25-26 Mar 2024

24-25 Jun 2024

19-20 Aug 2024

14-15 Oct 2024

CC training is for IT professionals, career changers, college students, recent college graduates, advanced high school students and recent high school graduates looking to start their path toward cybersecurity leadership by taking the Certified in Cybersecurity entry-level exam. There are no prerequisites.

After completing this course, learners will be able to:   

• Discuss the foundational concepts of cybersecurity principles.  

• Recognize foundational security concepts of information assurance.  

• Define risk management terminology and summarize the process.  

• Relate risk management to personal or professional practices.  

• Classify types of security controls.  

• Distinguish between policies, procedures, standards, regulations and laws.  

• Demonstrate the relationship among governance elements.  

• Analyze appropriate outcomes according to the canons of the (ISC)² Code of Ethics when given examples.  

• Practice the terminology of and review security policies.  

• Explain how organizations respond to, recover from and continue to operate during unplanned disruptions.  

• Recall the terms and components of incident response.  

• Summarize the components of a business continuity plan.  

• Identify the components of disaster recovery.  

• Practice the terminology and review concepts of business continuity, disaster recovery and incident response.  

• Select access controls that are appropriate in a given scenario.  

• Relate access control concepts and processes to given scenarios.  

• Compare various physical access controls.  

• Describe logical access controls.  

• Practice the terminology and review concepts of access controls.  

• Explain the concepts of network security.  

• Recognize common networking terms and models.  

• Identify common protocols and port and their secure counterparts.  

• Identify types of network (cyber) threats and attacks.  

• Discuss common tools used to identify and prevent threats.  

• Identify common data center terminology.  

• Recognize common cloud service terminology.  

• Identify secure network design terminology.  

• Practice the terminology and review concepts of network security.  

• Explain concepts of security operations.  

• Discuss data handling best practices.  

• Identify key concepts of logging and monitoring.  

• Summarize the different types of encryption and their common uses.  

• Describe the concepts of configuration management.  

• Explain the application of common security policies.  

• Discuss the importance of security awareness training.  

• Practice the terminology and review concepts of network operations.  

• Module 1: Understand the Security Concepts of Information Assurance 

• Module 2: Understand the Risk Management Processes 

• Module 3: Understand Security Controls 

• Module 4: Understand Governance Element

• Module 5: Understand (ISC)2 Code of Ethic

• Module 1: Understand Incident Response 

• Module 2: Understand Business Continuity  

• Module 3: Understand Disaster Recovery

• Module 1: Understand Access Control Concept

• Module 2: Understand Physical Access Control

• Module 3: Understand Logical Access controls 

• Module 1: Understand Computer Networking 

• Module 2: Understand Network (Cyber) Threats and Attacks 

• Module 3: Understand Network Security Infrastructure 

• Module 1: Understand Data Security 

• Module 2: Understand System Hardening 

• Module 3: Understand Best Practice Security Policies 

• Module 4: Understand Security Awareness Training 

• Module 1: Certification Requirements   

• Module 2: Scheduling the Exam 

• Module 3: Before the Exam 

• Module 4: Day of Exam  

• Module 5: Tips for Reading the Questions  

• Module 6:  After the Exam

26 Feb 2024 - 1 Mar 2024

27-31 May 2024

29 Jul 2024 - 2 Aug 2024

21-25 Oct 2024

The training seminar is ideal for those with technical skills and practical, hand-on security knowledge working in operational IT positions such as, but not limited to:

• • Network Security Engineer
• • Systems/Network Administrator
• • Security Analyst
• • Systems Engineer
• • Security Consultant/Specialist
• • Security Administrator
• • Systems/Network Analyst
• • Database Administrator

After completing this course, the student will be able to:

• Describe security and the alignment of asset management to risk management.

• Appraise risk management options and the use of access controls to protect assets.

• Examine the field of cryptography to secure information and communication.

• Build a security posture by securing software, data, and endpoints.

