Certified Chief Information Security Officer (C|CISO) Certification

Advance your career as a Certified Chief Information Security Officer (C|CISO) by mastering executive-level information security strategies and leadership skills.

Begin Free Trial

Get in Touch With Us

Who will be funding the course?

My employer I will Not sure

Full Name

Phone Number

+44

Company Email

Message (Optional)

Learning Options

Online self paced
Virtual
Onsite

Online Video-Based Learning
Flexible Schedule
Expert Trainers with Industry Experience
High Pass Rates
24/7 Personalised Support
Interactive Learning Materials

Overview

The Certified Chief Information Security Officer (C|CISO) Certification course is designed for professionals aspiring to lead information security programs. It provides in-depth knowledge of governance, risk management, and strategic security planning, critical for senior leadership roles.

Learners will gain expertise in enterprise-level security management, from policy development to incident response. The course covers essential CISO competencies, including regulatory compliance, financial management, and aligning security initiatives with business goals.

This 5-day certification course, delivered by MPES, combines executive-level lectures, real-world case studies, and expert-led workshops. It prepares learners to handle complex security challenges and lead security teams effectively.

Course Objectives

Develop and implement enterprise-wide security policies.
Manage information security governance and compliance frameworks.
Conduct risk assessments and implement risk mitigation strategies.
Align security initiatives with organisational business objectives.
Lead incident response teams and manage security crises.
Oversee enterprise security architecture and technology integration.
Communicate cybersecurity strategies to executive stakeholders.

Upon completion, learners will be equipped to manage and lead comprehensive information security programs, ensuring organisational resilience and compliance.

Average completion time

5 Month

with unlimited support

100% online

Start anytime

Study At Your Own Pace

Course Includes

Course Details

Develop your understanding of essential financial, business and management accounting techniques with ACCA Applied Knowledge. You'll learn basic business and management principles and the skills required of an accountant working in business.

Entry Requirements

Educational Background: A strong background in IT security, risk management, or related fields is recommended.
Professional Experience: At least five years of experience in information security management is required.
Language Proficiency: Proficiency in English is necessary for effective learning and assessment.

Learning Outcomes

Strategic Security Leadership: Lead enterprise-level security programs effectively.
Risk Management Expertise: Conduct thorough risk assessments and implement mitigation plans.
Regulatory Compliance: Ensure compliance with global security standards and regulations.
Incident Response Leadership: Manage and respond to cybersecurity incidents.

Target Audience

The course is ideal for experienced security professionals and IT managers seeking executive-level roles, including:

Chief Information Security Officers (CISOs)
IT Directors and Managers
Security Consultants
Risk and Compliance Officers
Cybersecurity Managers

Course content

Domain 1: Governance and Risk Management

Module 1: Define, Implement, Manage, and Maintain an Information Security Governance Program

Form of Business Organisation
Industry
Organisational Maturity

Module 2: Information Security Drivers

Module 3: Establishing an Information Security Management Structure

Organisational Structure
Where does the CISO fit within the Organisational Structure
The Executive CISO
Nonexecutive CISO

Module 4: Laws/Regulations/Standards as Drivers of Organisational Policy/Standards/Procedures

Module 5: Managing an Enterprise Information Security Compliance Program

Security Policy
Necessity of a Security Policy
Security Policy Challenges
Policy Content
Types of Policies
Policy Implementation
Reporting Structure
Standards and Best Practices
Leadership and Ethics
EC-Council Code of Ethics

Module 6: Introduction to Risk Management

Organisational Structure
Where does the CISO fit within the Organisational Structure
The Executive CISO
Nonexecutive CISO

Domain 2: Information Security Controls, Compliance, and Audit Management

Module 7: Information Security Controls

Identifying the Organisation’s Information Security Needs
Identifying the Optimum Information Security Framework
Designing Security Controls
Control Lifecycle Management
Control Classification
Control Selection and Implementation
Control Catalogue
Control Maturity
Monitoring Security Controls
Remediating Control Deficiencies
Maintaining Security Controls
Reporting Controls
Information Security Service Catalogue

