csmp: cyber security methodology professional training and ... · education (nice) defined its...
TRANSCRIPT
CSMP: Cyber Security
Methodology Professional
Training and Qualification Program
According to the regulation of cyber
professions in Israel
* CISSP and ISO27001 includes also other materials not included in CSMP program.
Being a Cyber Security Methodology Professional:
The CSMP is responsible for formulating, characterizing and
implementing concepts, methods and methodologies in the cybersecurity
world. He will also assimilate Israeli and international regulation and
standardization, as well as aspects of privacy protection, risk management,
and organizational processes, while recognizing and understanding the
organization's activities, needs and goals.
International standards have become the most important factor for
business and risk management!
CSMP: Cyber Security Methodology Professional
1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03
www.see-security.com [email protected] 2
CSMP: Cyber Security Methodology Professional Training
and Qualification Program
About Our College
See Security College is a highly specialized and
international cyber-security college. Our college is
one of seven colleges of its kind in the world and
deals with cyber-security exclusively, by using
education methodologies which were designed for
state and formal agencies.
The college delivers its study programs worldwide,
through the See Security International brand as
well as through well-known cyber-security agencies
dealing with cyber-defence exportation.
See-Security Technologies CEO, Mr. Avi
Weissman is one of the leaders in the Israeli Cyber
industry, and serves as an advisor and
commentator to the Israeli government on the
regulation of cyber professions standards. In
addition, Mr. Weissman is the founder of the Israeli
Forum for Information Security (IFIS) together with
Maj. Gen. (Res.) and former head of National
Security Council, Yaakov Amidror. He is also a co-
CEO of cyber human resources company, See-HR,
cyber security consulting company, See Secure
Consulting and in the international cyber security
college, See Security International.
The Regulation of Cyber Professions in Israel
The Israeli Forum for Information Security (IFIS),
which operates within the framework of the Prime
Minister's Office as an independent unit, has
decided to implement binding regulation on the
definition of the various professions in the cyber
world, and makes clear recommendations
regarding the content of knowledge for each and
every profession and speciality in the wide-ranged
branch of Cyber Security professions.
About the CSMP Training Program
See Security College has created the first CISO
training program in the world in 2004-2005. The
program closely follows the instructions of the
National Cyber Protection Authority on the one
hand, and on the other hand, the needs and
standards of the Ministry of Defense and of other
international organizations such as ISACA, (ISC)2,
CSA and ISO 27001. The program is updated
constantly, accompanied by the most up-to-date
materials, which will allow you to pass the
certification exams held by International
organizations.
The American National Initiative for Cyber Security
Education (NICE) defined its Mission as well: To
energize and promote a robust network and an
ecosystem of cybersecurity education, training, and
workforce development.
In January 2015, the Israeli National Cyber Bureau
published an official list of core professions,
including: Cyber Security Practitioner (CSP), Cyber
Security Technology Professional (CSTP), Cyber
Security Methodology Professional (CSMP),
Penetration Tester (Hacker), and Forensics
Specialist. The Chief Information Security Officer
(CISO) role is derived from CSTP and CSMP.
In addition, The National Initiative for Cybersecurity
Education (NICE), led by the National Institute of
Standards and Technology (NIST) of the U.S.
Department of Commerce, is a partnership between
government, academia, and the private sector
working to energize and promote a robust network
and an ecosystem of cybersecurity education,
training, and workforce development. NICE fulfills
this mission by coordinating with government,
academic, and industry partners to build on existing
CSMP: Cyber Security Methodology Professional
1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03
www.see-security.com [email protected] 3
successful programs, facilitate change and
innovation, and bring leadership and vision to
increase the number of skilled cybersecurity
professionals helping to keep our nation secure.
