ואצאפ
Syllabus Executive CISO

Executive cyllabus CISO

  1. Introduction to Cyber Security:
    CISO Course Pedagogical Introduction (Administration, Requirements, Responsibilities); Recent Cyber Breaches and Incidents; Basic Terminology; Security Concepts; Risk-Based Approach; Introduction to Cybersecurity Management
  2. Security by Design:
    Enforcing Security by Design; Cybersecurity Principles; Cybersecurity Controls.
  3. Network Security - Firewalls and IDS/IPS:
    Intro to Firewall Concepts; FW Capabilities and Features; Types of FW (OSI Oriented); Packet Filtering, Stateful Inspection, Proxy Gateways; UTMs; Introduction to Next Generation; Introduction to IDS and IPS; IDPS Techniques and Methods.
  4. Introduction to Cloud Computing and Security:
    Module 1: Fundamentals of Cloud Computing; Definitions; Architectures; Role of Virtualization; Service Models; 
    Module 2: Cloud Components, Networks, Management Interfaces and Administrator Credentials.
  5. IOT Security:
    Introduction to IOT; Concepts; Examples and Discussions Regarding IOT and Cyber; Incorporating IOT into the Organizational Culture and Implications on Cyber Architecture.
  6. SCADA Security:
    Introduction to ICS/SCADA Security; SCADA Terminology and Concepts; Introducing OT vs. IT and relevant Defensive Measures; Introduction to Standards and relevant Compliance.
  7. Integrated Technological Architecture:
    Putting Everything Together (System and Network); Use Cases and Scenarios Discussion; Fitting a Holistic Solution.
  8. Offensive Cyber Introduction:
    Introduction & Overview to Offensive Cyber Security, entering the world of hacking. The who and why.
  9. Introduction to Incident Response:
    Triad of Security Operations Center: People, Process and Technology. Intro to Incident Response Plan. How to handle security incident based on the six key phases of an Incident Response Plan. The importance of Incident Response and who is response for Incident Response. SOC Duties and Training.
  10. Introduction to Methodology (GOV and CR):
    What is Governance, What is Regulations; How is Cybersecurity Management Affected by Governance and Regulation; Introduction ISO, NIST and INCB.
    CISO Role: The Need for Business Alignment; Introducing Processes, Life Cycles and Frameworks; Introduction Security Architecture by Secure Design.
  11. Cyber Laws:
    Relevant and Applicable Laws and Regulations; National and International Cyber Laws and Legal Cases; Discussing the Need for Compliance and Regulations; Introducing Use Cases.
  12. Governance (Corporate, IT, Security):
    What is Strategy: Corporate Strategy, InfoSec Positioning, Risk Modeling, Contextual InfoSec, Conceptual InfoSec, Creating a Strategic Plan.
  13. Cyber Compliance:
    Discussing Cyber Compliances; Various Industries Compliances (Health, Finance / Banking, Credit, Insurance); PCI, SOX, Bank of Israel Directive 357 and 361, Regulator of Insurance Directive.
  14. Security Policies and Procedures:
    The Need for an Organizational Cybersecurity Policy; Creating a Policy Document; Importance of Executive Management Support; Elaborating on Policies, Standards, Procedures.
  15. Information System Security Engineering:
    Security By Design; NIST Cyber Security Framework and NCSA Organizational Cybersecurity Framework; Embedding Principles into System Architecture; Security Policies; Security Models; Defining Security Requirements (via Goals, RFP, RFI); Evaluation Criteria.
  16. Cyber Security Risk Management Framework:
    Planning for Risk Management; Identifying Risks; Qualitative Risk Analysis vs. Quantitative Risks Analysis; Planning Risk Responses and Controlling Risks.
  17. Cyber Security as a Process:
    Introduction to Processes; Security Management as a Business Process; Discussing Security Maturity; Evaluating a Security Process Maturity (CMMI); Security Process Catalogue.
  18. Business Continuity Management and Data Recovery Processes:
    Introducing concepts of BCP/BCM and DRP; Establishment of Business Continuity Planning and Disaster Recovery Including Business Impact Analysis, Recovery Strategy, Plan Testing and Maintenance.
  19. Communication and Awareness:
    Communication and Awareness; Cyber Security Training; Embedding Cyber Security into the Organizational Culture.
  20. Cybersecurity Projects Management:
    Project Management, but from a Cybersecurity Perspective; Discussing issues of Resource Allocation, Budgeting, Time Management, Setting Expectations of Progress and Outcomes.
  21. Introduction to Supply Chain:
    The supply chain is one of the weakest areas in information security. We will learn about all the processes that must be performed in securing information against the supply chain.
  22. Cyber Security in Real Life:
    Bringing Everything Together; Discussing Real Life Aspects of Cyber Security; Practical Walkthrough of Real Scenarios of the CISO Role.
  23. Metrics
  24. EXERCISE I:
    INCIDENT RESPONSE C-Level Brainstorming.
  25. EXERCISE II:
    INCIDENT RESPONSE C-Level Brainstorming (Cont.).