This training is taught in English.
The second module of the Certified CISO training programme is a bit more technical, diving into the world of security architectures. We do not only touch on theoretical architecture models and how to manage them but also talk about IoT, OT/ICS and cloud security concepts. Business continuity and disaster recovery is also part of this course as certain high availability set-ups have impact on how you put your architecture together.
Too technical you think. Don’t worry. We’ll teach you just about enough to have a meaningful conversation with your (security) architect(s). As a CISO, it is important to realize the impact certain security strategies may have on the overall IT set-up. It is important to be able to speak the same language – that’s why this module is geared towards bridging the gap between business risks and the more technical side of things.
At the end of this course, you will know which architectural frameworks are mostly used, how security integrates with them, and how to manage these components. But it is not only about architectures.
You will also receive practical advice and pointers on:
- Internet of Things security
- OT/ICS security
- Cloud security
- Business Continuity / Disaster Recovery
As such, you will receive a solid basis on security architectural set-ups and practices regardless of the sector you’re in.
Why take this course?
By the end of this course, you’ll have a firm grasp on:
- The meaning behind so-called “zero trust” architectures
- The major enterprise architecture frameworks and how security fits in
- The various cloud service models and the various security features associates with them
- The “shared responsibility” model when using cloud services and possible pitfalls and areas of attention
- OT/ICS security and how it differs from IT security
- Internet of Things major risks and current initiatives to tackle the issues
- Disaster Recovery and Business Continuity: what’s the difference, how to create a BCP and how to apply high-availability principles in our architecture?
This course is also the second module in a unique programme intended to lead to formal CISO certification. To check out other modules, download this file: Certified CISO Track – modules 1-7.
Who is the Certified CISO programme’s ‘Security Architecture’ module intended for? This module targets information and cybersecurity officers, managers and other security professionals tasked with crafting a companywide information security upgrade strategy. As a CISO, it is important to know a bit of everything, including the more technical aspects of security, so you are able to assess the impact on IT and the company as a whole when putting together your strategy. This module zooms in on a variety of possible security architectures and approaches, not to transform you into a security architect, but to introduce you to the concepts.
What you’ll learn in a nutshell:
- What is a “zero-trust” architecture?
- What are the major enterprise architecture frameworks?
- How to apply security principles in these architectural frameworks?
- How to manage architectural domains and building blocks in an architecture repository?
- Introduction to the 3 basic cloud service models and the shared responsibility concept
- Possible pitfalls and areas of attention when it comes to cloud security
- Which best practice resources are available to help you with cloud service security
- Comparison between security controls of your own data centre, MS Azure, Amazon Web services and Google Cloud
- Internet of Things security risks
- On-going initiatives and guidance to security IoT devices and their networks
- What is OT and ICS and why is it different form It when it comes to security?
- Which standards and frameworks can help you security OT/ICS environments?
- The difference between disaster recovery and business continuity
- How to build a business continuity plan, based on a BIA (Business Impact Assessment)?
- Which standards and frameworks can guide you while building a BCP?
- High availability considerations on various architectural levels
When it comes to establishing a Security Architecture, there are a variety of approaches. Multiple frameworks and concepts exist.
And it’s for that reason that this course has a two-fold objective. It aims to introduce you to the most important architectural frameworks available and to supply you with some practical insights required to apply them in cooperation with your (security) architect(s).
To accomplish this, we’ve lined up highly skilled professionals who have been in the trenches for years. They share practical advice and workarounds and teach you the core of what you need to know. The course itself blends theoretical models and frameworks to give you an overview of what’s out there, combined with practical exercises for applying what you’ve learnt in real-life situations.
You’ll be awarded a certificate of completion at the end of the course. This module does not entail any exams or official certification.
Note: Have you got plans to pursue the entire ‘Certified CISO’ programme? In that case, you’ll need a certificate of completion for all modules, and they must have been obtained within the past two years. The first six modules must be completed to start the 7th and final module, the ‘Master Project’, where you will apply the content of the previous modules to a single integrated project. Once finished, and if you obtain a positive evaluation, you’ll be awarded the ‘Certified CISO’ certificate.
Your bonus training package includes:
- Training material (printed and PDF format): handouts of the presentations with notes
- A list of useful links with additional information on architecture standards and frameworks discussed during class
- The exercises and their solutions (where applicable)
How to prepare yourself
This is a classroom-based, non-technical course. Bring something along (e.g., a laptop, notebook, tablet) to take additional notes.
- A basic understanding of IT
- Some experience in a corporate environment as a manager could be beneficial but is not essential.
Click here for more information about our teachers.
1| What is Security Architecture?
- 3 types of Security Architecture: Enterprise, Project, Security specific solutions
2| What is the role of a Security Architect in a CISO Office?
- Governance role
- Engineering role
3| How does Zero Trust relate to Security Architecture?
- How does Zero Trust, as a set guiding principles, drive the outcome of the design
4| What are the most common enterprise architecture frameworks?
- Overview most common ones and how these are applied in organizations
3| Where is the link with Security Control Frameworks?
- Part of the Security Architect toolkit are Security Control Frameworks
5| How to apply security principles in these architectural frameworks?
6| How to manage architectural domains and building blocks in an architecture repository?
7| Introduction to the 3 basic cloud service models and the shared responsibility concept
8| Changing role/activities of the security architect in a Public Cloud context
9| Possible pitfalls and areas of attention when it comes to cloud security
10| Which best practice resources are available to help you with cloud service security
1| Internet of Things
- What is meant with “Internet of Things” and why is security still an issue?
- What are the major risks involved?
- On-going initiatives and guidance to secure IoT devices and their networks:
- EU’s Cybersecurity Strategy in the Digital Decade
- ENISA IoT and Smart Infrastructures
2| OT/ICS Security
- What do we mean with OT and ICS?
- What are the fundamental differences between IT and OT Security?
- Which standards and frameworks can help you secure OT environments?
- ISA/IEC 62443
- NIST’s Guide to Industrial Control Systems (ICS) Security
- How do you bridge the gap between IT and OT Security as a CISO?
3| Disaster Recovery / Business Continuity
- What is the difference between Disaster Recovery and Business Continuity
- How to build a Business Continuity Plan?
- What is a Business Impact Assessment (BIA)?
- Which standards can help you with a BCM?
- ISO22301:2019: Security and Resilience – Business Continuity management systems
- ISO22313:2020: providing guidance on ISO22301
- High availability considerations on various architectural levels
We are recognized by:
Registration number KMO portefeuille: DV.O213013
Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 45% or 35% subsidy from the Flemish Government on the cost of registration.
Acknowledgement by Chèque-Formation
The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.