Logo

CCISO Training

Home / Security Training / CCISO Training Course

CCISO training is designed to take your career to the next level

Who is the course aimed at?

This Chief Information Security Officer (CISO) Training Course is designed to provide IT professionals with the skills and knowledge they need to lead and manage an organisations’ Information Security programme. This CCISO Training can benefit a wide range of professionals including:

Security Consultants

IT Security Engineers

Chief Information Security Officers (CISOs)

Network Architects

IT Consultants

Risk Managers

Course overview

The Certified Information Systems Security Professional (CCISO) Training Course is a critical pillar in cyber security. In an era marked by escalating cyber threats, the need for individuals with comprehensive knowledge of Information Security is paramount. This course equips professionals with the expertise needed to safeguard critical data, mitigate risks and ensure that robust security measures are in place.

Learn cyber security management with this Chief Information Security Officer Training and understand incident response planning and crisis management. Gain expertise in developing and implementing comprehensive security policies.

Enrol Today
  • Recognised Certification
  • Course Duration is 3 Days
  • Multiple Course Dates
  • Course Discounts Available
  • Online Course Available
  • Highly Experienced Trainers

What is the course curriculum?

The course consists of 8 domains and 37 modules covered over a 3 day period.

CISO

CCISO Training

£2495.00 + VAT

Online or classroom based course. Discounts are available for multiple people.

Domain 1: Governance and Risk Management

Module 1: Governance

  • Introduction to Governance
  • Information Security Governance

Module 2: Information Security Management Structure

  • Introduction
  • Sizing
  • Management Structure

Module 3: Principles of Information Security

  • Principles of Information Security
  • CIA Traid
  • Security Vulnerabilities, Threats, Risks, and Exposures
  • Cyberattack Elements
  • Defence-in-depth

Module 4: Risk Management

  • Risk Management Programme
  • Approach
  • Process
  • Method
  • Best Practice Frameworks for Risk Management

Module 5: Management and Technical Information Security Elements

  • Management and Technical Information Security Elements
  • Security Programme Plan
  • Security Policies, Standards, and Guidelines
  • Asset Security
  • Identity and Access Management
  • Security Engineering
  • Security Operations
  • Software Development Security
  • Security Assessments and Testing
  • Security Training and Awareness
  • Business Continuity and Disaster Recovery

Module 6: Compliance

  • Compliance
  • Compliance Team
  • Compliance Management

Module 7: Privacy

  • Privacy
  • Privacy Impact Assessment
  • Privacy and Security

Module 8: Laws and Regulatory Drivers

  • Laws and Regulatory Drivers
  • Federal Information Security Modernisation Act
  • Defence Federal Acquisition Regulation Supplement 252.204-7012
  • Who Does DFARS 252.204-7012 Apply to?
  • How Does Compliance Impact an Organisation?
  • Clinger-Cohen Act
  • Payment Card Industry Data Security Standard
  • Who Does PCI DSS Apply to?
  • Privacy Act of 1974
  • GRAMM-LEACH-BLILEY ACT
  • Health Insurance Portability and Accountability Act
  • Family Educational Rights and Privacy Act
  • SARBANES-OXLEY ACT
  • General Data Protection Regulation

Module 9: Standards and Frameworks

  • ISO/IEC 27000 Series
  • ISO/IEC 27001
  • NIST Cybersecurity Framework
  • Federal Information Processing Standards
  • Privacy Shield
  • COBIT

Module 10: Information Security Trends and Best Practices

  • Information Security Trends and Best Practices
  • Open Web Application Security Project
  • Cloud Security Alliance
  • Centre for Internet Security

Module 11: Information Security Training and Certifications

  • International Information System Security Certification Consortium
  • ISACA
  • International Council of E-Commerce Consultants
  • Sans Institute
  • Computing Technology Industry Association
  • International Association of Privacy Professionals
  • Offensive Security

Module 12: Ethics

  • Introduction to Ethics
Domain 2: Information Security Controls, Compliance and Audit Management

Module 13: Information Security Controls

  • Control Fundamentals
  • Control Frameworks

Module 14: Information Security Control Life Cycle

  • Information Security Control Life Cycle
  • Risk Assessment
  • Design
  • Implementation
  • Assessment
  • Monitoring

Module 15: Information Security Control Life Cycle Frameworks

  • NIST SP
  • NIST Risk Management Framework
  • NIST Cybersecurity Framework
  • ISO/IEC 27000

Module 16: Information Security Control Frameworks

  • Components of Exploring Information Security Control Frameworks
  • NIST SP 800-53
  • NIST Cybersecurity Framework
  • ISO/IEC 27002
  • CIS Critical Security Controls
  • CSA Cloud Controls Matrix

Module 17: Auditing for the CISO

  • Auditing for the CISO
  • Audit Management
  • Audit Process
  • Control Self-assessments
  • Continuous Auditing
  • Specific Types of Audits and Assessments
Domain 3: Security Programme Management and Operations

Module 18: Security Programme Management

  • Security Areas of Focus
  • Security Streams of Work
  • Security Projects

Module 19: Security Programme Budgets, Finance, and Cost Control

  • Establishing the Budget
  • Managing and Monitoring Spending
  • Security Programme Resource Management: Building the Security Team

Module 20: Project Management

  • Project Management Fundamentals
  • Phases of Project Management
  • Initiating
  • Planning
  • Executing
  • Monitoring and Controlling
  • Closing
Domain 4: Information Security Core Competencies

Module 21: Malicious Software and Attacks

  • Malware
  • Scripting and Vulnerability-Specific Attacks

Module 22: Social Engineering

  • Types of Social Engineering Attacks
  • Why Employees are Susceptible to Social Engineering?
  • Social Engineering Defences

