CISA - Certified Information Systems Auditor Training Course

Course Description

This comprehensive course is tailored to address AI security, governance, compliance, and risk management in enterprise settings. It is specifically designed for security professionals, compliance officers, and technology leaders who are responsible for the secure deployment and governance frameworks of AI systems. The curriculum aligns with best practices and standards for government and industry, ensuring participants are well-equipped to manage AI-related risks and ensure compliance with regulatory requirements.

Who is it for:

This program is designed for individuals involved in information security and information assurance, particularly those working in or supporting government agencies.

What will I learn:

Candidates should be able to demonstrate:

• The ways in which managing information risk can bring significant benefits to public sector organizations.
• The ability to explain and effectively utilize terminology related to information risk management for government use.
• How to conduct threat and vulnerability assessments, business impact analyses, and risk assessments within a governmental context.
• An understanding of the principles of controls and risk treatment in government settings.
• The skill to present assessment results in a format that can serve as the foundation for a risk treatment plan tailored for government operations.
• The application of information classification schemes appropriate for government agencies.

The EC-Council’s Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals across the globe. A distinguished group of high-level information security executives, known as the CCISO Advisory Board, played a crucial role in establishing the foundation of the program and defining its content, exam structure, body of knowledge, and training modules. Members of this board contributed in various capacities—some as authors, others as exam writers, quality assurance reviewers, and trainers. Each component of the program was meticulously crafted with the aspiring CISO in mind, aiming to transfer the invaluable knowledge of seasoned professionals to the next generation in critical areas essential for developing and maintaining a robust information security program. The Certified CISO (CCISO) program is a pioneering training and certification initiative designed to produce top-tier information security executives. Unlike other certifications that focus primarily on technical skills, the CCISO emphasizes the application of information security management principles from an executive perspective. This program was developed by current CISOs for government and industry professionals who are either serving in or aspiring to these roles.

Description:

Disclaimer: Please be advised that this updated CISM exam content outline is applicable to exams starting 1 June 2022.

The Certified Information Security Manager (CISM®) is the most prestigious and demanding qualification for information security managers globally. This certification provides a platform for professionals to become part of an elite peer network, equipped with the ability to continuously learn and adapt to the evolving opportunities and challenges in information security management.

Our CISM training methodology offers comprehensive coverage of the four CISM domains, focusing on building foundational concepts and solving ISACA-released CISM exam questions. The course is designed as an intensive training program and rigorous exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination.

Our instructors encourage all attendees to review the ISACA-released CISM QA&E (Questions, Answers, and Explanations) for exam preparation. This resource is invaluable in helping participants understand the style of questions, effective problem-solving approaches, and rapid assimilation of CISM concepts during live classroom sessions. All our trainers have extensive experience in delivering CISM training and are dedicated to thoroughly preparing you for the CISM examination.

Goal:

The ultimate goal is to pass your CISM examination on the first attempt.

Objectives:

• Apply the knowledge gained in a practical manner that benefits your organization
• Establish and maintain an information security governance framework to achieve organizational goals and objectives
• Manage information risk to an acceptable level to meet business and compliance requirements
• Establish and maintain information security architectures (people, process, technology)
• Integrate information security requirements into contracts and activities of third parties/suppliers
• Plan, establish, and manage the capability to detect, investigate, respond to, and recover from information security incidents to minimize business impact

Target Audience:

• Security professionals with 3-5 years of front-line experience
• Information security managers or those with management responsibilities
• Information security staff, information security assurance providers who require an in-depth understanding of information security management, including: CISOs, CIOs, CSOs, privacy officers, risk managers, security auditors and compliance personnel, BCP/DR personnel, executive and operational managers responsible for assurance functions

This training is designed to support professionals in enhancing their skills and knowledge for government and organizational success.

This instructor-led, live training in US (online or onsite) is aimed at beginner to intermediate-level system administrators and security professionals who wish to learn how to implement Cloudflare for content delivery and cloud security, as well as mitigate DDoS attacks.

By the end of this training, participants will be able to:

• Configure Cloudflare for their websites for government use.
• Set up DNS records and SSL certificates in alignment with public sector standards.
• Implement Cloudflare for content delivery and caching to enhance performance for government services.
• Protect their websites from DDoS attacks, ensuring continuity of operations for government.
• Implement firewall rules to restrict traffic to their websites, maintaining security and compliance for government systems.

Description:

This course is designed as an intensive exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. It covers the latest four domains of ISACA’s CRISC syllabus, with a strong emphasis on exam readiness. Participants will receive the Official ISACA CRISC Review Manual and the Question, Answer, and Explanation (Q&A&E) supplement. The Q&A&E is particularly valuable for helping delegates understand the style of questions posed by ISACA, the types of answers expected, and for facilitating rapid assimilation of the material.

The technical skills and practices promoted by ISACA within the CRISC certification are foundational to success in the field. Achieving the CRISC certification demonstrates a high level of expertise and commitment. With an increasing demand for professionals with risk and control knowledge, ISACA’s CRISC certification has become a preferred credential for individuals and organizations globally. The CRISC certification signifies a dedication to serving enterprises and the profession with distinction.

