Chief Information Security Officer (CISO)
Book online today or call us at +49 7031 2024742 if you need help selecting the right course or want to discuss corporate discounts.
On-site
Prices from
€ 3.490
+UmSt
Duration:
5 days
Level:
Einsteiger
Code:
CISO
CPEs:
38
What is included: Exam included, online exam voucher
Book Now
Overview
A Chief Information Security Officer bears the overall responsibility for information security in a company.
In our 5-day intensive course, you will learn to understand the role and responsibilities of a CISO in the context of corporate governance, to manage information security at a larger scale and across departments, and thus to manage requirements and risks organization-wide.
This includes not only the technical possibilities of information exchange but also, among other things, the ability to develop complex relationships to protect one’s own business information and to conduct comprehensive and effective risk analyses and assessments according to BSI standard 200-3.
Requirements
Successful participation in the Information Security Officer course is required, as well as 3 years of professional experience in the area of Security Officer is recommended. Knowledge and expertise in the area of information security management principles and information security terms of ISO/IEC 27001 should definitely be present.
Target group
The course is aimed particularly at IT security officers, data protection officers, IT managers, and consultants
Training plan
Information Security Governance
Information Security Concepts
Defining, implementing, managing, and maintaining an information security governance program
Drivers of information security
Establishing an information security management structure
Methods for integrating information security into corporate governance.
Best practices for promoting information security within the organization.
Setting levels and expectations for information security in the organization.
Areas of governance (e.g., risk management, data classification management, network security, system access).
Centralized and decentralized approaches for coordinating information security.
Legislation/regulations/standards as drivers for organizational policies/standards/procedures
Managing a corporate information security compliance program.
Function and content of essential elements of an information security program (e.g., policy statements, procedures, and guidelines)
ISMS Risk Management, Controls & Measures, and Audit Management
Information Security Assets Management
Information Security Risk Management
Risk Management Frameworks
ISO 27005
BIS 200-3
NIST Risk Management Framework
Other frameworks and guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
Principles and practices of lifecycle-based risk management
Information Security Controls
Compliance Management
Policies & Best Practices
Audit Management
Security Incident Management under the responsibility of the CISO
Assessing and steering the ISMS based on KPIs and internal control processes/systems
Strategic steering of PDCA / KVP
Information Security Program Management
Methods for developing an implementation plan that meets the security requirements identified in the risk analysis
Methods and techniques for project management
The components of an information security governance framework to integrate security principles, practices, management, and awareness into all aspects and levels of the organization
Security policies and configuration management in the design and management of business applications and infrastructure
Information security architectures: (e.g., Zero Trust, single sign-on, rule-based vs. list-based system access control for systems, limited system administration points)
Information security technologies (e.g., encryption techniques and digital signatures to enable management to choose appropriate control measures)
Security procedures and policies for business processes and infrastructure activities System development lifecycle methodologies (e.g., traditional SDLC, prototyping)
Planning, executing, reporting, and following up on security tests
Certification and accreditation of the compliance of business applications and infrastructure with the company's information security governance framework
Types, benefits, and costs of physical, administrative, and technical controls
Planning, design, development, review, and implementation of information security requirements into the business processes of a company
Design, development, and implementation of security metrics systems
Methods and techniques for acquisition management (e.g., assessing vendor performance outcome agreements, preparing contracts)
Information Security Management
Implementation of information security approaches into operational applications
Information security management processes and procedures
Methods for managing the implementation of the company's information security program by third parties, including trading partners and security service providers
Continuous monitoring of security activities in the infrastructure and the business applications of the company
Methods for managing the success/failure of information security investments through data collection and periodic review of key performance indicators
Change and configuration management activities
Due diligence activities of information security management and infrastructure reviews
Coordination activities with internal/external insurance providers conducting information security audits
Due diligence activities, audits, and associated standards for management and control of access to information resources
External vulnerability reporting sources that provide information that may necessitate changes in the information security of applications and infrastructure
Events that affect security baselines and necessitate risk assessments, as well as changes to information security requirements in security plans, test plans, and reperformance needed information security issue management practices
Information Security Managers take on roles as change agents, trainers, and consultants
The way culture and cultural differences influence employee behavior
The activities that can change the culture and behavior of employees
Methods and techniques for training and educating security awareness
Technologies, Threats, and Response Management in Information Security
Current threats and risks to IT security from a strategic perspective
Overview of security technologies
Information Security Management vs. IT Service Management – Management Decisions
Response Management
Certification
DEKRA Exam CISO - Chief Information Security Officer
Duration: 90 minutes
Format: Multiple Choice and open questions
Languages: German
The ISO 27000 series of standards is permitted as an aid.
Your benefits
Schönbrunn TASC is a DEKRA accredited training organization (ATO). This means that you have access to official DEKRA course materials and can take your CISO exam during the course at the Schönbrunn TASC training center. If you do not pass the exam on the first attempt (which we do not anticipate), our performance guarantee covers this – this means you can train for free the second time.
You learn in small groups (max. 10 participants/course)
in-house modern training room and testing center in a distraction-free, quiet atmosphere (PSI/ Pearson Vue/ EC Council/ Kryterion)
Experienced, constantly trained instructors guide you through the course
You receive comprehensive training materials, manuals, and case studies for self-study
Interactive discussions and group work assist you in application
A small breakfast, lunch, snacks, and drinks are provided throughout the day
Hotel recommendations near the training and testing center
Taking the exam at the Schönbrunn TASC testing center is possible afterwards**
Institute
Appointments
Similar courses
Certified in the Governance of Enterprise IT® (CGEIT®)
Certified in Risk and Information Systems Control® (CRISC®)
