02
CISO Roles (CR)
Information System Security Engineering:
Security By Design; NIST Cyber Security Framework and NCSA Organizational Cybersecurity Framework; Embedding Principles into System Architecture; Security Policies; Security Models; Defining Security Requirements (via Goals, RFP, RFI); Evaluation Criterias.
Cyber Security Risk Management Framework I + II:
Planning for Risk Management; Identifying Risks; Qualitative Risk Analysis vs. Quantitative Risks Analysis; Planning Risk Responses and Controlling Risks.
Elaborating on Terminology: Threat agents, Threat, Vulnerability, Risk, Asset, Exposure and Controls.
Cyber Security as a Process:
Introduction to Processes; Security Management as a Business Process; Discussing Security Maturity; Evaluating a Security Process Maturity (CMMI); Security Process Catalogue.
Security Metrics:
Why do we need metrics? Everything is measurable,
Why Security Metrics? Definitions, Building security Metrics
Categories of Security Metrics, How can metrics work for you?
Business Continuity Management and Data Recovery Processes:
Introducing concepts of BCP/BCM and DRP; Establishment of Business Continuity Planning and Disaster Recovery Including Business Impact Analysis, Recovery Strategy, Plan Testing and Maintenance.
Data Leakage Prevention Process:
Introduction to Data Leakage Prevention; Implementing and Maintaining DLP Organizational-Wide; Discussing Aspects of DLP Process Management.
Communication and Awareness:
Communication and Awareness; Cyber Security Training; Embedding Cyber Security into the Organizational Culture.
Cybersecurity Projects Management:
Project Management, but from a Cybersecurity Perspective; Discussing issues of Resource Allocation, Budgeting, Time Management, Setting Expectations of Progress and Outcomes.
Cyber Security in Real Life:
Bringing Everything Together; Discussing Real Life Aspects of Cyber Security; Practical Walkthrough of Real Scenarios of the CISO Role.
Introduction to Supply Chain:
The supply chain is one of the weakest areas in information security. In this lesson we will learn about all the processes that must be performed in securing information against the supply chain.
CISO Role Seminar:
CISO Students Lead a Self-Study Seminar - in matters of the CISO roles and Cybersecurity governance (Topics will be provided 3 weeks in advance).