Objectives:

• To assist participants in passing the CRISC examination on their first attempt.
• To signify commitment to serving an enterprise with distinction through the possession of this certification.
• To enable holders of this certification to secure better positions and salaries due to the growing demand for professionals with risk and control expertise.

You will learn:

• How to help enterprises achieve their business objectives by designing, implementing, monitoring, and maintaining risk-based, efficient, and effective IS controls.
• The technical skills and practices that CRISC promotes, which are essential for success in the field.

This course is tailored to support professionals in enhancing their capabilities and meeting the rigorous standards required for government service.

This instructor-led, live training in US (online or onsite) is aimed at intermediate-level IT professionals who wish to enhance their skills in identifying and managing IT risk and implementing information systems controls, as well as prepare for the CRISC certification exam. By the end of this training, participants will be able to: - Understand the governance and risk management aspects of IT for government. - Conduct IT risk assessments and implement appropriate risk responses. - Design and implement effective information systems controls. - Prepare thoroughly for the CRISC certification exam.

This instructor-led, live training in US (online or onsite) is aimed at supply chain professionals who wish to establish effective control and oversight of their supply chain, particularly as it pertains to cybersecurity for government.

By the end of this training, participants will be able to:

• Understand the security oversights that can cause significant damage and disruption to a supply chain.
• Decompose complex security issues into manageable and actionable components.
• Address common supply chain vulnerabilities by identifying high-risk areas and collaborating with stakeholders.
• Implement best practices in securing a supply chain for government operations.
• Significantly reduce or eliminate the most significant risks to an organization's supply chain.

This instructor-led, live training in US (online or onsite) is designed for intermediate to advanced IT professionals and business leaders who aim to develop a structured approach to managing data breaches. By the end of this training, participants will be able to: - Understand the causes and consequences of data breaches. - Develop and implement effective data breach prevention strategies. - Establish an incident response plan to contain and mitigate breaches. - Conduct forensic investigations and evaluate the impact of breaches. - Ensure compliance with legal and regulatory requirements for breach notification. - Recover from data breaches and enhance security measures. This training is tailored to support professionals in aligning their practices with public sector workflows, governance, and accountability standards for government.

This instructor-led, live training in US (online or onsite) is designed for developers and administrators who aim to produce software and products that comply with HiTRUST standards. By the end of this training, participants will be able to: - Grasp the essential concepts of the HiTrust Common Security Framework (CSF). - Recognize the HITRUST CSF administrative and security control domains. - Gain knowledge about the various types of HiTrust assessments and scoring methodologies. - Understand the certification process and requirements for achieving HiTrust compliance. - Learn best practices and tips for effectively adopting the HiTrust approach, ensuring alignment with public sector workflows, governance, and accountability for government.

This training course provides comprehensive instruction on conducting risk assessments for information security by integrating the guidelines from ISO/IEC 27005:2022 and ISO/IEC 27001. In addition to theoretical knowledge, the course includes practical exercises, quizzes, and case studies, ensuring an engaging and interactive learning experience that aligns with best practices for government agencies.

Description:

This is a 'Practitioner' course that emphasizes practical exercises designed to reinforce the concepts being taught and build participants' confidence in implementing business continuity management. The course also encourages debate and the sharing of knowledge and experience among students. Participants will benefit from the extensive, hands-on experiences of our trainers, who are active experts in business continuity management and ISO 22301:2019 specialists.

Participants will learn how to:

• Explain the necessity of business continuity management (BCM) for all organizations
• Define the business continuity lifecycle
• Manage a business continuity program
• Understand their organization sufficiently to identify mission-critical impact areas
• Determine their organization's business continuity strategy
• Establish a business continuity response
• Exercise, maintain, and review plans
• Embed business continuity within an organization
• Define terms and definitions relevant to business continuity

By the end of the course, participants will have a comprehensive understanding of all key components of business continuity management and be equipped to return to their roles, making significant contributions to the business continuity management process for government.

This instructor-led, live training in US (online or onsite) is aimed at security engineers who wish to utilize IBM QRadar SIEM to address critical security use cases for government. By the end of this training, participants will be able to: - Achieve comprehensive visibility into enterprise data across both on-premise and cloud environments. - Automate security intelligence processes to effectively hunt threats and mitigate risks. - Detect, identify, and prioritize potential threats.

This instructor-led, live training (available online or onsite) is designed for government developers who wish to integrate Snyk into their development tools to identify and resolve security vulnerabilities in their code. By the end of this training, participants will be able to: - Understand the capabilities and architecture of Snyk. - Utilize Snyk to detect and remediate code security issues. - Incorporate Snyk into a software development lifecycle for government.

This course provides an overview of fundamental security principles and IT security, with a focus on protecting against network threats. Participants will develop a comprehensive understanding of critical security protocols and the security aspects of web services. The curriculum will also examine recent attacks on cryptosystems and highlight associated vulnerabilities, ensuring that learners are well-informed about current challenges in the field for government and other sectors.