1 – DOMAIN 1 – GOVERNANCE (POLICY, LEGAL, AND COMPLIANCE)
- Information Security Management Program
- Defining an Information Security Governance Program
- Regulatory and Legal Compliance
- Risk Management
2 – IS MANAGEMENT CONTROLS AND AUDITING MANAGEMENT
- Designing, deploying, and managing security controls
- Understanding security controls types and objectives
- Implementing control assurance frameworks
- Understanding the audit management process
3 – DOMAIN 3 OF THE C|CISO PROGRAM COVERS THE DAY-TO-DAY RESPONSIBILITIES OF A CISO, INCLUDING
- The role of the CISO
- Information Security Projects
- Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
4 – DOMAIN 4 OF THE CCISO PROGRAM COVERS, FROM AN EXECUTIVE PERSPECTIVE, THE TECHNICAL ASPECTS OF THE CISO JOB INCLUDING:
- Access Controls
- Physical Security
- Disaster Recovery and Business Continuity Planning
- Network Security
- Threat and Vulnerability Management
- Application Security
- System Security
- Encryption
- Vulnerability Assessments and Penetration Testing
- Computer Forensics and Incident Response
5 – DOMAIN 5 OF THE CCISO PROGRAM IS CONCERNED WITH THE AREA WITH WHICH MANY MORE TECHNICALLY INCLINED PROFESSIONALS MAY HAVE THE LEAST EXPERIENCE, INCLUDING:
- Security Strategic Planning
- Alignment with business goals and risk tolerance
- Security emerging trends
- Key Performance Indicators (KPI)
- Financial Planning
- Development of business cases for security
- Analyzing, forecasting, and developing a capital expense budget
- Analyzing, forecasting, and developing an operating expense budget
- Return on Investment (ROI) and cost-benefit analysis
- Vendor management
- Integrating security requirements into the contractual agreement and procurement process
- Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