Module 8: Compliance Management

Acts, Laws, and Statutes
FISMA
Regulations
GDPR
Standards
ASD—Information Security Manual
Basel III
FFIEC
ISO 00 Family of Standards
NERC-CIP
PCI DSS
NIST Special Publications
Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

Module 9: Guidelines, Good and Best Practices

CIS
OWASP

Module 10: Audit Management

Audit Expectations and Outcomes
IS Audit Practices
ISO/IEC Audit Guidance
Internal versus External Audits
Partnering with the Audit Organisation
Audit Process
General Audit Standards
Compliance-Based Audits
Risk-Based Audits
Managing and Protecting Audit Documentation
Performing an Audit
Evaluating Audit Results and Report
Remediating Audit Findings
Leverage GRC Software to Support Audits

Domain 3: Security Program Management & Operations

Module 11: Program Management

Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
Security Program Charter
Security Program Objectives
Security Program Requirements
Security Program Stakeholders
Security Program Strategy Development
Executing an Information Security Program
Defining and Developing, Managing and Monitoring the Information Security Program
Defining an Information Security Program Budget
Developing an Information Security Program Budget
Managing an Information Security Program Budget
Monitoring an Information Security Program Budget
Defining and Developing Information Security Program Staffing Requirements
Managing the People of a Security Program
Resolving Personnel and Teamwork Issues
Managing Training and Certification of Security Team Members
Clearly Defined Career Path
Designing and Implementing a User Awareness Program
Managing the Architecture and Roadmap of the Security Program
Information Security Program Architecture
Information Security Program Roadmap
Program Management and Governance
Understanding Project Management Practices
Identifying and Managing Project Stakeholders
Measuring the Effectives of Projects
Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
Data Backup and Recovery
Backup Strategy
ISO BCM Standards
Business Continuity Management (BCM)
Disaster Recovery Planning (DRP)
Continuity of Security Operations
Integrating the Confidentiality, Integrity and Availability (CIA) Model
BCM Plan Testing
DRP Testing
Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
Computer Incident Response
Incident Response Tools
Incident Response Management
Incident Response Communications
Post-Incident Analysis
Testing Incident Response Procedures
Digital Forensics
Crisis Management
Digital Forensics Life Cycle

Module 12: Operations Management

Establishing and Operating a Security Operations (SecOps) Capability
Security Monitoring and Security Information and Event Management (SIEM)
Event Management
Incident Response Model
Developing Specific Incident Response Scenarios
Threat Management
Threat Intelligence
Information Sharing and Analysis Centres (ISAC)
Vulnerability Management
Vulnerability Assessments
Vulnerability Management in Practice
Penetration Testing
Security Testing Teams
Remediation
Threat Hunting

Module 13: Summary

Domain 4: Information Security Core Competencies

Module 14: Access Control

Authentication, Authorisation, and Auditing
Authentication
Authorisation
Auditing
User Access Control Restrictions
User Access Behaviour Management
Types of Access Control Models
Designing an Access Control Plan
Access Administration

Module 15: Physical Security

Designing, Implementing, and Managing Physical Security Program
Physical Risk Assessment
Physical Location Considerations
Obstacles and Prevention
Secure Facility Design
Security Operations Centre
Sensitive Compartmented Information Facility
Digital Forensics Lab
Datacentre
Preparing for Physical Security Audits

Module 16: Network Security

Network Security Assessments and Planning
Network Security Architecture Challenges
Network Security Design
Network Standards, Protocols, and Controls
Network Security Standards
Protocols

Module 17: Certified Chief

Network Security Controls
Wireless (Wi-Fi) Security
Wireless Risks
Wireless Controls
Voice over IP Security

Module 18: Endpoint Protection

Endpoint Threats
Endpoint Vulnerabilities
End User Security Awareness
Endpoint Device Hardening
Endpoint Device Logging
Mobile Device Security
Mobile Device Risks
Mobile Device Security Controls
Internet of Things Security (IoT)
Protecting IoT Devices

Module 19: Application Security

Secure SDLC Model
Separation of Development, Test, and Production Environments
Application Security Testing Approaches
DevSecOps
Waterfall Methodology and Security
Agile Methodology and Security
Other Application Development Approaches
Application Hardening
Application Security Technologies
Version Control and Patch Management
Database Security
Database Hardening
Secure Coding Practices

