Governance & Risk

Chief Information Security Officer (CISO)

A Chief Information Security Officer combines the overall responsibility for information security in a company.

In our 5-day intensive course, you will learn to understand the role and responsibilities of a CISO in the context of corporate management, to manage information security at a larger level and across divisions, and thus to manage requirements and risks across the organization.

This includes not only the technical possibilities of information exchange but also, among other things, the ability to develop complex contexts for the protection of your own business information and to carry out comprehensive and effective risk analyses and assessments in accordance with BSI Standard 200-3

DEKRA

On-Site/Virtual

Preise ab€ 3.490 zzgl. 19% Ust

duration: 5 days

Level: Einsteiger

Code: CISO

CPEs: 38

Buchen Sie noch heute online oder rufen Sie uns an unter +49 7031 2024742, wenn Sie Hilfe bei der Auswahl des richtigen Kurses benötigen oder über Firmenrabatte sprechen möchten.

Deepen your knowledge as Chief Information Security Manager and learn more about ISMS governance.

Schönbrunn TASC is a DEKRA accredited training organization (ATO). This means that you have access to official DEKRA course materials and can take your CISO exam during the course at the Schönbrunn TASC training center. If you do not pass the exam on your first attempt (which we do not expect), our performance guarantee will cover you - this means you train for free the second time.

  • You learn in small groups (max. 10 participants per course)
  • In-house modern training room and test center in a distraction-free, quiet atmosphere (PSI/ Pearson Vue/ Kryterion)
  • Experienced, constantly trained trainers guide you through the course
  • You will receive comprehensive training materials, manuals and case studies for self-study
  • Interactive discussions and group work will help you in the application
  • A small breakfast, lunch, snacks and drinks are provided throughout the day
  • hotel recommendations near the training and test center
  • it is possible to take the exam at the Schönbrunn TASC test center afterwards**

Successful participation in the Information Security Officer course is required and 3 years of professional experience as a Security Officer is recommended. Knowledge and expertise in the area of information security management principles and information security concepts of ISO/IEC 27001 are essential.

The course is particularly aimed at IT security officers, data protection officers, IT managers and consultants

  1. Information security governance

    • Information security concepts
    • Define, implement, manage and maintain an information security governance program
    • Drivers of information security
    • Establishing an information security management structure
    • Methods for integrating information security into corporate governance.
    • Best practices for promoting information security within the organization.
    • Setting levels and expectations for information security in the organization.
    • Areas of governance (e.g. risk management, data classification management, network security, system access).
    • Centralized and decentralized approaches for coordinating information security.
    • Laws/regulations/standards as drivers for organizational policies/standards/procedures
    • Management of a corporate information security compliance program.
    • Function and content of key elements of an information security program (e.g. approach statements, procedures and policies)

  2. ISMS risk management, controls & measures and audit management

    • Information Security Assets Management
    • Information security risk management
      • Risk management frameworks
        • ISO 27005
        • BIS 200-3
        • NIST Risk Management Framework
        • Other frameworks and guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
      • Principles and practices of lifecycle-based risk management
    • Information security controls
    • Compliance Management
    • Guidelines & Best Practices
    • Audit Management
    • Security incident management under the responsibility of the CISO
    • Evaluating and managing the ISMS based on KPIs and internal control processes/systems
    • Strategic control of PDCA / CIP

  3. Information security program management

    • Methods for developing an implementation plan that meets the security requirements identified in the risk analysis
    • Methods and techniques for project management
    • The components of an information security governance framework to integrate security principles, practices, management and awareness into all aspects and levels of the organization
    • Security policies and configuration management in the design and management of business applications and infrastructure
    • Information security architectures: (e.g. zero trust, single sign-on, rule-based vs. list-based system access control for systems, restricted system management points)
    • Information security technologies (e.g. encryption techniques and digital signatures to allow management to choose appropriate controls)
    • Security procedures and policies for business processes and infrastructure activities System development lifecycle methodologies (e.g., traditional SDLC, prototyping)
    • Planning, execution, reporting and follow-up of security testing
    • Certifying and accrediting the compliance of business applications and infrastructure with the organization's information security governance framework
    • Types, benefits and costs of physical, managerial and technical controls
    • Planning, design, development, review and implementation of information security requirements into an organization's business processes
    • Design, development and implementation of security metrics systems
    • Methods and techniques for acquisition management (e.g., evaluation of supplier scope of services agreements, preparation of contracts)

  4. Information security management

    • Implementation of information security approaches in operational application
    • Information security management processes and procedures
    • Methods for managing the implementation of the company's information security program by third parties, including trading partners and security service providers
    • Ongoing monitoring of security activities in the organization's infrastructure and business applications
    • Methods for managing success/failure of information security investments through data collection and periodic review of key performance indicators
    • Change and configuration management activities
    • Provided information security management due diligence activities and infrastructure reviews
    • Liaison activities with internal/external assurance providers conducting information security audits
    • Provided due diligence activities, audits and associated standards for managing and controlling access to information resources
    • External vulnerability reporting sources that provide information that may require changes to the information security of applications and infrastructure
    • Events that affect security baselines and require risk assessments and changes to information security requirements in security plans, test plans and reperfomance Information security problem management practices
    • Information security manager takes on roles as change agent, educator and advisor
    • The ways in which culture and cultural differences influence staff behavior
    • The activities that can change culture and staff behavior
    • Methods and techniques for security awareness training and education

  5. Information security technologies, threats and response management

    • Current threats and hazards to IT security from a strategic perspective
    • Overview of security technologies
    • Information security management vs. IT service management - management decisions
    • Response management

DEKRA Exam CISO- Chief Information Security Officer

Duration: 90 minutes

Format: Multiple choice and open questions

Languages: German

The ISO 27000 ff series of standards is approved as an aid.

No appointments are currently scheduled. If you are interested in making an appointment, please contact us using our contact form.

Contact

Similar courses

TRECCERT 2 durationLeonberg

Governance & Risk

TRECCERT NIS2 Essentials

NIS2 Essentials provides executives and responsible persons with the fundamentals of the NIS2 Directive to strengthen cybersecurity and ensure compliance with regulatory requirements.

€ 890

Find Date!
CompTIA 4 durationLeonberg

Governance & Risk

CompTIA Project+ Certification Training

Learn project management methods to manage IT projects efficiently and ensure their successful implementation.

€ 3.250

Find Date!
ISC2 5 durationLeonberg

Governance & Risk

Certified in Governance, Risk and Compliance (CGRC)

The CGRC helps professionals develop, implement and manage governance, risk management and compliance programs to meet an organization's security and regulatory requirements.

€ 4.190

Find Date!