In this course, you will go through all 5 CCISO Domains:

Domain 1: Governance (Policy, Legal & Compliance)

• The first Domain of the C|CISO program is concerned with the following:
• Information Security Management Program
• Defining an Information Security Governance Program
• Regulatory and Legal Compliance
• Risk Management

Domain 2 -­‐ IS Management Controls and Auditing Management

• Designing, deploying, and managing security controls
• Understanding security controls types and objectives
• Implementing control assurance frameworks
• Understanding the audit management process.

Domain 3 of the C|CISO program covers the day-­‐to-­‐day responsibilities of a CISO, including:

• The role of the CISO
• Information Security Projects
• Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)

Domain 4 of the CCISO program covers, from an executive perspective, the technical aspects of the CISO job including:

• Access Controls
• Physical Security
• Disaster Recovery and Business Continuity Planning
• Network Security
• Threat and Vulnerability Management
• Application Security
• System Security
• Encryption
• Vulnerability Assessments and Penetration Testing
• Computer Forensics and Incident Response

Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:

• Security Strategic Planning
• Alignment with business goals and risk tolerance
• Security emerging trends
• Key Performance Indicators (KPI)
• Financial Planning
• Development of business cases for security
• Analyzing, forecasting, and developing a capital expense budget
• Analyzing, forecasting, and developing an operating expense budget
• Return on Investment (ROI) and cost-benefit analysis
• Vendor management
• Integrating security requirements into the contractual agreement and procurement process