Certified Security Compliance Specialist™ (CSCS™)
A 2-Day Instructor-Led Security Compliance Program

Program Testimonials

Why CSCS™?

Increasingly, businesses are challenged with both securing their digital assets and the information infrastructure as well achieving full compliance with numerous legislations and regulations that impact their industry. Healthcare, financial, government and other verticals are required to constantly monitor the changing dynamics of their infrastructure to mitigate risks and vulnerabilities as well as ensure compliance with international as well as U.S. federal and state legislations and industry best practices. Further, United States federal information systems and those of their business associates must meet specific certification and accreditation security guidelines.

CSCS™ Program Covers Major Information Security Regulations & Standards

The CSCS™ Program is the first and only program in the world that provides a comprehensive treatment of major information security regulations and standards. You can expect to learn and understand core requirements of the following from the CSCS™ program:

• ISO Standards including 27001, 27002, 27799
• PCI DSS
• COBIT Security Baseline
• FISMA
• HIPAA
• U.S. State Regulations on Information Security
• FACTA, Red Flag Rules – Identity Theft
  
  

The Certified Security Compliance Specialist™ (CSCS™) credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.

Compliance is big business. Legislation (including guidelines and standards) such as Sarbanes-Oxley, PIPEDA, FFIEC, HIPAA, FACTA and standards such as the ISO 27000 are a requirement for organizations to comply with. A key objective for organizations worldwide is to integrate security best practices and be in compliance. Skilled professionals who understand regulatory compliance requirements and information security are valued across several industries, especially healthcare, financial and the government.

The Certified Security Compliance Specialist™ (CSCS™) is a unique program of its type in the compliance and security industry - indeed the first of its type in the world. It is laser-beam focused on thoroughly examining compliance requirements and establishing best practices that can be applied in securing today’s digital business information infrastructure.

Organizations are quickly moving to a digital ecosystem that is governed by strict regulatory compliance requirements. Validate your compliance security skills and knowledge and distinguish yourself with the credential, Certified Security Compliance Specialist™ (CSCS™).

Distinguish Yourself in the Marketplace – Get the CSCS™ Credential!

Just having a background in Information Technology (IT) or information security is not sufficient anymore for the challenges of business today. Employers are looking for individuals who not only have IT skills but also understand compliance regulations that impact their industry and business – because these are priorities that must be met.

Learning Objectives

From this compliance and security training program you will:

• Examine the security aspects of the SOX legislation with emphasis on key sections and critical compliance steps. Examine the COBIT security baseline.
• Learn about FISMA, NERC CSS, and the HIPAA Security Rule.
• Step through the core requirements of PCI DSS.
• Analyze the international security standard, ISO’s 27001, ISO 27002, ISO 27799 and others.
• Learn about authentication requirements in published guidance documents
• Examine California’s SB 1386, SB 541, AB 1950, AB 1298, AB 211 and other U.S. State information security related regulations.
• Understand the security certification and accreditation process for U.S. federal information systems. This is an important requirement for business associates worldwide.
• Review international regulations including PIPEDA, PIP, European Union’s DPD and EC Directive, Australia’s Privacy Act, and the UK’s Data Protection Act, Freedom of Information Act.
• Step through the FTC final rules and guidelines for implementing FACTA.
• Step through processes for conducting a comprehensive risk analysis and vulnerability assessments.
• Review key contingency compliance requirements for developing the framework for disaster recovery and emergency mode operation plans.
  
  

Prerequisite Requirements

• To be certified as a CSCS™, the candidate must attend the two-day CSCS™ training session delivered by ecfirst or any of its Authorized Partners. For a list of scheduled dates and locations, please visit www.ecfirst.com.
• It is strongly recommended that the candidate pass a major security certification exam such as CISSP, CISA or CISM or have equivalent knowledge and experience.
  
  

Practice Exam

The complete two-day CSCS™ program is of value to compliance professionals and managers, security officers, security practitioners, privacy officers and senior IT professionals.

Target Audience

The CSCS™ Practice Exam is available through Prometric. The cost of the practice exam is $75 and you are permitted to take the practice exam for a maximum of 3 times over a 2 week period. Contact ecfirst at +1.515.453.8247 x20 to purchase a CSCS™ Practice Exam voucher or if you need additional information.

The CSCS™ Exam

The Certified Security Compliance Specialist™ (CSCS™) exam is delivered globally through the Prometric system (http://ibt.prometric.com/cscs). The CSCS™ exam validates knowledge and skill sets in information security for the following legislations, standards and frameworks:

1. Financial Regulations (e.g. SOX, COBIT, PCI DSS) --- (20% of exam)
2. Digital Healthcare & Security (e.g. HIPAA, ISO 27799) --- (20% of exam)
3. International Security Standards (e.g. ISO 27000, Other International) --- (20% of exam)
4. U.S. National and State Standards (e.g. FISMA, State laws) --- (20% of exam)
5. Business Continuity Planning (e.g. BIA, NIST guidelines) --- (20% of exam)

The first four sections of the CSCS™ exam focus in the area of “security” for regulatory compliance. The last section of the exam emphasizes the “availability” principle that is required by legislations.