• Apply network and communications security to establish a secure networked environment.

• Evaluate cloud and wireless security.

• Prepare for incident detection and response.

• Implement appropriate measures that contribute to the maturation of risk management.

• Classify information security and security concepts.

• Summarize components of the asset management lifecycle .

• Identify common risks and vulnerabilities.

• Provide examples of appropriate risk treatment.

• Provide examples of functional security controls and policies for identified scenarios.

• Classify various access control models.

• Identify components of the identity management lifecycle.

• Recognize access control and authentication methods.

• Identify the fundamental concepts of cryptography driving requirements and benefits.

• Recognize symmetric encryption methods.

• Use asymmetric encryption methods.

• Examine Public-Key Infrastructure (PKI) systems and certificates.

• Summarize fundamental key management terms and concepts.

• Recognize how to implement secure protocols.

• Review methods of cryptanalytic attack.

• Discuss software systems and application security.

• Recognize data security concepts and skills.

• Identify malicious code and countermeasures.

• Evaluate Mobile Device Management (MDM) and security issues with mobile and autonomous endpoints.

• Review attacks and countermeasures for virtual machines.

• Recognize layers of the OSI Model, their functions, and attacks present at each layer.

• Identify commonly used ports and protocols.

• Select appropriate countermeasures for various network attacks.

• Summarize best practices for establishing a secure networked environment.

• Recall cloud security concepts and configurations.

• Recognize types of virtualization and cloud security considerations.

• Summarize the types of telecommunications and network access controls.

• Review the steps for monitoring, incident detection, and data loss prevention using all source intelligence.

• Identify the elements of an incident response policy and members of the incident response team (IRT).

• Classify the SSCP's role in supporting forensic investigations.

• Identify operational aspects of change management.

• Summarize physical security considerations.

• Design a security education and awareness strategy.

• Recognize common security assessment activities.

• Classify the components of a business continuity plan and disaster recovery plan.

Available upon request 

The EISM program is right for you if you:

• You do not meet the minimum experience requirements for the CCISO program
• You are more interested in a management career path than in a technical one
• You have strong management skills and have worked in the information security industry for at least three years.
• You are interested in one day obtaining a position as a CISO

Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.

Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.

Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.

Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.

Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.

The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.

EXAM TITLE : EC-Council Certified CISO

EXAM CODE : 712-50

# OF QUESTIONS : 150

DURATION :2.5 Hours

AVAILABILITY : ECC Exam Portal

TEST FORMAT : Scenario-based multiple choice

PASSING SCORE : 72%

19-23 Feb 2024

18-22 Mar 2024

22-26 Apr 2024

27-31 May 2024

1-5 Jul 2024

5-9 Aug 2024

2-6 Sep 2024

7-11 Oct 2024

4-8 Nov 2024

2-6 Dec 2024

This training is intended for professionals who have at least five years of full-time IT experience, including three years in information security and at least one year in cloud security, and are pursuing CCSP certification to enhance credibility and career mobility. The seminar is ideal for those working in positions such as, but not limited to:

After completing this course, you will be able to:

1.  Understand legal frameworks and guidelines that affect cloud services.
2.  Recognize the fundamentals of data privacy regulatory/legislative mandates.
3.  Assess risks, vulnerability, threats, and attacks in the cloud environment.
4.  Evaluate the design and plan for cloud infrastructure security controls.
5.  Evaluate what is necessary to manage security operations.
6.  Understand what operational controls and standards to implement.
7.  Describe the types of cloud deployment models in the types of “as a service” cloud models currently available today.
8.  Identify key terminology, and associated definitions related to cloud technology.
9.  Establish a common terminology for use within your team or workgroup.
10. Build a business case for cloud adoption and determine business units that benefit from cloud migration strategies.