Module 23: Asset Security

  • Asset Inventory and Configuration
  • Secure Configuration Baselines
  • Vulnerability Management
  • Asset Security Techniques

Module 24: Data Security

  • Data at Rest
  • Data in Transit
  • Data in Use
  • Data Life Cycle

Module 25: Identity and Access Management

  • Identity and Access Management Fundamentals
  • Identity Management Technologies
  • Authentication Factors and Mechanisms
  • Access Control Principles
  • Access Control Models
  • Access Control Administration
  • Identity and Access Management Life Cycle

Module 26: Communication and Network Security

  • WANs and LANs
  • IP Addressing
  • Network Address Translation
  • Network Protocols and Communications
  • Wireless
  • Network Technologies and Defences

Module 27: Cryptography

  • Cryptography
  • Cryptographic Definitions
  • Cryptographic Services
  • Symmetric, Asymmetric and Hybrid Cryptosystems
  • Hash Algorithms
  • Message Authentication Codes
  • Digital Signatures
  • Public Key Infrastructure

Module 28: Cloud Security

  • Cloud Security
  • Cloud Computing Characteristics
  • Cloud Deployment Models
  • Cloud Service Models
  • Cloud Security Risks and Assurance Levels
  • Cloud Security Resources

Module 29: Physical Security

  • Making Security Decisions
  • Physical Security Threats
  • Physical Security Programme Planning
  • Physical Security Resources
  • Physical Security Controls
  • Physical Security Auditing and Measurement

Module 30: Personnel Security

  • Personnel Security
  • Software Development Security
  • Integrating Security into the SDLC
  • Security SDLC Roles and Responsibilities
  • Software Vulnerabilities
  • Secure Coding Practices
  • Software Vulnerability Analysis and Assessments

Module 31: Forensics, Incident Handling, and Investigations

  • Relevant Law
  • Logging and Monitoring
  • Incident Response and Investigations
  • Forensics and Digital Evidence

Module 32: Security Assessment and Testings

  • Introduction to Security Assessment and Testings
  • Vulnerability Assessments
  • Penetration Testing
  • Security Programme Assessments

Module 33: Business Continuity and Disaster Recovery

  • Introduction to Business Continuity and Disaster Recovery
  • Continuity Planning Initiation
  • Business Impact Analysis
  • Identify Preventive Controls
  • Develop Recovery Strategies and Solutions
  • Develop the Plan
  • Test the Plan
  • Maintain the Plan
Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

Module 34: Strategic Planning 

  • Introduction to Strategic Planning
  • Organisational Strategic Planning
  • Organisational Strategic Planning Teams
  • Strategic Planning Process
  • Security Strategic Plan

Module 35: Making Security Decisions

  • Introduction to Making Security Decisions
  • Enterprise Architecture

Module 36: Financial Management

  • Financial Management
  • Accounting and Finance Basics
  • Information Security Annual Budget

Module 37: Procurement and Vendor Management

  • Overview of Procurement and Vendor Management
  • Procurement Core Principles and Processes
  • Types of Contracts
  • Scope Agreements
  • Third-party Vendor Risk Management
Domain 6: Security Assessment and Testing

Design and Validate Assessment, Test and Audit Strategies
Conduct Security Control Testing
Collect Security Process Data
Analyse Test Output and Generate Report
Conduct or Facilitate Security Audits

Domain 7: Security Operations

Understand and Support Investigations
Conduct Logging and Monitoring Activities
Securely Provisioning Resources
Understand and Apply Foundational Security Operations Concepts
Apply Resource Protection Techniques
Conduct Incident Management
Operate and Maintain Detective and Preventative Measures
Implement and Support Patch and Vulnerability Management
Participate in Change Management Processes
Implement Recovery Strategies
Implement Disaster Recovery (DR) Processes
Test Disaster Recovery Plans (DRP)
Participate in Business Continuity (BC) Planning and Exercises
Implement and Manage Physical Security
Address Personnel Safety and Security Concerns

Domain 8: Software Development Security

Integrate Security in the Software Development Life Cycle (SDLC)
Identify and Apply Security Controls in Development Environments
Assess the Effectiveness of Software Security
Assess Security Impact of Acquired Software
Define and Apply Secure Coding Guidelines and Standards

Compliance Framework

Additional information

The course is provided by our certified training partners.  

What is included?

World-Class Training Sessions from Experienced Instructors

Chief Information Security Officer Certificate

Digital Delegate Pack

Our Courses

CISSP Training
CCISO Training
CISM Training
CCSP Training
CCS-PRO Training
Awareness Training

Are you implementing AI?

AI Consultancy
Enrol Today
Current Incentives

We are offering discounts of 10% for a second person of 15% for three people or more

Easy Enrolment

It’s very easy to enrol on one of our online or classroom based training courses.

Simply fill out the contact form and we will be in touch to find out your exact requirements e.g. number of licenses, desired date and preferred location (if classroom based).

Contact Us

CCISO Training Contact Us
First
Last
Data Protection

Data Privacy Services

Operating Hours – Monday to Friday (09:00 hrs to 17:00 hrs – UK Time)

Email: info@dataprivacyservices.co.uk

Phone: 0808 101 0155

Key Services
Support & Help
Partnering and Referrals
Legal

Data Privacy and Security Services Limited © Copyright 2025

ICO NO. ZB313468

Thank you for contacting us

We will respond shortly

Note – if you do not receive an email from us please check your spam folder as we normally respond within 2 hours.

Home
Data Privacy Services
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.