The prestigious CSMP training program is designed
to train cyber defense experts who can advise,
guide and make decisions on information protection
tasks focusing on the administrative-government
aspects (without the technological-tactical aspects
domain). These abilities will be acquired through a
thorough familiarity with knowledge of international,
national, sectoral and business standards,
familiarity with organizational policy, procedures,
and best practices in these areas, including
management techniques. Students will gradually
learn the core-features of the CSMP through
lectures, self-guided homework assignments and
in-vivo practice labs.
In addition to the professional knowledge, the
program will enable its students to be able to pass
part of the ISO 27001 Lead Auditor as well as part
of the CISSP certification exam.
Further, this program was designed in accordance
with the requirements of the cyber authority, and is
intended to prepare students for the (ISC)2 CISSP
prestigious certification exam. Naturally, program's
graduates can also sit easier international exam
certifications such as ISACA's CISM, CompTIA's
Security+ or (ISC)2's SSCP. In the coming year, the
Israeli cyber authority will publish additional
information on these professions and will run
certification exams aimed for architecture and
methodology cyber professionals.
Target Audience
The course is targeted to individuals with a
background in infrastructure, IT or cybersecurity
professionals, or those with a background in
development, with an organizational background.
Entry Requirements
1. Ideally- Previous background in IT and/or
cybersecurity, OR/AND:
2. Organizational background, AND:
3. Readability to invest in self-guided homework
assignments (for a total of 200 practice hours).
4. All candidates must participate in an admission
interview held by the academic administrator of
the program, Mr. Avi Weissman.
* Applicants who do not meet these requirements must be approved for
the program by a special committee held by the academic
administrator.
Pedagogical Requirements
1. Attendance in at least 80% of lectures.
2. At the end of every module, there will be an
examination and/or an assignment. Students
must obtain an average of at least 70%. There
is a possibility to take a make-up exam.
3. In technical modules –"hands-on" practice in
class and at home (using computer labs).
Tuition Fees
9,300 NIS (including registration fees and LTD)*
*a full CISO training program costs 19,400 NIS.
Program Format
The course will be held twice a week, in the
evenings. There will be 104 hours of in-class
lectures (26 sessions. 4 months), and 200
homework assignments. Lectures are held at See-
Security College in Ramat-Gan. The program
opens about three times a year.
Study Format
Administrative and theoretical knowledge as well as
practical assignments, which relates to the world of
methodologies: standards, regulations, risk
management and cyber management
CSMP: Cyber Security Methodology Professional
1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03
www.see-security.com [email protected] 4
Certifications
Students who will meet the pedagogic
requirements of the program will be awarded by
See-Security College as :
Cyber Security Methodology Professional
In the future, the Cyber Authority intends to
institutionalize a test on its behalf for unique
accreditation in Israel, based on these contents.
Academic Faculty
Such a multidisciplinary and training program
requires extensive and uncompromising use of
dedicated experts, each in its field. The lecturers
include industry leaders, renowned cyber
managers and leading professional experts in their
fields. As a country that takes upon itself to lead in
cyber protection in the world, the college considers
itself committed to high standards and to a very high
standard of lecturers.
Possible Lecturers: Maytal Broocks, Omri Sagron,
Shuky Price, Oren Elimelech, Avner Ben Ephraim,
Itzik Haberberg, Assaf Kolsky, Yariv Yifrach, Naor
Moreno, Nadav Nachmias, Itzik Kochav and Yishai
Wertheimer.
Remarks
1. Opening of the course depends on the number
of enrolled applicants.
2. Registration fees are not refundable, excluding
the event that the college does not open the
program.
3. Any costs of external examination are not
included in the tuition fees of the program.
4. There may be some changes in the program
layout, exams or any other issues. The College
Board will inform students before making such
alterations.
Further Information
Administrative information:
Mrs. Elvira Eliseev, 03-6122831, 052-8787889
Academic Information:
Mr. Avi Weissman, 03-6122831, 054-5222305
Please Note!
The counseling and screening process of the
academic advisor is important for assuring your
chances of succeeding in this program and / or
in other programs, as well as in your
professional future.
