CSMP: Cyber Security

Methodology Professional

Training and Qualification Program

According to the regulation of cyber

professions in Israel

* CISSP and ISO27001 includes also other materials not included in CSMP program.

Being a Cyber Security Methodology Professional:

The CSMP is responsible for formulating, characterizing and

implementing concepts, methods and methodologies in the cybersecurity

world. He will also assimilate Israeli and international regulation and

standardization, as well as aspects of privacy protection, risk management,

and organizational processes, while recognizing and understanding the

organization's activities, needs and goals.

International standards have become the most important factor for

business and risk management!

CSMP: Cyber Security Methodology Professional

1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03

www.see-security.com elvira@see-security.com 2

CSMP: Cyber Security Methodology Professional Training

and Qualification Program

About Our College

See Security College is a highly specialized and

international cyber-security college. Our college is

one of seven colleges of its kind in the world and

deals with cyber-security exclusively, by using

education methodologies which were designed for

state and formal agencies.

The college delivers its study programs worldwide,

through the See Security International brand as

well as through well-known cyber-security agencies

dealing with cyber-defence exportation.

See-Security Technologies CEO, Mr. Avi

Weissman is one of the leaders in the Israeli Cyber

industry, and serves as an advisor and

commentator to the Israeli government on the

regulation of cyber professions standards. In

addition, Mr. Weissman is the founder of the Israeli

Forum for Information Security (IFIS) together with

Maj. Gen. (Res.) and former head of National

Security Council, Yaakov Amidror. He is also a co-

CEO of cyber human resources company, See-HR,

cyber security consulting company, See Secure

Consulting and in the international cyber security

college, See Security International.

The Regulation of Cyber Professions in Israel

The Israeli Forum for Information Security (IFIS),

which operates within the framework of the Prime

Minister's Office as an independent unit, has

decided to implement binding regulation on the

definition of the various professions in the cyber

world, and makes clear recommendations

regarding the content of knowledge for each and

every profession and speciality in the wide-ranged

branch of Cyber Security professions.

About the CSMP Training Program

See Security College has created the first CISO

training program in the world in 2004-2005. The

program closely follows the instructions of the

National Cyber Protection Authority on the one

hand, and on the other hand, the needs and

standards of the Ministry of Defense and of other

international organizations such as ISACA, (ISC)2,

CSA and ISO 27001. The program is updated

constantly, accompanied by the most up-to-date

materials, which will allow you to pass the

certification exams held by International

organizations.

The American National Initiative for Cyber Security

Education (NICE) defined its Mission as well: To

energize and promote a robust network and an

ecosystem of cybersecurity education, training, and

workforce development.

In January 2015, the Israeli National Cyber Bureau

published an official list of core professions,

including: Cyber Security Practitioner (CSP), Cyber

Security Technology Professional (CSTP), Cyber

Security Methodology Professional (CSMP),

Penetration Tester (Hacker), and Forensics

Specialist. The Chief Information Security Officer

(CISO) role is derived from CSTP and CSMP.

In addition, The National Initiative for Cybersecurity

Education (NICE), led by the National Institute of

Standards and Technology (NIST) of the U.S.

Department of Commerce, is a partnership between

government, academia, and the private sector

working to energize and promote a robust network

and an ecosystem of cybersecurity education,

training, and workforce development. NICE fulfills

this mission by coordinating with government,

academic, and industry partners to build on existing

CSMP: Cyber Security Methodology Professional

1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03

www.see-security.com elvira@see-security.com 3

successful programs, facilitate change and

innovation, and bring leadership and vision to

increase the number of skilled cybersecurity

professionals helping to keep our nation secure.