• State the essential characteristics of cloud computing 

• Describe the fundamental cloud computing services 

• Describe the cloud computing reference architectures 

• Explain cloud computing activities 

• Compare cloud service capabilities and models 

• Describe cloud deployment models 

• Summarize economic characteristics of cloud computing 

• Evaluate cloud computing ROI and KPI metrics 

• Summarize cloud computing security concepts 

• Describe key security considerations for each service model 

• Analyze key cloud service provider contractual relationship documents 

• Explain the issues with international conflict of law 

• Interpret guidelines for digital forensics 

• Identify the fundamentals of data privacy regulatory/legislative mandates 

• Summarize audit process, methodologies and cloud-ready adaptations 

• Describe risk management related to cloud services 

• Identify due care/diligence activities related to service contracts 

• Discuss cloud data security concepts 

• Describe cryptography 

• Explain data discovery and classification technologies 

• Interpret cloud data storage architectures 

• Analyze information rights management 

• Assess cloud data security strategies 

• Compare solutions for cloud data retention, deletion and archival policies 

• Explain basic security concepts in the cloud 

• Compare cloud infrastructure components 

• Select standard practices for implementing a secure data center design 

• Assess risks, vulnerability, threats and attacks in the cloud environment 

• Discover components for planning and implementing security controls 

• Evaluate the design and plan for cloud infrastructure security controls 

• Appraise appropriate identity and access management (IAM) solutions 

• Recommend business continuity and disaster recovery (BCDR) standards 

• Explain training and awareness solutions for application security 

• Assess challenges in the secure software development life cycle (SDLC) process 

• Select a threat model for securing software development 

• Demonstrate cloud software assurance and validation 

• Choose verified secure software 

• Explain the specifics of a cloud application architecture 

• Analyze what is used to manage and operate physical and logical infrastructure of a cloud environment 

• Discuss operational controls and standards 

• Identify methodologies for supporting digital forensics 

• Identify critical communication needs with relevant parties 

• Define auditability, traceability and accountability of security-relevant data events 

• Select requirements to implement secure operations

22-26 Apr 2024

7-11 Oct 2024

The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of organization as well as aspiring CISOs. Other information security management certification programs focus on middle management. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their own processes & programs.

Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.

Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.

Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.

Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.

Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.

The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.

EXAM TITLE : EC-Council Certified CISO

EXAM CODE : 712-50

# OF QUESTIONS : 150

DURATION :2.5 Hours

AVAILABILITY : ECC Exam Portal

TEST FORMAT : Scenario-based multiple choice

PASSING SCORE : 72%

29 Jan 2024 - 2 Feb 2024

4-8 Mar 2024

15-19 Apr 2024

10-14 Jun 2024

22-26 Jul 2024

9-13 Sep 2024

11-15 Nov 2024

This training course is intended for professionals who have at least five years of cumulative, paid work experience in two or more of the eight domains of the (ISC)2 CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:

• Security Consultant
• Security Manager
• IT Director/Manager
• Security Auditor
• Security Architect
• Security Analyst
• Security Systems Engineer
• Chief Information Security Officer
• Security Director
• Network Architect

After completing this course, the student will be able to:

• Apply fundamental concepts and methods related to the fields of information technology and security.

• Align overall organizational operational goals with security functions and implementations.

• Determine how to protect assets of the organization as they go through their lifecycle.

• Leverage the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.

• Apply security design principles to select appropriate mitigations for vulnerabilities present in common information system types and architectures.

• Explain the importance of cryptography and the security services it can provide in today’s digital and information age.

• Evaluate physical security elements relative to information security needs.

• Evaluate the elements that comprise communication and network security relative to information security needs.

• Leverage the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1–7 to meet information security needs.

• Determine appropriate access control models to meet business security requirements.

• Apply physical and logical access controls to meet information security needs.

• Differentiate between primary methods for designing and validating test and audit strategies that support information security requirements.

• Apply appropriate security controls and countermeasures to optimize an organization’s operational function and capacity.

• Assess information systems risks to an organization’s operational endeavors.