CSCS™ exam questions are developed with the intent of measuring and testing practical knowledge and application of general concepts and standards in the area ofregulatory compliance and information security. All questions are multiple choice and are designed with one BEST answer.

Every CSCS™ exam question has a stem (question) and five options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may be included. These questions normally include a description of a situation and require the candidate to answer one or more questions based on the information provided.

The candidate is cautioned to READ the question carefully. Many times a CSCS™ exam question will require the candidate to choose the appropriate answer that is MOST LIKELY or BEST. In each instance, the candidate is required to read the question carefully, eliminate known incorrect answers and then make the best choice possible.

All questions should be answered. There are no penalties for incorrect answers. Grades are based solely on the number of questions answered correctly; so do not leave any questions blank. At the conclusion of each exam, test questions are reviewed. Questions identified as being ambiguous or having technical flaws will either not be used in the grading process or will be given multiple correct answer keys.

Course Outline

Module 1: Regulatory Compliance and Security

• State of Security
• U.S. Legislations
  • FDA’s CFR 21
  • GLB
  • NERC CSS
• Important International Regulations
  • Japan’s PIP
  • Canada’s PIPEDA
  • Australia’s Privacy Act
  • European Union’s DPD
  • EC Directive
  • UK’s Data Protection Act
  • UK’s Freedom of Information Act
    
    

Module 2: Financial Services and Security

• Key Sections of Sarbanes-Oxley
• Technology and Security Impact
  • Security Architecture and Infrastructure
• COBIT Security Baseline
  • Control Objectives
  • Security Domains

Module 3: PCI DSS Requirements

• Objective
• Control Objectives
• Defined Requirements
• Critical References
  
  

Case Study: Identity Theft (FACTA, Red Flags)

Step through the Federal Trade Commission (FTC) final rules and guidelines for implementing the Fair and Accurate Credit Transactions Act (FACTA). Under these regulations, the “Red Flags Rule” was adopted which requires organizations holding consumer or other “covered accounts” to develop and implement an identity theft prevention program.

Module 4: U.S. State Government Requirements

• California’s SB 1386 and SB 541
• California’s AB 1950, AB 1298, and AB 211
• Nevada’s 597.970
• Massachusetts’s 201 CMR 17.00
• Data Breach Challenges
• Encryption Requirements

Module 5: Digital Healthcare & Security, HIPAA

• Healthcare Security Challenges
• U.S. HIPAA Security Legislation
• Administrative Safeguards
• Physical Safeguards
• Technical Safeguards
• ISO 27799 Standard

Module 6: ISO 27001/2 Standards

• Introduction to ISO 27001
  • Security Framework Requirements
• ISO 27002 Standard
• Scope
• Key Clauses, Categories and Controls
  • Definition
  • Requirements

Module 7: U.S. Government Security Requirements

• U.S. Federal System Requirements
• Common Security Controls
• FISMA
  • Core Objectives & Requirements
  • Federal Information Security Incident Center
• Key U.S. Government Security References & Guidelines

Module 8: Business Continuity Planning (BCP)

• Definition and Scope
• Components of a Contingency Plan
  • Disaster Recovery Plan
  • Emergency Mode Operation Plan
• Classification of Information
• Classification of Threats
• Types of Alternate Sites
• Getting Started
  • Conducting a Business Impact Analysis (BIA)
    • Key Activities
  • Developing Your Disaster Recovery Plan (DRP)
    
    

Case Study: Conducting a Business Impact Analysis (BIA)

Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report.

Module 9: Getting Compliant, Integrating Best Practices

• Information Security Strategy
• Enterprise Security Methodology
  • Critical Steps
  • Integrate Compliance Requirements
• Risk Analysis
  • Definition and Scope
  • Information System Activity Review
  • Key Project Phases
  • Vulnerability Assessment Tools
• NIST Security Guidelines
• Getting Started
  • Developing Your Information Security Policies
    
    

Case Study: Sample Information Security Policy Templates

Step through key sections of critical information security templates in-class. Review sample policy types and organization. All CSCS™ candidates that attend the class and pass the CSCS™ exam will receive a complete set of information security policy templates free1.

Use these templates to create or update your enterprise information security policies. Policies templates are influenced by the requirements of several regulations.

1. Is a one-user license and may only be used by CSCS™ candidate for 1 site at no additional cost. Security policies may not be distributed or copied without written authorization from ecfirst.

Recognition for Other Security Certifications Earned

This is an excellent program for professionals that have earned credentials such as CISSP, CISM, CISA, Security+, MCSE, and CBCP.

CISSP, CISM, CISA, Security+, MCSE and CBCP certified professionals will find that the CSCS™ program adds significant depth to their knowledge of compliance requirements related to information security. These compliance requirements directly impact the security priorities and initiatives across all types of organizations and business.