The prestigious CSMP training program is designed

to train cyber defense experts who can advise,

guide and make decisions on information protection

tasks focusing on the administrative-government

aspects (without the technological-tactical aspects

domain). These abilities will be acquired through a

thorough familiarity with knowledge of international,

national, sectoral and business standards,

familiarity with organizational policy, procedures,

and best practices in these areas, including

management techniques. Students will gradually

learn the core-features of the CSMP through

lectures, self-guided homework assignments and

in-vivo practice labs.

In addition to the professional knowledge, the

program will enable its students to be able to pass

part of the ISO 27001 Lead Auditor as well as part

of the CISSP certification exam.

Further, this program was designed in accordance

with the requirements of the cyber authority, and is

intended to prepare students for the (ISC)2 CISSP

prestigious certification exam. Naturally, program's

graduates can also sit easier international exam

certifications such as ISACA's CISM, CompTIA's

Security+ or (ISC)2's SSCP. In the coming year, the

Israeli cyber authority will publish additional

information on these professions and will run

certification exams aimed for architecture and

methodology cyber professionals.

Target Audience

The course is targeted to individuals with a

background in infrastructure, IT or cybersecurity

professionals, or those with a background in

development, with an organizational background.

Entry Requirements

1. Ideally- Previous background in IT and/or

cybersecurity, OR/AND:

2. Organizational background, AND:

3. Readability to invest in self-guided homework

assignments (for a total of 200 practice hours).

4. All candidates must participate in an admission

interview held by the academic administrator of

the program, Mr. Avi Weissman.

* Applicants who do not meet these requirements must be approved for

the program by a special committee held by the academic

administrator.

Pedagogical Requirements

1. Attendance in at least 80% of lectures.

2. At the end of every module, there will be an

examination and/or an assignment. Students

must obtain an average of at least 70%. There

is a possibility to take a make-up exam.

3. In technical modules –"hands-on" practice in

class and at home (using computer labs).

Tuition Fees

9,300 NIS (including registration fees and LTD)*

*a full CISO training program costs 19,400 NIS.

Program Format

The course will be held twice a week, in the

evenings. There will be 104 hours of in-class

lectures (26 sessions. 4 months), and 200

homework assignments. Lectures are held at See-

Security College in Ramat-Gan. The program

opens about three times a year.

Study Format

Administrative and theoretical knowledge as well as

practical assignments, which relates to the world of

methodologies: standards, regulations, risk

management and cyber management

CSMP: Cyber Security Methodology Professional

1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03

www.see-security.com elvira@see-security.com 4

Certifications

Students who will meet the pedagogic

requirements of the program will be awarded by

See-Security College as :

Cyber Security Methodology Professional

In the future, the Cyber Authority intends to

institutionalize a test on its behalf for unique

accreditation in Israel, based on these contents.

Academic Faculty

Such a multidisciplinary and training program

requires extensive and uncompromising use of

dedicated experts, each in its field. The lecturers

include industry leaders, renowned cyber

managers and leading professional experts in their

fields. As a country that takes upon itself to lead in

cyber protection in the world, the college considers

itself committed to high standards and to a very high

standard of lecturers.

Possible Lecturers: Maytal Broocks, Omri Sagron,

Shuky Price, Oren Elimelech, Avner Ben Ephraim,

Itzik Haberberg, Assaf Kolsky, Yariv Yifrach, Naor

Moreno, Nadav Nachmias, Itzik Kochav and Yishai

Wertheimer.

Remarks

1. Opening of the course depends on the number

of enrolled applicants.

2. Registration fees are not refundable, excluding

the event that the college does not open the

program.

3. Any costs of external examination are not

included in the tuition fees of the program.

4. There may be some changes in the program

layout, exams or any other issues. The College

Board will inform students before making such

alterations.

Further Information

Administrative information:

Mrs. Elvira Eliseev, 03-6122831, 052-8787889

elvira@see-security.com

Academic Information:

Mr. Avi Weissman, 03-6122831, 054-5222305

avi@seesecurity.com

Please Note!

The counseling and screening process of the

academic advisor is important for assuring your

chances of succeeding in this program and / or

in other programs, as well as in your

professional future.

