Certified Security Leadership Officer

Mile2’s Certified Security Leadership Officer course is designed for mid and upper-level managers. If you are an engineer, this course will increase your knowledge in the leading information system security teams.

Plus, the C)SLO will give you an essential understanding of current security issues, best practices, and technology. With this knowledge you will then be prepared to manage the security component of an information technology project. As a Security Leadership Officer, you will be the bridge between cybersecurity and business operations.

Upon completion, the Certified Security Leadership Officer candidate be able to competently take the C)SLO exam. You will be versed in implementing strong security controls and managing an organization with an industry acceptable security posture.

The Certified Security Leadership Officer exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions.
A minimum grade of 70% is required for certification.

* This course/certification has been validated by the NSA for: CNSSl-4014, Information Assurance Training Standard for Information Systems Security Officers.

Module 1 - Security Management

1. The Role of the CSLO
2. Business Goals and Objectives
3. Overview of Governance
4. The First Priority for the CSLO
5. Outcomes of Governance
6. Performance and Governance
7. Organization of IT Security
8. Security Strategy
9. The Goal of Information Security
10. Defining Security Objectives
11. Security Budget
12. Security Integration
13. Architecture
14. Information Security Frameworks
15. Integration
16. COBIT 4.1
17. Deming and Quality
18. Ethics
19. Fraud
20. Hiring and Employment
21. Intellectual Property
22. Protecting IP
23. Attacks on IP
24. OECD Privacy Principles
25. PII and PHI
26. Awareness Training

Module 2 - Risk Management

1. Risk Management
2. Risk Assessment
3. Quantitative vs Qualitative Risk
4. What Is the Value of an Asset?
5. What Is a Threat/Vulnerability
6. Assess and Evaluate Risk
7. Controls
8. Comparing Cost and Benefit
9. Cost of a Countermeasure
10. Appropriate Controls
11. Documentation

Module 3 – Encryption

1. Encryption
2. Secrecy of the Key
3. Cryptographic Functions
4. XOR Function
5. Symmetric Encryption
6. Asymmetric Algorithms
7. Hashing Algorithms
8. Digital Signatures
9. Digital Envelope
10. Public Key Infrastructure (PKI)
11. Certificates
12. Uses of Encryption in Communications
13. Auditing Encryption Implementations
14. Steganography
15. Cryptographic Attacks

Module 4 - Information Security Access Control Concepts

1. Information Asset Classification
2. Criticality
3. Sensitivity
4. Regulations and Legislation
5. Asset Valuation
6. Information Protection
7. Storing, Retrieving, Transporting and Disposing of Confidential Information
8. Password Policy
9. Password Cracking
10. Biometrics
11. Authorization
12. Accounting/Auditability
13. Centralized Administration
14. Access Control

Module 5 - Incident Handling and Evidence

1. Goals of Incident Management and Response
2. Security Incident Handling and Response
3. Evidence Handling
4. What is an Incident - Intentional
5. What is an Incident - Unintentional
6. Malware
7. Attack Vectors
8. Information Warfare
9. Developing Response and Recovery Plans
10. Incident Response Functions
11. Incident Management Technologies
12. Responsibilities of the CSLO
13. Crisis Communications
14. Challenges in Developing an Incident Management Plan
15. When an Incident Occurs
16. During an Incident
17. Containment Strategies
18. The Battle Box
19. Evidence Identification and Preservation
20. Post Event Reviews
21. Disaster Recovery Planning (DRP) and Business Recovery Processes
22. Development of BCP and DRP
23. Disaster Recovery Sites
24. Recovery of Communications
25. Plan Maintenance Activities
26. Techniques for Testing Security
27. Vulnerability Assessments
28. Penetration Testing

 Module 6 - Operations Security

1. Operations Security
2. Specific Operations Tasks
3. Data Leakage – Object Reuse
4. Records Management
5. Change Control
6. Trusted Recovery
7. Redundant Array of Independent Disks (RAID)
8. Phases of Plan
9. BCP Risk Analysis
10. Recovery Point Objective
11. Priorities
12. OWASP Top Ten (2013)
13. Common Gateway Interface
14. How CGI Scripts Work
15. Cookies
16. Virtualization - Type 1
17. Virtualization – Type 2
18. Technologies – Databases and DBMS
19. Facilities
20. Facilities Security
21. Environmental Security
22. Physical Access Issues and Exposures
23. Controls for Environmental Exposures

Module 7 - Network Security

1. Network Topologies– Physical Layer
2. Data Encapsulation
3. Protocols at Each Layer
4. Devices Work at Different Layers
5. Technology-based Security
6. Network Security Architecture
7. Firewalls
8. Unified Threat Management (UTM)
9. UTM Product Criteria
10. TCP/IP Suite
11. Port and Protocol Relationship
12. Network Security
13. Internet Threats and Security
14. Auditing Network Infrastructure Security
15. IPSec - Network Layer Protection
16. Wireless Technologies– Access Point

• 12 months professional experience in IT
• 12 months professional experience in systems management

• C - Level Managers
• IT Managers
• Cyber Security Personelle
• Engineers
• Information Systems Owners
• ISSO's
• CISSP Students
• ISO's