• Determine appropriate controls to mitigate specific threats and vulnerabilities.

• Apply information systems security concepts to mitigate the risk of software and systems vulnerabilities throughout the systems’ lifecycles.

• Justify an organizational code of ethics.

• Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to due care and due diligence.

• Relate information security governance to organizational business strategies, goals, missions, and objectives.

• Apply the concepts of cybercrime to data breaches and other information security compromises.

• Relate legal, contractual, and regulatory requirements for privacy and data protection to information security objectives.

• Relate transborder data movement and import-export issues to data protection, privacy, and intellectual property protection.

• Relate the IT asset management and data security lifecycle models to information security.

• Explain the use of information classification and categorization, as two separate but related processes.

• Describe the different data states and their information security considerations.

• Describe the different roles involved in the use of information, and the security considerations for these roles.

• Describe the different types and categories of information security controls and their use.

• Select data security standards to meet organizational compliance requirements.

• Explain the identity lifecycle as it applies to human and nonhuman users.

• Compare and contrast access control models, mechanisms, and concepts.

• Explain the role of authentication, authorization, and accounting in achieving information security goals and objectives.

• Explain how IAM implementations must protect physical and logical assets.

• Describe the role of credentials and the identity store in IAM systems.

• Describe the major components of security engineering standards.

• Explain major architectural models for information security.

• Explain the security capabilities implemented in hardware and firmware.

• Apply security principles to different information systems architectures and their environments.

• Determine the best application of cryptographic approaches to solving organizational information security needs.

• Manage the use of certificates and digital signatures to meet organizational information security needs.

• Discover the implications of the failure to use cryptographic techniques to protect the supply chain.

• Apply different cryptographic management solutions to meet the organizational information security needs.

• Verify cryptographic solutions are working and meeting the evolving threat of the real world.

• Describe defenses against common cryptographic attacks.

• Develop a management checklist to determine the organization’s cryptologic state of health and readiness.

• Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the OSI model.

• Explain the application of secure design practices in developing network infrastructure.

• Describe the evolution of methods to secure IP communications protocols.

• Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments.

• Describe the evolution of, and security implications for, key network devices.

• Evaluate and contrast the security issues with voice communications in traditional and VoIP infrastructures.

• Describe and contrast the security considerations for key remote access technologies.

• Explain the security implications of software-defined networking (SDN) and network virtualization technologies.

• Recognize the many software elements that can put information systems security at risk.

• Identify and illustrate major causes of security weaknesses in source code.

• Illustrate major causes of security weaknesses in database and data warehouse systems.

• Explain the applicability of the OWASP framework to various web architectures.

• Select malware mitigation strategies appropriate to organizational information security needs.

• Contrast the ways that different software development methodologies, frameworks, and guidelines contribute to systems security.

• Explain the implementation of security controls for software development ecosystems.

• Choose an appropriate mix of security testing, assessment, controls, and management methods for different systems and applications environments.

• Describe the purpose, process, and objectives of formal and informal security assessment and testing.

• Apply professional and organizational ethics to security assessment and testing.

• Explain internal, external, and third-party assessment and testing.

• Explain management and governance issues related to planning and conducting security assessments.

• Explain the role of assessment in data-driven security decision-making.

• Show how to efficiently and effectively gather and assess security data.

• Explain the security benefits of effective change management and change control.

• Develop incident response policies and plans.

• Link incident response to needs for security controls and their operational use.

• Relate security controls to improving and achieving required availability of information assets and systems.

• Understand the security and safety ramifications of various facilities, systems, and infrastructure characteristics.

• Explain how governance frameworks and processes relate to the operational use of information security controls.

• Relate the process of conducting forensic investigations to information security operations.

• Relate business continuity and disaster recovery preparedness to information security operations.

• Explain how to use education, training, awareness, and engagement with all members of the organization as a way to strengthen and enforce information security processes.

• Show how to operationalize information systems and IT supply chain risk management.