.

CSMP: Cyber Security Methodology Professional

1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03

www.see-security.com elvira@see-security.com 5

CSMP: Cyber Security Methodology Professional

1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03

www.see-security.com elvira@see-security.com 6

Curriculum

40 Cyber Methodology / GRC: InfoSec Governance, Risk & Compliance

The world of information security maintains an intimate interrelationship with the field of government, risk management and corporate compliance. This is a discipline with three aspects: organizational risk management as a result of a cyber event, compliance with management requirements, and the requirements of law and regulation in relevant aspects (e.g., the Protection of Privacy Law, Regulation 7809, 627). The ISCA-CISSP, ISACA-CISM, ISO 27000, SOX, DoD, PCI, ISC2-CISSP standards security, Israeli legislation, and industry regulations will be reviewed according to the daily practice.

Legal & Regulatory: The Applicable Legislation, The privacy Act, Information reservoirs Registration & Protection, The Regulation, 357, 257, SOX & iSOX, BASEL II, HIPPA, 361, 367

Governance, Strategic plan: Corporate Governance Defined, InfoSec Governance,

Program Management: The InfoSec Program from Three Points of View, Security Architecture Defined, Policies, Standards, Procedures, Baselines & Guidelines, InfoSec as a Process, Process Quality Management

ISO 27001 Lead Auditor Preparation Corporate, IT & InfoSec Governance Relationship, Corporate strategy defined, Infosec Positioning, Infosec Strategy, InfoSec Strategic Planning. Statement of Applicability

Controls & Control Objectives: ISO 27001 -ISMS, InfoSec Control Objectives

Control Environment: Controls, Designing a Control Environment, Cobit, COSO

Privacy in the Digital Age

Program Audit & Maintenance: Internal Audit Defined, IT General Audit, Infosec Audit, Program Improvement, Vulnerability Assessment, Pen tests

52 CISO Function and Role

What does the Information Security Manager do? What is its list of tasks and what is the correct order to carry them out? How does the product of each action become the raw material of the next action? The Unwritten Law of CISO Functions.

The Evolving CISO Role

Risk Assessment: Risk Management Fundamentals, Risk Assessment, Qualitative and Quantitative Assessment, The Hybrid approach, Asset Management, MSAT, Identifying Asset Vulnerability, Formalizing Risk Statement, Risk Register, Prioritizing Risk, Stating Solutions

InfoSec Processes: InfoSec Process & Process Catalogue, Process & Program maturity

InfoSec Project: Project Management Defined, Creating an InfoSec Project, Business Case - Business Case

The IAM Process: Role Definition, Workflow, User Provisioning / De-provisioning, Audit & monitor

Capital Planning & Investment Control: Capital Planning & Budget Decision, Corrective Action Impact and Priority, System Based Project Scoping, Enterprise Project Scoping, Choosing Your Battle, Project Investment Control,

Corporate InfoSec Policy: The Need for a Corporate InfoSec Policy, Policy Governance & Authority, Scope, Responsibility & Accountability, The Policy Chapters

BCM - Business Continuity Management: BCM Planning, COOP, CCP, ORP, ITCP, CIP, BRP, DRP, DRP Project

Relationship & Communication: Implementing a Security & Awareness Program - Creating & Implementing a Security Marketing Plan

Measuring Security: Security measurements & Metrics Implementing metrics in security processes (KPI, KRI).

Putting it all Together: The New CISO 1st Year Timeline, from Security Strategy to Governance to Security Program & Projects

CSMP: Cyber Security Methodology Professional

1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03

www.see-security.com elvira@see-security.com 7

CSMP Applicant Declaration

I hereby confirm that I have received this information sheet, understand its contents and agree to the terms set

out therein.

Name_____________________ Date __________________ Signature _____________________________

We invented a Technology

for cyber education,

because nobody else did.