Course Outline
1 - Domain 01 - Governance
- Define, Implement, Manage, and Maintain an Information Security Governance Program
- Information Security Drivers
- Establishing an information security management structure
- Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures
- Managing an enterprise information security compliance program
- Risk Management
- Risk mitigation, risk treatment, and acceptable risk
- Risk management frameworks
- NIST
- Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
- Risk management plan implementation
- Ongoing third-party risk management
- Risk management policies and processes
- Conclusion
2 - Domain 2 - Security Risk Management, Controls, & Audit Management
- INFORMATION SECURITY CONTROLS
- COMPLIANCE MANAGEMENT
- GUIDELINES, GOOD AND BEST PRACTICES
- AUDIT MANAGEMENT
- SUMMARY
3 - Domain 03 - Security Program Management and Operations
- PROGRAM MANAGEMENT
- OPERATIONS MANAGEMENT
- Summary
4 - Domain 04 - Information Security Core Concepts
- ACCESS CONTROL
- PHYSICAL SECURITY
- NETWORK SECURITY
- ENDPOINT PROTECTION
- APPLICATION SECURITY
- ENCRYPTION TECHNOLOGIES
- VIRTUALIZATION SECURITY
- CLOUD COMPUTING SECURITY
- TRANSFORMATIVE TECHNOLOGIES
- Summary
5 - Domain 05 - Strategic Planning, Finance, Procurement and Vendor Management
- STRATEGIC PLANNING
- Designing, Developing, and Maintaining an Enterprise Information Security Program
- Understanding the Enterprise Architecture (EA)
- FINANCE
- PROCUREMENT
- VENDOR MANAGEMENT
- Summary
Target Audience
This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems.