CURRICULUM:

Module 1: Regulatory Compliance and Security
  • State of Security
  • U.S. Legislations
    • FDA's CFR 21
    • GLB
    • NERC CSS
  • Important International Regulations
    • Japan's PIP
    • Canada's PIPEDA
    • Australia's Privacy Act
    • European Union's DPD
    • EC Directive
    • UK's Data Protection Act
    • UK's Freedom of Information Act
Module 2: Financial Services and Security
  • Key Sections of Sarbanes-Oxley
  • Technology and Security Impact
    • Security Architecture and Infrastructure
  • COBIT Security Baseline
    • Control Objectives
    • Security Domains
Module 3: PCI DSS Requirements
  • Objective
  • Control Objectives
  • Defined Requirements
  • Critical References
Case Study: Identity Theft (FACTA, Red Flags)
Step through the Federal Trade Commission (FTC) final rules and guidelines for implementing the Fair and Accurate Credit Transactions Act (FACTA). Under these regulations, the "Red Flags Rule" was adopted which requires organizations holding consumer or other "covered accounts" to develop and implement an identity theft prevention program.

Module 4: Digital Healthcare & Security, HIPAA
  • Healthcare Security Challenges
  • U.S. HIPAA Security Legislation
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • ISO 27799 Standard
Module 5: ISO 27001 Standard
  • Introduction to ISO 27001
    • Security Framework Requirements
Module 6: ISO 27002 Standard
  • Scope
  • Key Clauses, Categories and Controls
    • Definition
    • Requirements
Module 7: U.S. State Government Requirements
  • California's SB 1386 and SB 541
  • California's AB 1950, AB 1298, and AB 211
  • Nevada's 597.970
  • Massachusetts's 201 CMR 17.00
  • Data Breach Challenges
  • Encryption Requirements
Module 8: U.S. Government Security Requirements
  • U.S. Federal System Requirements
  • Common Security Controls
  • FISMA
    • Core Objectives & Requirements
    • Federal Information Security Incident Center
  • Key U.S. Government Security References & Guidelines
Module 9: Business Continuity Planning (BCP)
  • Definition and Scope
  • Components of a Contingency Plan
    • Disaster Recovery Plan
    • Emergency Mode Operation Plan
  • Classification of Information
  • Classification of Threats
  • Types of Alternate Sites
  • Getting Started
    • Conducting a Business Impact Analysis (BIA)
  • Key Activities
    • Developing Your Disaster Recovery Plan (DRP)
Case Study: Conducting a Business Impact Analysis (BIA)
Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report.

Module 10: Cyber Security Strategy
  • What is Your Security Strategy?
  • Enterprise Security Methodology
    • Critical Steps
    • Integrate Compliance Requirements
  • Risk Analysis
    • Definition and Scope
    • Information System Activity Review
    • Key Project Phases
    • Vulnerability Assessment Tools
  • NIST Security Guidelines
  • Getting Started
    • Developing Your Information Security Policies
Case Study: Sample Information Security Policy Templates
Step through key sections of critical information security templates in-class. Review sample policy types and organization. All CSCS™ candidates that attend the class and pass the CSCS™ exam will receive a complete set of information security policy templates free1.

Use these templates to create or update your enterprise information security policies. Policies templates are influenced by the requirements of several regulations.




All material on this website is protected by copyright.
All rights reserved.