Module 20: Encryption Technologies

Encryption and Decryption
Cryptosystems
Blockchain
Digital Signatures and Certificates
PKI
Key Management
Hashing
Encryption Algorithms
Encryption Strategy Development
Determining Critical Data Location and Type
Deciding What to Encrypt
Determining Encryption Requirements
Selecting, Integrating, and Managing Encryption Technologies

Module 21: Virtualisation Security

Virtualisation Overview
Virtualisation Risks
Virtualisation Security Concerns
Virtualisation Security Controls
Virtualisation Security Reference Model

Module 22: Cloud Computing Security

Overview of Cloud Computing
Security and Resiliency Cloud Services
Cloud Security Concerns
Cloud Security Controls
Cloud Computing Protection Considerations

Module 23: Transformative Technologies

Artificial Intelligence
Augmented Reality
Autonomous SOC
Dynamic Deception
Software-Defined Cybersecurity

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

Module 24: Strategic Planning

Understanding the Organisation
Understanding the Business Structure
Determining and Aligning Business and Information Security Goals
Identifying Key Sponsors, Stakeholders, and Influencers
Understanding Organisational Financials
Creating an Information Security Strategic Plan
Strategic Planning Basics
Alignment to Organisational Strategy and Goals
Defining Tactical Short, Medium, and Long-Term Information Security Goals
Information Security Strategy Communication
Creating a Culture of Security

Module 25: Designing, Developing, and Maintaining an Enterprise Information Security Program

Ensuring a Sound Program Foundation
Architectural Views
Creating Measurements and Metrics
Balanced Scorecard
Continuous Monitoring and Reporting Outcomes
Continuous Improvement
Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)

Module 26: Understanding the Enterprise Architecture (EA)

EA Types
The Zachman Framework
The Open Group Architecture Framework (TOGAF)
Sherwood Applied Business Security Architecture (SABSA)
Federal Enterprise Architecture Framework (FEAF)

Module 27: Finance

Understanding Security Program Funding
Analysing, Forecasting, and Developing a Security Budget
Resource Requirements
Define Financial Metrics
Technology Refresh
New Project Funding
Contingency Funding
Managing the information Security Budget
Obtain Financial Resources
Allocate Financial Resources
Monitor and Oversight of Information Security Budget
Report Metrics to Sponsors and Stakeholders
Balancing the Information Security Budget

Module 28: Procurement

Procurement Program Terms and Concepts
Statement of Objectives (SOO)
Statement of Work (SOW)
Total Cost of Ownership (TCO)
Request for Information (RFI)
Request for Proposal (RFP)
Master Service Agreement (MSA)
Service Level Agreement (SLA)
Terms and Conditions (T&C)
Understanding the Organisation’s Procurement Program
Internal Policies, Processes, and Requirements
External or Regulatory Requirements
Local Versus Global Requirements
Procurement Risk Management
Standard Contract Language

Module 29: Vendor Management

Understanding the Organisation’s Acquisition Policies and Procedures
Procurement Life cycle
Applying Cost-Benefit Analysis (CBA) During the Procurement Process
Vendor Management Policies
Contract Administration Policies
Service and Contract Delivery Metrics
Contract Delivery Reporting
Change Requests
Contract Renewal
Contract Closure
Delivery Assurance
Validation of Meeting Contractual Requirements
Formal Delivery Audits
Periodic Random Delivery Audits
Third-Party Attestation Services (TPRM)

MPES Support That Helps You Succeed

At MPES, we offer comprehensive support to help you succeed in your studies. With expert guidance and valuable resources, we help you stay on track throughout your course.

MPES Learning offers dedicated support to help you succeed in Accounting and Finance courses.
Get expert guidance from tutors available online to assist with your studies.
Check your eligibility for exemptions with the relevant professional body before starting.
Our supportive team is here to offer study advice and support throughout your course.
Access a range of materials to help enhance your learning experience. These resources include practice exercises and additional reading to support your progress.

Career Growth Stories

Discover how MPES Learning transforms careers with real success stories.

