CISO M1: Security Governance and Compliance

This training is taught in English.

To kick off the Certified CISO training programme’s first module, we’ll start with the basics. That means explaining the difference between information security and cybersecurity. Because yes – there is a difference!

We’ll guide you through the process of defining, implementing, and managing an Information Security Governance Programme. That includes how to organise security, the various personnel involved, and their responsibilities.

You’ll get an overview of the fundamental laws, regulations, and standards that could or absolutely will affect your Security Governance Programme. If you plan to work for a multinational, knowing the ins and outs is essential for your strategic planning.

Some of the critical questions we cover include issues like:

• How should you go about establishing and communicating policies, processes, and standards to form the basis of your security programme?
• And how do you turn those things into an effective information security strategy, one that is actionable, measurable, and in line with your company’s corporate objectives?
• Is a security awareness programme really that important?
• And why do we do it all?

Ultimately, these steps all reduce corporate risk, which is why the programme has a solid focus on raising awareness about the current risk management frameworks and how you can practically and efficiently assess and mitigate risks.

We also share the facts and tools you need to make these programmes inherently appealing, leading to the smooth, gradual development of a robust company security culture.

Lastly, there’s a good chance that your security setup will be subject to internal and/or external audits. Audits are required for all sorts of reasons, from verifying that your security programme is working and certifying that it meets a specific standard to satisfying a client’s contractual stipulations, etc. We show you the ropes, summarising what’s essential for putting your own audit programme in place, along with how to comply with external audits.

Why take this course?

By the end of this course, you’ll have a firm grasp on:

• The basics of creating and running a Security Governance Programme
• How to operationalise this programme with the appropriate expertise and effectively boost your company’s security stance
• How to measure and improve your programme, based on regular risk assessments and audits
• How to demonstrate the imperative worth of a Security Governance Programme to management
• Why conducting regular security awareness initiatives is crucial and how to put them together

This course is also the first module in a unique programme intended to lead to formal CISO certification. To check out other modules, download this file: CISO Brochure download.

Target group

Who is the Certified CISO programme’s  ‘Security Governance & Compliance’ module intended for? This module targets cybersecurity officers, managers and other security professionals tasked with crafting a companywide information security upgrade strategy. Those working in risk management and/or conducting security-related audits could also benefit from this course.

Learning goals

What you’ll learn in a nutshell:

• The difference between information security and cyber security
• How information security should/can be organised
• Which personnel and responsibilities are involved
• How to set up a security strategy that is actionable, measurable, and in line with your company’s corporate objectives
• How to set up a solid security awareness programme
• Fundamental laws, regulations, and standards in Belgium and abroad which have an impact on information security
• How to create policies that make sense and can be used to create more detailed processes and standards
• How to effectively analyse and mitigate risks using a selection of standard methodologies
• How to establish your company’s risk appetite
• How to approach third-party risk management
• Audit types you may be confronted with
• How to organise and conduct internal audits
• How to facilitate and comply with external audits and what your rights and obligations are

Educational approach of this course

When it comes to establishing and running a proper Security Governance Programme, there are a variety of approaches. A one-size-fits-all formula doesn’t apply.

And it’s for that reason that this course has a two-fold objective. It aims to introduce you to the current standards and frameworks available and to supply you with the practical skills required to apply them correctly within your organisation.

To accomplish this, we’ve lined up highly skilled professionals who have been in the trenches for years. They share practical advice and workarounds and teach you the core of what you need to know. The course itself blends theoretical models, frameworks, and standards to give you an overview of what’s out there, combined with practical exercises for applying what you’ve learnt in real-life situations.

End product

You’ll be awarded a certificate of completion at the end of the course. This module does not entail any exams or official certification.

Note: Have you got plans to pursue the entire ‘Certified CISO’ programme? In that case, you’ll need a certificate of completion for all modules, and they must have been obtained within the past two years. The first six modules must be completed to start the 7^th and final module, the ‘Master Project’, where you will apply the content of the previous modules to a single integrated project. Once finished, and if you obtain a positive evaluation, you’ll be awarded the ‘Certified CISO’ certificate.

Your bonus training package includes:

• Training material (printed and PDF format): handouts of the presentations with notes
• A list of useful links with additional information on standards and frameworks discussed during class
• The exercises and their solutions (where applicable)

How to prepare yourself

This is a classroom-based, non-technical course. Bring something along (e.g., a laptop, notebook, tablet) to take additional notes.

Course prerequisites:

• A basic understanding of IT
• Some experience in a corporate environment as a manager could be beneficial but is not essential.

Click here for more information about our teachers.

Get updates on this training? 

Would you like to be kept up to date on CISO trainings?
Subscribe below.