Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Certified Security Leadership Officer
Description
Certified Security Leadership Officer (C)SLO Introduction:
The Certified Security Leadership Officer (CSLO) course is tailored for mid and upper-level managers seeking to enhance their expertise in information system security management. Whether you’re an experienced engineer or an IT professional, this course will broaden your knowledge of leading information security teams and empower you to bridge the gap between cybersecurity and business operations.
By enrolling in the CSLO program, you will gain a comprehensive understanding of current security issues, industry best practices, and cutting-edge security technology. This knowledge will equip you to effectively manage the security aspects of complex information technology projects.
Certified Security Leadership Officer (C)SLO Prerequisites:
To enroll in the CSLO course, candidates should meet the following prerequisites:
- 12 months of professional experience in IT.
- 12 months of professional experience in systems management.
Certified Security Leadership Officer (C)SLO Audience:
The CSLO course is ideal for the following professionals:
- C-Level Managers
- IT Managers
- Cyber Security Personnel
- Engineers
- Information Systems Owners
- Information Systems Security Officers (ISSOs)
- CISSP Students
- ISOs
Certified Security Leadership Officer (C)SLO Course Outline:
Module 1 – Security Management
- Understanding the Role of the CSLO
- Aligning Security with Business Goals and Objectives
- Overview of Governance and Its Importance
- Prioritizing Security as the First Objective
- Achieving Outcomes through Governance
- Organizing IT Security
- Developing a Comprehensive Security Strategy
- Defining Clear Security Objectives
- Managing the Security Budget
- Integrating Security into the Organizational Architecture
- Leveraging Information Security Frameworks
- Incorporating COBIT 4.1 Principles
- Addressing Ethics, Fraud, and Intellectual Property Protection
- Safeguarding Against Attacks on Intellectual Property
- Upholding OECD Privacy Principles
- Handling Personally Identifiable Information (PII) and Protected Health Information (PHI)
- Conducting Effective Awareness Training
Module 2 – Risk Management
- Embracing Risk Management Principles
- Conducting Risk Assessment
- Distinguishing Between Quantitative and Qualitative Risk
- Valuing Information Assets
- Identifying Threats and Vulnerabilities
- Evaluating and Documenting Risk
- Selecting Appropriate Risk Controls
- Assessing Cost-Benefit Ratios for Countermeasures
- Documenting and Managing Risk Control Measures
Module 3 – Encryption
- Unveiling the World of Encryption
- Ensuring the Secrecy of Cryptographic Keys
- Exploring Cryptographic Functions
- Understanding XOR Function
- Implementing Symmetric Encryption
- Delving into Asymmetric Algorithms
- Harnessing Hashing Algorithms
- Harnessing Digital Signatures and Digital Envelopes
- Leveraging Public Key Infrastructure (PKI) and Certificates
- Applying Encryption in Communications
- Auditing Encryption Implementations
- Understanding Steganography and Cryptographic Attacks
Module 4 – Information Security Access Control Concepts
- Classifying Information Assets by Criticality and Sensitivity
- Complying with Regulations and Legislation
- Valuing Information Assets and Ensuring Their Protection
- Managing Confidential Information Throughout Its Lifecycle
- Developing and Implementing a Robust Password Policy
- Mitigating Password Cracking Risks
- Exploring Biometric Authentication Methods
- Authorizing and Ensuring Accountability
- Centralizing Administration and Implementing Access Control Measures
Module 5 – Incident Handling and Evidence
- Objectives of Incident Management and Response
- Security Incident Handling and Response Processes
- Best Practices for Handling Evidence
- Recognizing Intentional and Unintentional Incidents
- Investigating Malware and Various Attack Vectors
- Preparing Response and Recovery Plans
- Roles and Functions in Incident Response
- Leveraging Incident Management Technologies
- Navigating Crisis Communications Challenges
- Strategies for Incident Containment
- Evidence Identification and Preservation
- Post-Incident Event Reviews
- Crafting Disaster Recovery and Business Continuity Plans
- Developing and Maintaining Business Continuity and Disaster Recovery Processes
- Ensuring Recovery of Communications
- Strategies for Plan Maintenance
- Testing Security through Vulnerability Assessments and Penetration Testing
Module 6 – Operations Security
- Examining Operations Security
- Managing Specific Operational Tasks
- Preventing Data Leakage and Understanding Object Reuse
- Establishing Records Management Procedures
- Implementing Change Control Measures
- Ensuring Trusted Recovery
- Understanding Redundant Array of Independent Disks (RAID)
- Analyzing Business Continuity Planning (BCP) Risk
- Setting Recovery Point Objectives and Priorities
- Mitigating OWASP Top Ten (2013) Threats
- Exploring Common Gateway Interface (CGI) and Cookies
- Embracing Virtualization Technologies (Type 1 and Type 2)
- Navigating Database and DBMS Security Considerations
Module 7 – Network Security
- Understanding Network Topologies at the Physical Layer
- Unraveling Data Encapsulation
- Protocols at Each Network Layer
- Diverse Devices Operating at Different Layers
- Employing Technology-Based Security Measures
- Architecting Network Security
- Deploying Firewalls and Unified Threat Management (UTM) Solutions
- Meeting UTM Product Criteria
- Navigating the TCP/IP Suite
- Understanding Port and Protocol Relationships
- Safeguarding Network Resources Against Internet Threats
- Auditing Network Infrastructure Security
- Implementing Network Layer Protection with IPSec
- Embracing Wireless Technologies and Access Point Security
Certified Security Leadership Officer (C)SLO Certification Exam Details:
- Format: Multiple-choice questions
- Number of Questions: 100
- Duration: Approximately 2 hours
- Passing Score: Minimum of 70%
- Online Convenience:
- The CSLO certification exam is accessible online.
