C)SLO: Security Leadership Officer

Mile2's Certified Security Leadership Officer course is designed for mid and upper-level managers. If you are an engineer, this course will increase your knowledge in the leading information system security teams.

Plus, the C)SLO will give you an essential understanding of current security issues, best practices, and technology. With this knowledge you will then be prepared to manage the security component of an information technology project. As a Security Leadership Officer, you will be the bridge between cybersecurity and business operations.

* This course/certification has been validated by the NSA for: CNSSl-4014, Information Assurance Training Standard for Information Systems Security Officers.

Key takeaways

Upon completion you will be versed in implementing strong security controls and managing an organization with an industry acceptable security posture.

By completing this course you will earn 32 CEUs.

Prerequisites

Suggested Prerequisites:

  • 12 months professional experience in IT OR
  • 12 months professional experience in systems management

Target audience
  • C - Level Managers
  • IT Managers
  • Cyber Security Personelle
  • Engineers
  • Information Systems Owners
  • ISSO's
  • CISSP Students
  • ISO's

 

 

Modules: 

  • Module 1 - Security Management
  • Module 2 - Risk Management
  • Module 3 - Encryption
  • Module 4 - Information Security Access Control Concepts
  • Module 5 - Incident Handling and Evidence Module 6 - Operations Security
  • Module 7 - Network Security

Detailed Outline:

Module 1 - Security Management

  1. The Role of the CSLO
  2. Business Goals and Objectives
  3. Overview of Governance
    1. The First Priority for the CSLO
    2. Outcomes of Governance
    3. Performance and Governance
  4. Organization of IT Security
  5. Security Strategy
  6. The Goal of Information Security
  7. Defining Security Objectives
  8. Security Budget
  9. Security Integration
  10. Architecture
  11. Information Security Frameworks
  12. Integration
  13. COBIT 4.1
  14. Deming and Quality
  15. Ethics
  16. Fraud
  17. Hiring and Employment
  18. Intellectual Property
  19. Protecting IP
  20. Attacks on IP
  21. OECD Privacy Principles
  22. PII and PHI
  23. Awareness Training

Module 2 - Risk Management

  1. Risk Management
  2. Risk Assessment
  3. Quantitative vs Qualitative Risk
  4. What Is the Value of an Asset?
  5. What Is a Threat/Vulnerability
  6. Assess and Evaluate Risk
  7. Controls
  8. Comparing Cost and Benefit
  9. Cost of a Countermeasure
  10. Appropriate Controls
  11. Documentation

Module 3 – Encryption

  1. Encryption
  2. Secrecy of the Key
  3. Cryptographic Functions
  4. XOR Function
  5. Symmetric Encryption
  6. Asymmetric Algorithms
  7. Hashing Algorithms
  8. Digital Signatures
  9. Digital Envelope
  10. Public Key Infrastructure (PKI)
  11. Certificates
  12. Uses of Encryption in Communications
  13. Auditing Encryption Implementations
  14. Steganography
  15. Cryptographic Attacks

Module 4 - Information Security Access Control Concepts

  1. Information Asset Classification
    1. Criticality
    2. Sensitivity
    3. Regulations and Legislation
  2. Asset Valuation
  3. Information Protection
  4. Storing, Retrieving, Transporting and Disposing of Confidential Information
  5. Password Policy
  6. Password Cracking
  7. Biometrics
  8. Authorization
  9. Accounting/Auditability
  10. Centralized Administration
  11. Access Control

Module 5 - Incident Handling and Evidence

  1. Goals of Incident Management and Response
  2. Security Incident Handling and Response
  3. Evidence Handling
  4. What is an Incident - Intentional
  5. What is an Incident - Unintentional
  6. Malware
  7. Attack Vectors
  8. Information Warfare
  9. Developing Response and Recovery Plans
  10. Incident Response Functions
  11. Incident Management Technologies
  12. Responsibilities of the CSLO
  13. Crisis Communications
  14. Challenges in Developing an Incident Management Plan
    1. When an Incident Occurs
    2. During an Incident
    3. Containment Strategies
    4. The Battle Box
    5. Evidence Identification and Preservation
    6. Post Event Reviews
  15. Disaster Recovery Planning (DRP) and Business Recovery Processes
  16. Development of BCP and DRP
  17. Disaster Recovery Sites
  18. Recovery of Communications
  19. Plan Maintenance Activities
  20. Techniques for Testing Security
  21. Vulnerability Assessments
  22. Penetration Testing