.
CSMP: Cyber Security Methodology Professional
1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03
www.see-security.com [email protected] 5
CSMP: Cyber Security Methodology Professional
1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03
www.see-security.com [email protected] 6
Curriculum
40 Cyber Methodology / GRC: InfoSec Governance, Risk & Compliance
The world of information security maintains an intimate interrelationship with the field of government, risk management and corporate compliance. This is a discipline with three aspects: organizational risk management as a result of a cyber event, compliance with management requirements, and the requirements of law and regulation in relevant aspects (e.g., the Protection of Privacy Law, Regulation 7809, 627). The ISCA-CISSP, ISACA-CISM, ISO 27000, SOX, DoD, PCI, ISC2-CISSP standards security, Israeli legislation, and industry regulations will be reviewed according to the daily practice.
Legal & Regulatory: The Applicable Legislation, The privacy Act, Information reservoirs Registration & Protection, The Regulation, 357, 257, SOX & iSOX, BASEL II, HIPPA, 361, 367
Governance, Strategic plan: Corporate Governance Defined, InfoSec Governance,
Program Management: The InfoSec Program from Three Points of View, Security Architecture Defined, Policies, Standards, Procedures, Baselines & Guidelines, InfoSec as a Process, Process Quality Management
ISO 27001 Lead Auditor Preparation Corporate, IT & InfoSec Governance Relationship, Corporate strategy defined, Infosec Positioning, Infosec Strategy, InfoSec Strategic Planning. Statement of Applicability
Controls & Control Objectives: ISO 27001 -ISMS, InfoSec Control Objectives
Control Environment: Controls, Designing a Control Environment, Cobit, COSO
Privacy in the Digital Age
Program Audit & Maintenance: Internal Audit Defined, IT General Audit, Infosec Audit, Program Improvement, Vulnerability Assessment, Pen tests
52 CISO Function and Role
What does the Information Security Manager do? What is its list of tasks and what is the correct order to carry them out? How does the product of each action become the raw material of the next action? The Unwritten Law of CISO Functions.
The Evolving CISO Role
Risk Assessment: Risk Management Fundamentals, Risk Assessment, Qualitative and Quantitative Assessment, The Hybrid approach, Asset Management, MSAT, Identifying Asset Vulnerability, Formalizing Risk Statement, Risk Register, Prioritizing Risk, Stating Solutions
InfoSec Processes: InfoSec Process & Process Catalogue, Process & Program maturity
InfoSec Project: Project Management Defined, Creating an InfoSec Project, Business Case - Business Case
The IAM Process: Role Definition, Workflow, User Provisioning / De-provisioning, Audit & monitor
Capital Planning & Investment Control: Capital Planning & Budget Decision, Corrective Action Impact and Priority, System Based Project Scoping, Enterprise Project Scoping, Choosing Your Battle, Project Investment Control,
Corporate InfoSec Policy: The Need for a Corporate InfoSec Policy, Policy Governance & Authority, Scope, Responsibility & Accountability, The Policy Chapters
BCM - Business Continuity Management: BCM Planning, COOP, CCP, ORP, ITCP, CIP, BRP, DRP, DRP Project
Relationship & Communication: Implementing a Security & Awareness Program - Creating & Implementing a Security Marketing Plan
Measuring Security: Security measurements & Metrics Implementing metrics in security processes (KPI, KRI).
Putting it all Together: The New CISO 1st Year Timeline, from Security Strategy to Governance to Security Program & Projects
CSMP: Cyber Security Methodology Professional
1 Jabotinsky St. Ramat-Gan – 05252 , T: 6122831-03 , F: 6122593-03
www.see-security.com [email protected] 7
CSMP Applicant Declaration
I hereby confirm that I have received this information sheet, understand its contents and agree to the terms set
out therein.
Name_____________________ Date __________________ Signature _____________________________
We invented a Technology
for cyber education,
because nobody else did.