- It can be taken through Mile2’s Learning Management System.
- NSA Validation:
- The CSLO course and certification have received validation from the National Security Agency (NSA).
- Specifically validated under CNSSl-4014, aligning with the Information Assurance Training Standard for Information Systems Security Officers.
Outline
Module 1 – Security Management
- The Role of the CSLO
- Business Goals and Objectives
- Overview of Governance
- The First Priority for the CSLO
- Outcomes of Governance
- Performance and Governance
- Organization of IT Security
- Security Strategy
- The Goal of Information Security
- Defining Security Objectives
- Security Budget
- Security Integration
- Architecture
- Information Security Frameworks
- Integration
- COBIT 4.1
- Deming and Quality
- Ethics
- Fraud
- Hiring and Employment
- Intellectual Property
- Protecting IP
- Attacks on IP
- OECD Privacy Principles
- PII and PHI
- Awareness Training
Module 2 – Risk Management
- Risk Management
- Risk Assessment
- Quantitative vs Qualitative Risk
- What Is the Value of an Asset?
- What Is a Threat/Vulnerability
- Assess and Evaluate Risk
- Controls
- Comparing Cost and Benefit
- Cost of a Countermeasure
- Appropriate Controls
- Documentation
Module 3 – Encryption
- Encryption
- Secrecy of the Key
- Cryptographic Functions
- XOR Function
- Symmetric Encryption
- Asymmetric Algorithms
- Hashing Algorithms
- Digital Signatures
- Digital Envelope
- Public Key Infrastructure (PKI)
- Certificates
- Uses of Encryption in Communications
- Auditing Encryption Implementations
- Steganography
- Cryptographic Attacks
Module 4 – Information Security Access Control Concepts
- Information Asset Classification
- Criticality
- Sensitivity
- Regulations and Legislation
- Asset Valuation
- Information Protection
- Storing, Retrieving, Transporting and Disposing of Confidential Information
- Password Policy
- Password Cracking
- Biometrics
- Authorization
- Accounting/Auditability
- Centralized Administration
- Access Control
Module 5 – Incident Handling and Evidence
- Goals of Incident Management and Response
- Security Incident Handling and Response
- Evidence Handling
- What is an Incident – Intentional
- What is an Incident – Unintentional
- Malware
- Attack Vectors
- Information Warfare
- Developing Response and Recovery Plans
- Incident Response Functions
- Incident Management Technologies
- Responsibilities of the CSLO
- Crisis Communications
- Challenges in Developing an Incident Management Plan
- When an Incident Occurs
- During an Incident
- Containment Strategies
- The Battle Box
- Evidence Identification and Preservation
- Post Event Reviews
- Disaster Recovery Planning (DRP) and Business Recovery Processes
- Development of BCP and DRP
- Disaster Recovery Sites
- Recovery of Communications
- Plan Maintenance Activities
- Techniques for Testing Security
- Vulnerability Assessments
- Penetration Testing
Module 6 – Operations Security
- Operations Security
- Specific Operations Tasks
- Data Leakage – Object Reuse
- Records Management
- Change Control
- Trusted Recovery
- Redundant Array of Independent Disks (RAID)
- Phases of Plan
- BCP Risk Analysis
- Recovery Point Objective
- Priorities
- OWASP Top Ten (2013)
- Common Gateway Interface
- How CGI Scripts Work
- Cookies
- Virtualization – Type 1
- Virtualization – Type 2
- Technologies – Databases and DBMS
- Facilities
- Facilities Security
- Environmental Security
- Physical Access Issues and Exposures
- Controls for Environmental Exposures
Module 7 – Network Security
- Network Topologies– Physical Layer
- Data Encapsulation
- Protocols at Each Layer
- Devices Work at Different Layers
- Technology-based Security
- Network Security Architecture
- Firewalls
- Unified Threat Management (UTM)
- UTM Product Criteria
- TCP/IP Suite
- Port and Protocol Relationship
- Network Security
- Internet Threats and Security
- Auditing Network Infrastructure Security
- IPSec – Network Layer Protection
- Wireless Technologies– Access Point
PreRequisites
- 12 months professional experience in IT
- 12 months professional experience in systems management
Audience
- C – Level Managers
- IT Managers
- Cyber Security Personelle
- Engineers
- Information Systems Owners
- ISSO’s
- CISSP Students
- ISO’s
$3250.00
|
5 Days Course |