 Module 6 - Operations Security

  1. Operations Security
  2. Specific Operations Tasks
  3. Data Leakage – Object Reuse
  4. Records Management
  5. Change Control
  6. Trusted Recovery
  7. Redundant Array of Independent Disks (RAID)
  8. Phases of Plan
  9. BCP Risk Analysis
  10. Recovery Point Objective
  11. Priorities
  12. OWASP Top Ten (2013)
  13. Common Gateway Interface
  14. How CGI Scripts Work
  15. Cookies
  16. Virtualization - Type 1
  17. Virtualization – Type 2
  18. Technologies – Databases and DBMS
  19. Facilities
  20. Facilities Security
  21. Environmental Security
  22. Physical Access Issues and Exposures
  23. Controls for Environmental Exposures

Module 7 - Network Security

  1. Network Topologies– Physical Layer
  2. Data Encapsulation
  3. Protocols at Each Layer
  4. Devices Work at Different Layers
  5. Technology-based Security
  6. Network Security Architecture
  7. Firewalls
  8. Unified Threat Management (UTM)
  9. UTM Product Criteria
  10. TCP/IP Suite
  11. Port and Protocol Relationship
  12. Network Security
  13. Internet Threats and Security
  14. Auditing Network Infrastructure Security
  15. IPSec - Network Layer Protection
  16. Wireless Technologies– Access Point  

Objective:
Upon completion, the Certified Security Leadership Officer candidate be able to competently take the C)SLO exam.  

Exam information:

The exam is taken online through Mile2’s Learning Management System and is accessible on your Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions. 

A minimum grade of 70% is required for certification.

Your exam is included in the course fee!

Re-certification requirements:

All Mile2 certifications will be awarded a 3-year expiration date.

There are two requirements to maintain Mile2 certification:

  • Pass the most current version of the exam for your respective existing certification
  • Earn and submit 20 CEUs per year in your Mile2 account  

1. Hvem passer dette kurset for?

For mellomledere og toppledere, IT-managere, cybersikkerhetspersonell/ingeniører, Information Systems Owners, ISSO/ISO og CISSP-kandidater som skal lede sikkerhetsarbeidet og være bindeledd mellom forretning og IT.

2. Hvilke forkunnskaper bør jeg ha?

Anbefalt: ca. 12 måneders erfaring innen IT eller systems management.

3. Hva lærer jeg i kurset?

Du får lederrettet innsikt i sikkerhetsstyring og governance, risikostyring, kryptografi, tilgangsstyring/IAM, hendelseshåndtering og bevis, driftssikkerhet og nettverkssikkerhet – slik at du kan planlegge, prioritere og styre sikkerhetsarbeidet i tråd med virksomhetsmål. Kurset er validert mot NSA CNSSI-4014 (IA-standard for Security Officers).

4. Hvordan foregår kurset?

Leveres som klasseromskurs, live virtuelt eller bedriftsinternt/skreddersøm. Varighet: 5 dager. CEUs: 32. Språk: engelsk.

5. Er dette kurset praktisk?

Ja – du jobber med anvendte kontroller og prosesser: fra policy og governance til IR/DR/BCP (plan, roller, kommunikasjon, bevis), samt operasjonell sikkerhet og nettverkssikkerhet inkludert revisjon/kontroller – med fokus på implementering i pågående IT-prosjekter.

6. Hvor mye koster kurset?

Kursavgiften er 35 000 NOK, og eksamen er inkludert i prisen.

7. Hva slags materiell får jeg?

Du får tilgang til Mile2 sitt digitale læringssystem, offisielt kursmateriell, videoer og øvelser.

8. Gir kurset sertifisering?

Ja – kurset inkluderer sertifiseringseksamnen Certified Security Leadership Officer.

  • Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål

  • Du må ha minst 70 % riktig for å bestå.

Eksamen tas online via Mile2 sin læringsplattform.

9. Hvor lenge varer sertifiseringen?

Sertifiseringen er gyldig i 3 år. For å beholde den må du:

  1. Bestå den nyeste versjonen av eksamen
  2. Opparbeide og registrere 20 CEUs per år i Mile2-kontoen din

10. Kan jeg delta digitalt?

Ja – kurset tilbys både som fysisk kurs i klasserom og som live, virtuelt kurs.

11. Kan jeg få kurset spesialtilpasset?

Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.

12. Kan jeg bestille kurset for min organisasjon?

Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.

Andre relevante kurs

C)CSA: Cybersecurity Analyst
5 dager
Classroom Virtual
C)CSO: Cloud Security Officer
5 dager
Classroom Virtual
C)CSSA: Cybersecurity Systems Auditor
4 dager
Classroom Virtual
C)CSSM: Certified Cybersecurity Systems Manager
4 dager
Classroom Virtual