George Evans

The Financial Risk Management Course at MPES was invaluable in deepening my understanding of risk assessment and mitigation strategies. The hands-on learning approach allowed me to apply new concepts directly to my work. I highly recommend it for professionals in finance.

George Evans

Risk Manager

James Robinson

As a financial consultant, I am always seeking ways to enhance my expertise. The Investment Analysis Course at MPES exceeded my expectations, offering practical skills and knowledge that I can apply immediately in my consulting work. It's an outstanding choice for professionals in finance.

James Robinson

Financial Consultant

Laura Bennett

The Corporate Finance Course I attended at MPES was transformative. The depth of knowledge shared by the instructors and the relevance of the topics covered have directly impacted on our financial strategy. I strongly endorse this program for anyone in a leadership position in finance.

Laura Bennett

Chief Financial Officer

Emma Johnson

The Financial Modeling and Valuation Course at MPES was incredibly insightful. The practical applications and real-world examples helped solidify my understanding of complex concepts. I highly recommend this course to anyone looking to enhance their financial acumen.

Emma Johnson

Financial Analyst

Arvy Pasanting

As a qualified accountant, studying at MPES has been a very rewarding experience. Its team of passionate and dedicated mentors gave me the confidence and knowledge I needed to not just excel at my current role as an auditor, but also inspired me to expand my horizons.

Arvy Pasanting

Audit Senior (incoming Reconciliations Manager)

David Ford

I was recommended MPES after searching for a way to pursue a career in the accounting profession, I have studied with them throughout my journey utilising both their “in class” and online learning opportunities that fit around the needs of my employer, I have found them to be consummate professionals delivering first class accounting courses with support always available.

David Ford

Accountant

Aaron Allcote

As a finance officer, MPES has been a huge help in understanding the process of recording and processing transactions from all different perspectives. The courses are very easy to follow, and the training they provide can be applied to real-life scenarios. The courses have been a huge help for me, and I would highly recommend them.

Aaron Allcote

Finance Officer

Bob Beaumont

I completed all of my ACA studies with MPES and I think you would struggle to find a better training provider anywhere in the British Isles. MPES' tutors are excellent both at delivering training and giving individualised feedback and coaching. the supporting materials and the out of class support are also great.

Bob Beaumont

Senior Accountant

George Evans

George Evans

Risk Manager

James Robinson

James Robinson

Financial Consultant

Laura Bennett

Laura Bennett

Chief Financial Officer

Emma Johnson

Emma Johnson

Financial Analyst

Arvy Pasanting

Arvy Pasanting

Audit Senior (incoming Reconciliations Manager)

David Ford

David Ford

Accountant

Aaron Allcote

Aaron Allcote

Finance Officer

Bob Beaumont

Bob Beaumont

Senior Accountant

Have Questions? We’ve Got You

If you have any questions, we’re here to help. Find the answers you need in the MPES detailed FAQ section.

Q. What is the primary objective of the course?

The course aims to develop leadership skills and executive-level knowledge in information security management, enabling learners to lead security programs effectively.

Q. Who should attend this course?

This course is suitable for IT managers, senior security professionals, and aspiring CISOs looking to advance their careers in cybersecurity leadership.

Q. What will I learn in this course?

Learners will master executive-level information security management, governance, compliance, incident response, and strategic risk management.

Q. How will this course benefit my organisation?

Organisations will benefit from having a qualified CISO who can lead security initiatives, ensure compliance, and align cybersecurity strategies with business goals.

Q. How does this course contribute to career growth?

The certification demonstrates strategic leadership in cybersecurity, qualifying learners for senior management roles such as CISO, IT Director, or Security Consultant.

Related Courses

Explore additional courses designed to complement your learning journey and enhance your professional skills. Expand your knowledge with these expertly curated options tailored to your career goals.

Certified Penetration Testing Professional (CPTP) Certification Course Go To Course

Computer Hacking Forensic Investigator (CHFI) Certification Go To Course

Certified Cloud Security Engineer Certification Go To Course

Certified Network Defender (CND) Certification Go To Course

Certified DevSecOps Engineer Certification Go To Course

Maria Thompson

04-Dec-2024

Read Blog