1. The five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
2. **https://www.csisc.uk/ **
3. Domain 2
3.1. IS Management Controls and Auditing Management
3.1.1. • Designing, deploying, and managing security controls • Understanding security controls types and objectives • Implementing control assurance frameworks • Understanding the audit management process
4. Domain 1
4.1. Governance (Policy, Legal & Compliance)
4.1.1. • Information Security Management Program • Defining an Information Security Governance Program • Regulatory and Legal Compliance • Risk Management
5. Domain 3
5.1. The day-to-day responsibilities of a CISO
5.1.1. • The role of the CISO • Information Security Projects • Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
6. Domain 5
6.1. Areas with which many more technically inclined professionals may have the least experience, including:
6.1.1. • Security Strategic Planning • Alignment with business goals and risk tolerance • Security emerging trends • Key Performance Indicators (KPI) • Financial Planning • Development of business cases for security • Analysing, forecasting, and developing a capital expense budget • Analysing, forecasting, and developing an operating expense budget • Return on Investment (ROI) and cost-benefit analysis • Vendor management • Integrating security requirements into the contractual agreement and procurement process
7. Domain 4
7.1. The technical aspects of the CISO from an executive perspective
7.1.1. • Access Controls • Physical Security • Disaster Recovery and Business Continuity Planning • Network Security • Threat and Vulnerability Management • Application Security • System Security • Encryption • Vulnerability Assessments and Penetration Testing • Computer Forensics and Incident Response