating Audit Findings
45
4.2.12. Leverage GRC Software to Support Audits
46
5. Summary
Domain 3: Security Program Management & Operations
1
1.1. Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
2
1.1.1. Security Program Charter
3
1.1.2. Security Program Objectives
4
1.1.3. Security Program Requirements
5
1.1.4. Security Program Stakeholders
6
1.1.5. Security Program Strategy Development
7
1.2. Executing an Information Security Program
8
1.3. Defining and Developing, Managing and Monitoring the Information Security Program
9
1.3.1. Defining an Information Security Program Budget
10
1.3.2. Developing an Information Security Program Budget
11
1.3.3. Managing an Information Security Program Budget
12
1.3.4. Monitoring an Information Security Program Budget
13
1.4. Defining and Developing Information Security Program Staffing Requirements
14
1.5. Managing the People of a Security Program
15
1.5.1. Resolving Personnel and Teamwork Issues
16
1.5.2. Managing Training and Certification of Security Team Members
17
1.5.3. Clearly Defined Career Path
18
1.5.4. Designing and Implementing a User Awareness Program
19
1.6. Managing the Architecture and Roadmap of the Security Program
20
1.6.1. Information Security Program Architecture
21
1.6.2. Information Security Program Roadmap
22
1.7. Program Management and Governance
23
1.7.1. Understanding Project Management Practices
24
1.7.2. Identifying and Managing Project Stakeholders
25
1.7.3. Measuring the Effectives of Projects
26
1.8. Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
27
1.9. Data Backup and Recovery
28
1.10. Backup Strategy
29
1.11. ISO BCM Standards
30
1.11.1. Business Continuity Management (BCM)
31
1.11.2. Disaster Recovery Planning (DRP)
32
1.12. Continuity of Security Operations
33
1.12.1. Integrating the Confidentiality, Integrity and Availability (CIA) Model
34
1.13. BCM Plan Testing
35
1.14. DRP Testing
36
1.15. Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
37
1.16. Computer Incident Response
38
1.16.1. Incident Response Tools
39
1.16.2. Incident Response Management
40
1.16.3. Incident Response Communications
41
1.16.4. Post-Incident Analysis
42
1.16.5. Testing Incident Response Procedures
43
1.17. Digital Forensics
44
1.17.1. Crisis Management
45
1.17.2. Digital Forensics Life Cycle
46
2. Operations Management
47
2.1. Establishing and Operating a Security Operations (SecOps) Capability
48
2.2. Security Monitoring and Security Information and Event Management (SIEM)
49
2.3. Event Management
50
2.4. Incident Response Model
51
2.4.1. Developing Specific Incident Response Scenarios
52
2.5. Threat Management
53
2.6. Threat Intelligence
54
2.6.1. Information Sharing and Analysis Centers (ISAC)
55
2.7. Vulnerability Management
56
2.7.1. Vulnerability Assessments
57
2.7.2. Vulnerability Management in Practice
58
2.7.3. Penetration Testing
59
2.7.4. Security Testing Teams
60
2.7.5. Remediation
61
2.8. Threat Hunting
62
3. Summary
Domain 4: Information Security Core Competencies
1
1. Access Control
2
1.1. Authentication, Authorization, and Auditing
3
1.2. Authentication
4
1.3. Authorization
5
1.4. Auditing
6
1.5. User Access Control Restrictions
7
1.6. User Access Behavior Management
8
1.7. Types of Access Control Models
9
1.8. Designing an Access Control Plan
10
1.9. Access Administration
11
2. Physical Security
12
2.1. Designing, Implementing, and Managing Physical Security Program
13
2.1.1. Physical Risk Assessment
14
2.2. Physical Location Considerations
15
2.3. Obstacles and Prevention
16
2.4. Secure Facility Design
17
2.4.1. Security Operations Center
18
2.4.2. Sensitive Compartmented Information Facility
19
2.4.3. Digital Forensics Lab
20
2.4.4. Datacenter
21
2.5. Preparing for Physical Security Audits
22
3. Network Security
23
3.1. Network Security Assessments and Planning
24
3.2. Network Security Architecture Challenges
25
3.3. Network Security Design
26
3.4. Network Standards, Protocols, and Controls
27
3.4.1. Network Security Standards
28
3.4.2. Protocols
29
4. Certified Chief
30
4.1.1. Network Security Controls
31
4.2. Wireless (Wi-Fi) Security
32
4.2.1. Wireless Risks
33
4.2.2. Wireless Controls
34
4.3. Voice over IP Security
35
5. Endpoint Protection
36
5.1. Endpoint Threats
37
5.2. Endpoint Vulnerabilities
38
5.3. End User Security Awareness
39
5.4. Endpoint Device Hardening
40
5.5. Endpoint Device Logging
41
5.6. Mobile Device Security
42
5.6.1. Mobile Device Risks
43
5.6.2. Mobile Device Security Controls
44
5.7. Internet of Things Security (IoT)
45
5.7.1. Protecting IoT Devices
46
6. Application Security
47
6.1. Secure SDLC Model
48
6.2. Separation of Development, Test, and Production Environments
49
6.3. Application Security Testing Approaches
50
6.4. DevSecOps
51
6.5. Waterfall Methodology and Security
52
6.6. Agile Methodology and Security
53
6.7. Other Application Development Approaches
54
6.8. Application Hardening
55
6.9. Application Security Technologies
56
6.10. Version Control and Patch Management
57
6.11. Database Security
58
6.12. Database Hardening
59
6.13. Secure Coding Practices
