Ec-council | Learning

Define, implement, manage and maintain an information security governance program

1. Form of enterprise organisation
2. Sector of activity
3. Organizational maturity

Information security drivers

Establish an information security management structure

1. Organizational structure
2. Position of ISOC in the organisational structure
3. Executive ISOC
4. Non-executive ISOC

Laws, regulations and standards as drivers of policy, standards and procedures

Managing an Information Security Compliance Program

Security policy

1. Need for a security policy
2. Security policy challenges

Policy content

1. Types of policies
2. Policy implementation

Reporting structure

Standards and best practices

Leadership and ethics

Code of Ethics EC-Council

Introduction to Risk Management

1. Organizational structure
2. Position of ISOC in the organisational structure
3. Executive ISOC
4. Non-executive ISOC

Information security controls

Identify the organization's information security needs

1. Identify optimal framework
2. Designing controls
3. Control life cycle management
4. Classification of controls
5. Selection and implementation
6. Catalogue of controls
7. Maturity of controls
8. Monitoring of controls
9. Correction of deficiencies
10. Maintenance of controls
11. Report on controls
12. Security Service Catalogue

Compliance management

Laws, regulations and statutes

1. FISMA

Regulations

1. GDPR

Standards

1. ASD — Safety Manual
2. Basel III
3. FFIEC
4. ISO 00 family
5. NERC-CIP
6. PCI DSS
7. Special publications NIST
8. SSAE 16

Guidelines and good practices

CIS

1. OWASP

Audit management

Expectations and results

Security audit practices

1. ISO/IEC Guide
2. Internal vs. external audits
3. Collaboration with the audit
4. Audit process
5. General standards
6. Compliance-based audits
7. Risk-based audits
8. Documentation management
9. Audit performance
10. Evaluation and report
11. Correction of findings
12. Use of RCMP software

Executive summary

Programme management

Define a charter, objectives, requirements, stakeholders and strategies

1. Programme Charter
2. Objectives
3. Requirements
4. Stakeholders
5. Strategy development

Implementation of a safety programme

Define, develop, manage and monitor the program

1. Define budget
2. Developing the budget
3. Managing the budget
4. Monitoring the budget

Defining and developing personnel needs

Team management

1. Resolution of personnel problems
2. Training and certification
3. Career paths
4. User awareness

Architecture and Roadmap Management

1. Programme architecture
2. Road map

Project management and governance

1. Project management practices
2. Stakeholder management
3. Measuring project effectiveness

Business Continuity Management (BCM) and DRP Planning

Data backup and recovery

Safeguard strategy

BCM ISO standards

1. BCM
2. DRP

Security continuity

1. Integration of the CIA model

BCM Plan Test

DRP test

Contingency planning and testing programs to mitigate risks and comply with ALS

Response to computer incidents

1. Incident Response Tools
2. Incident management
3. Incident Communication
4. Post-incident analysis
5. Test of response procedures

Digital Criminalistics

1. Crisis management
2. Life cycle of forensics

Executive summary

Access control

1. Authentication, authorization and audit
2. Authentication
3. Authorization
4. Audit
5. User access restrictions
6. Access behaviour management
7. Types of control models
8. Development of a control plan
9. Access administration

Physical security

Design, implement and manage a physical security program

1. Physical Risk Assessment
2. Location considerations
3. Obstacles and prevention

Design of secure installations

1. Security Operations Centre
2. Classified Information Room
3. Forensics Laboratory
4. Data centre

5. Preparation for physical security audits

Network security

1. Network Security Assessments and Planning
2. Network architecture challenges
3. Network Security Design

Standards, protocols and controls

1. Network safety standards
2. Protocols

Wireless security (Wi-Fi)

1. Network security controls

Terminal security

1. Threats to terminals
2. Terminal vulnerabilities
3. User awareness
4. Strengthening of mechanisms
5. Journalization of devices

Security of mobile devices

1. Mobile risks
2. Mobile controls

Internet of Things (IoT) Security

1. Protection of IoT devices

Application Security

1. Secure SDLC model
2. Separation of environments (dev, test, prod)
3. Safety test approaches
4. DevSecOps
5. Waterfall methodology and safety
6. Agile and safety methodology
7. Alternative approaches to development
8. Strengthening applications
9. Application Security Technologies
10. Version Management and Updates
11. Database security
12. Strengthening databases
13. Good Secure Coding Practices

Encryption technologies

1. Encryption and decryption

Cryptosystems

1. Blockchain
2. Digital signatures and certificates
3. PKI
4. Key Management

7. Hashish
8. Encryption algorithms

Encryption strategy

1. Identification of critical data
2. Deciding what to encrypt
3. Define requirements
4. Technology selection and management

Virtualization security

1. Overview of virtualization
2. Risks of virtualization
3. Safety issues
4. Controls for virtualization
5. Reference model

Cloud computing security

1. Cloud overview
2. Cloud security services and resilience
3. Cloud security issues
4. Cloud Security Controls
5. Protection considerations

Transforming technologies

1. Artificial intelligence
2. Increased reality
3. Autonomous SOC
4. Dynamic disappointment
5. Software-defined cybersecurity

Executive summary

Strategic planning

Understanding the Organization

1. Understanding the business structure
2. Defining and aligning trade and security objectives
3. Identify sponsors, stakeholders and influencers
4. Understanding organizational finances

Create a strategic security plan

1. Strategic planning bases
2. Alignment with organizational strategy
3. Setting short, medium and long-term tactical goals
4. Communication of the strategy
5. Creating a safety culture

Design, development and maintenance of a corporate security program

1. Providing a solid foundation for the programme
2. Architectural views
3. Creation of measurements and metrics
4. Balanced Scorecard
5. Ongoing monitoring and reporting
6. Continuous improvement
7. ITIL – Continuous Improvement (CSI)

Understanding Business Architecture (BA)

Types of EA

1. Zachman frame
2. TOGAF
3. SABSA
4. FEAF

Finance

Understanding funding for security programs

Analyze, plan and develop a budget

1. Resource requirements
2. Define financial metrics
3. Technological renewal
4. Financing new projects
5. Contingency fund

Security budget management

1. Getting financial resources
2. Allocate resources
3. Budgetary monitoring and control
4. Reporting to sponsors and stakeholders
5. Balancing Budget

Supply

Procurement Program Concepts and Concepts

1. Declaration of objectives (SOO)
2. Specifications (SOW)
3. Total Cost of Possession (TCO)
4. Request for Information (RFI)
5. Request for Proposal (RFP)
6. Framework contract (MSA)
7. Service Level Agreement (SLA)
8. Terms and conditions (T&C)

Understand the procurement program

1. Internal policies, processes and requirements
2. External or regulatory requirements
3. Local vs. global requirements

Supply Risk Management

1. Standard contractual language

Vendor management

Understanding acquisition policies

1. Supply Life Cycle

Application of cost-benefit analysis (CBA) to procurement

Vendor management policies

Contract administration

1. Service Delivery and Contract Metrics
2. Delivery reports
3. Requests for amendments
4. Renewal
5. Closure of contracts

Delivery insurance

1. Validation of compliance with contractual requirements
2. Formal delivery audits
3. Periodic random audits
4. Third Party Certification Services (TPRM)

Executive summary