This training is taught in English.
To kick the Certified CISO training programme’s first module off, we’ll start with the basics. That means explaining the difference between information security and cybersecurity. Because yes – there is a difference!
We’ll guide you through the process of defining, implementing, and managing an Information Security Governance Programme. That includes how to organise security, the various personnel involved, and their responsibilities.
You’ll get an overview of the fundamental laws, regulations, and standards that could or absolutely will affect your Security Governance Programme. If you plan to work for a multinational, knowing the ins and outs is essential for your strategic planning.
Some of the critical questions we cover include issues like:
- How should you go about establishing and communicating policies, processes, and standards to form the basis of your security programme?
- And how do you turn those things into an effective information security strategy, one that is actionable, measurable, and in line with your company’s corporate objectives?
- Is a security awareness programme really that important?
- And why do we do it all?
Ultimately, these steps all reduce corporate risk, which is why the programme has a solid focus on raising awareness about the current risk management frameworks and how you can practically and efficiently assess and mitigate risks.
We also share the facts and tools you need to make these programmes inherently appealing, leading to the smooth, gradual development of a robust company security culture.
Lastly, there’s a good chance that your security setup will be subject to internal and/or external audits. Audits are required for all sorts of reasons, from verifying that your security programme is working and certifying that it meets a specific standard to satisfying a client’s contractual stipulations, etc. We show you the ropes, summarising what’s essential for putting your own audit programme in place, along with how to comply with external audits.
Why take this course?
By the end of this course, you’ll have a firm grasp on:
- The basics of creating and running a Security Governance Programme
- How to operationalise this programme with the appropriate expertise and effectively boost your company’s security stance
- How to measure and improve your programme, based on regular risk assessments and audits
- How to demonstrate the imperative worth of a Security Governance Programme to management
- Why conducting regular security awareness initiatives is crucial and how to put them together
This course is also the first module in a unique programme intended to lead to formal CISO certification. To check out later modules, download this file: Certified CISO – Security Governance and Compliance_modules
Who is the Certified CISO programme’s ‘Security Governance & Compliance’ module intended for? This module targets cybersecurity officers, managers and other security professionals tasked with crafting a companywide information security upgrade strategy. Those working in risk management and/or conducting security-related audits could also benefit from this course.
What you’ll learn in a nutshell:
- The difference between information security and cyber security
- How information security should/can be organised
- Which personnel and responsibilities are involved
- How to set up a security strategy that is actionable, measurable, and in line with your company’s corporate objectives
- How to set up a solid security awareness programme
- Fundamental laws, regulations, and standards in Belgium and abroad which have an impact on information security
- How to create policies that make sense and can be used to create more detailed processes and standards
- How to effectively analyse and mitigate risks using a selection of standard methodologies
- How to establish your company’s risk appetite
- How to approach third-party risk management
- Audit types you may be confronted with
- How to organise and conduct internal audits
- How to facilitate and comply with external audits and what your rights and obligations are
Educational approach of this course
When it comes to establishing and running a proper Security Governance Programme, there are a variety of approaches. A one-size-fits-all formula doesn’t apply.
And it’s for that reason that this course has a two-fold objective. It aims to introduce you to the current standards and frameworks available and to supply you with the practical skills required to apply them correctly within your organisation.
To accomplish this, we’ve lined up highly skilled professionals who have been in the trenches for years. They share practical advice and workarounds and teach you the core of what you need to know. The course itself blends theoretical models, frameworks, and standards to give you an overview of what’s out there, combined with practical exercises for applying what you’ve learnt in real-life situations.
You’ll be awarded a certificate of completion at the end of the course. This module does not entail any exams or official certification.
Note: Have you got plans to pursue the entire ‘Certified CISO’ programme? In that case, you’ll need a certificate of completion for all modules, and they must have been obtained within the past two years. The first six modules must be completed to start the 7th and final module, the ‘Master Project’, where you will apply the content of the previous modules to a single integrated project. Once finished, and if you obtain a positive evaluation, you’ll be awarded the ‘Certified CISO’ certificate.
Your bonus training package includes:
- Training material (printed and PDF format): handouts of the presentations with notes
- A list of useful links with additional information on standards and frameworks discussed during class
- The exercises and their solutions (where applicable)
How to prepare yourself
This is a classroom-based, non-technical course. Bring something along (e.g., a laptop, notebook, tablet) to take additional notes.
- A basic understanding of IT
- Some experience in a corporate environment as a manager could be beneficial but is not essential.
Click here for more information about our teachers.
1| Define, implement, manage an Information Security Governance Programme
- Information security versus cyber security
- Organisation of information security, roles, and responsibilities
- Defining an effective information security strategy which
- is actionable
- is measurable
- is in line with your company’s corporate objectives
- Security awareness programme to build a security culture
2| Fundamental laws, regulations, and standards
- A global overview of relevant international security & privacy-related laws
- A closer look at:
- ISO27001 / 2
- NIST CSF
- NIST 800-53
- CIS Controls
- NIS / NIS 2
3| What kind of documentation do you really need and why?Usage of policies, processes, and standards
- Who is the target audience for the various security-related documents?
- How do you organise this ‘library’ and make it accessible?
- How do you make sure people know the rules and act accordingly?
1| Risk Management
- Why do you need risk management?
- Basic risk assessment concepts and processes
- Who should be involved?
- Overview of standards and methodologies you can use
2| Third-Party Risk Management
- Why is this topic separate and significant?
- Elements to review as part of third-party risk management:
- Compliance with laws and regulations and related proof
- Contractual requirements, SLAs, penalties
- Right to audit
- Frameworks and methods to help you assess third-party risks
3| Audit Management
- What is auditing, and do I need it?
- Internal audit controls
- Auditing your organisation
- Auditing a third party
- Potential external audits
- By (prospective) customers
- To validate certification
- To verify compliance with laws and regulations
- How to facilitate and comply with audits and your rights
- How to manage non-conformities
We are recognized by:
Registration number KMO portefeuille: DV.O213013
Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 45% or 35% subsidy (for cybersecurity) from the Flemish Government on the cost of registration.
Acknowledgement by Chèque-Formation
The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.