60
7. Encryption Technologies
61
7.1. Encryption and Decryption
62
7.2. Cryptosystems
63
7.2.1. Blockchain
64
7.2.2. Digital Signatures and Certificates
65
7.2.3. PKI
66
7.2.4. Key Management
67
7.3. Hashing
68
7.4. Encryption Algorithms
69
7.5. Encryption Strategy Development
70
7.5.1. Determining Critical Data Location and Type
71
7.5.2. Deciding What to Encrypt
72
7.5.3. Determining Encryption Requirements
73
7.5.4. Selecting, Integrating, and Managing Encryption Technologies
74
8. Virtualization Security
75
8.1. Virtualization Overview
76
8.2. Virtualization Risks
77
8.3. Virtualization Security Concerns
78
8.4. Virtualization Security Controls
79
8.5. Virtualization Security Reference Model
80
9. Cloud Computing Security
81
9.1. Overview of Cloud Computing
82
9.2. Security and Resiliency Cloud Services
83
9.3. Cloud Security Concerns
84
9.4. Cloud Security Controls
85
9.5. Cloud Computing Protection Considerations
86
10. Transformative Technologies
87
10.1. Artificial Intelligence
88
10.2. Augmented Reality
89
10.3. Autonomous SOC
90
10.4. Dynamic Deception
91
10.5. Software-Defined Cybersecurity
92
11. Summary
Domain 5: Strategic Planning
Finance
Procurement and Vendor Management
1
1. Strategic Planning
2
1.1. Understanding the Organization
3
1.1.1. Understanding the Business Structure
4
1.1.2. Determining and Aligning Business and Information Security Goals
5
1.1.3. Identifying Key Sponsors, Stakeholders, and Influencers
6
1.1.4. Understanding Organizational Financials
7
1.2. Creating an Information Security Strategic Plan
8
1.2.1. Strategic Planning Basics
9
1.2.2. Alignment to Organizational Strategy and Goals
10
1.2.3. Defining Tactical Short, Medium, and Long-Term Information Security Goals
11
1.2.4. Information Security Strategy Communication
12
1.2.5. Creating a Culture of Security
13
2. Designing, Developing, and Maintaining an Enterprise Information Security Program
14
2.1. Ensuring a Sound Program Foundation
15
2.2. Architectural Views
16
2.3. Creating Measurements and Metrics
17
2.4. Balanced Scorecard
18
2.5. Continuous Monitoring and Reporting Outcomes
19
2.6. Continuous Improvement
20
2.7. Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)
21
3. Understanding the Enterprise Architecture (EA)
22
3.1. EA Types
23
3.1.1. The Zachman Framework
24
3.1.2. The Open Group Architecture Framework (TOGAF)
25
3.1.3. Sherwood Applied Business Security Architecture (SABSA)
26
3.1.4. Federal Enterprise Architecture Framework (FEAF)
27
4. Finance
28
4.1. Understanding Security Program Funding
29
4.2. Analyzing, Forecasting, and Developing a Security Budget
30
4.2.1. Resource Requirements
31
4.2.2. Define Financial Metrics
32
4.2.3. Technology Refresh
33
4.2.4. New Project Funding
34
4.2.5. Contingency Funding
35
4.3. Managing the information Security Budget
36
4.3.1. Obtain Financial Resources
37
4.3.2. Allocate Financial Resources
38
4.3.3. Monitor and Oversight of Information Security Budget
39
4.3.4. Report Metrics to Sponsors and Stakeholders
40
4.3.5. Balancing the Information Security Budget
41
5. Procurement
42
5.1. Procurement Program Terms and Concepts
43
5.1.1. Statement of Objectives (SOO)
44
5.1.2. Statement of Work (SOW)
45
5.1.3. Total Cost of Ownership (TCO)
46
5.1.4. Request for Information (RFI)
47
5.1.5. Request for Proposal (RFP)
48
5.1.6. Master Service Agreement (MSA)
49
5.1.7. Service Level Agreement (SLA)
50
5.1.8. Terms and Conditions (T&C)
51
5.2. Understanding the Organization’s Procurement Program
52
5.2.1. Internal Policies, Processes, and Requirements
53
5.2.2. External or Regulatory Requirements
54
5.2.3. Local Versus Global Requirements
55
5.3. Procurement Risk Management
56
5.3.1. Standard Contract Language
57
6. Vendor Management
58
6.1. Understanding the Organization’s Acquisition Policies and Procedures
59
6.1.1. Procurement Life cycle
60
6.2. Applying Cost-Benefit Analysis (CBA) During the Procurement Process5
61
6.3. Vendor Management Policies
62
6.4. Contract Administration Policies
63
6.4.1. Service and Contract Delivery Metrics
64
6.4.2. Contract Delivery Reporting
65
6.4.3. Change Requests
66
6.4.4. Contract Renewal
67
6.4.5. Contract Closure
68
6.5. Delivery Assurance
69
6.5.1. Validation of Meeting Contractual Requirements
70
6.5.2. Formal Delivery Audits
71
6.5.3. Periodic Random Delivery Audits
72
6.5.4. Third-Party Attestation Services (TPRM)
73
7. Summary
Be the first to add a review.
Please, login to leave a review
Related Courses
New
EC-Council
Master Class Penetration Tester Program EC-Council’s Certified Penetration Tester program is all about the pen test and will teach you to perform i...
Add to Wishlist
$1,100
$899
Special
Master Class Certified Ethical Hacker Program The Certified Ethical Hacker certification is one of the most sought-after cybersecurity certificatio...
Add to Wishlist
$1,800
$1,500
Special
Master Class Incident Handler and Response Program This program was designed for Cybersecurity Professionals interested in pursuing Incident Handli...
Add to Wishlist
$1,500
$1,200