CISSPs

As (ISC)˛ CISSPs participate in this two-day instructor-led program and pass the CSCS™ exam, they are then responsible to document their time at Continuing Professional Education (CPE), i.e. https://www.isc2.org/cgi-bin/content.cgi?category=24 for possible eligibility for additional CPEs. The CSCS™ program offers 16 CPEs for CISSPs.

Exam Fee

The Certified Security Compliance Specialist™ (CSCS™) exam fee is $495.00.

Requirements for Maintaining CSCS™

CSCS™s must comply with the following requirements to retain certification:

• Comply with the ecfirst Code of Professional Ethics.
• Re-certify once every three (3) years. Information on re-certification exams are announced at www.ecfirst.com. Re-certification exam fee is $295.00.
  
  

Revocation of CSCS™

ecfirst may, at its discretion after due and thorough consideration, revoke an individual’s CSCS™ certification for any of the following reasons:

• Violating any provision of the ecfirst.com Code of Professional Ethics
• Falsifying or deliberately failing to provide relevant information
• Intentionally misstating a material fact
• Engaging or assisting others in dishonest, unauthorized or inappropriate behavior at any time in connection with the CSCS™ exam or the certification process
  
  

Training Options

The two-day Certified Security Compliance Specialist™ (CSCS™) program is delivered worldwide. Call ecfirst at 877.899.9974 x20 today to discuss details about locations and schedules.

CSCS™ program attendees may pursue additional career development with the Certified HIPAA Professional (CHP) program. Mention you have passed the CSCS™ exam and receive 20% off the instructor-led tuition fee for the CHP program.

On Site Training

Bring ecfirst training, certification and executive briefs to your site. ecfirst will customize the session to meet your specific requirements and time frames.

Reference Materials

ecfirst

ecfirst is passionate about developing and validating information security compliance knowledge. ecfirst, in business since 1999, was recognized as an Inc. 500 fastest growing privately held business in the United States in its first year of eligibility. ecfirst is an organization with deep hands-on experience in compliance and IT services.

ecfirst serves a Who’s Who client list of over 1,400 that includes Principal Financial, numerous hospitals including Edward, Sherman, Condell, BSA, Mercy, Northwest Community, Samaritan and many others. State and county governments that have been trained by ecfirst include the State of Oregon, Iowa, and Illinois. U.S. government agencies that have participated in ecfirst.com programs include the U.S. Department of Veterans Affairs, Air Force, Coast Guard, Homeland Security, Coast Guard and several others.

Disclaimer

This document is a guide to those pursuing the CSCS™ certification. No representations or warranties are made by ecfirst that the use of this guide or any other associate publication will assure candidates of passing the CSCS™ exam.

Disclosure

Copyright © 2006, 2007, 2008, 2009 by ecfirst. Reproduction or storage in any form for any purpose is not provided without prior written permission from ecfirst. No other right or permission is granted with respect to this work. All rights reserved.

Contact Information

14225 University Avenue, Suite 240

Waukee, Iowa 50263, United States

Phone: +1.515.453.8247 x17

Fax: +1.515.453.8471

Email: Lorna.Waggoner@ecfirst.com

Web-site: www.ecfirst.com

Program Architect - Cyber Security & Compliance Expert

Uday Ali Pabrai, CISSP (ISSAP, ISSMP), Security+, is the chief executive of ecfirst, an Inc. 500 business. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide.

Author of Cyber Security Strategy: The 4 Laws of Information Security, he developed a unique security methodology called, BizShield: The Seven Steps to Enterprise Security. BizShield today provides the framework for many security initiatives at client organizations worldwide.

Mr. Pabrai was the creator of the world’s most successful Internet skills certification, CIW. Mr. Pabrai also established the industry’s first certification program on HIPAA - Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSSTM). He also launched the Certified Security Compliance Specialist (CSCS™) program. Mr. Pabrai is the co-creator of the Security Certified Program (SCP) – a program approved by the U.S. Department of Defense Directive 8570.1M and one of the industry’s most comprehensive hands-on information security certification programs.

Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISSA, HCFA, HIPAA Summit, Microsoft Tech Forum (HIMSS), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), HIMSS Midwest Conference, National Council for State Board of Nursing IT Conference, and many others.

He has delivered fast paced, high energy briefings in many cities worldwide including New Delhi, Bangalore and Mumbai (India), Tsukuba City (Japan), Dubai (UAE), Karachi and Lahore (Pakistan), London (UK), and across the United States.

Mr. Pabrai’s clients have included hundreds of hospitals, long term care facilities, Microsoft, Kemin, Ernst&Young, Elkay, Intuit, Pella, Principal Financial, U.S. Naval Surface Warfare Center, U.S. Defense Intelligence Agency, U.S. Department of Veteran Affairs, as well as numerous federal, state and county governments.

His career was launched with the U.S. Department of Energy’s nuclear research facility, Fermi National Accelerator Laboratory in Chicago. During his career, he has served as Vice Chairman and in several senior Officer Positions with NASDAQ-based firms. Mr. Pabrai is a member of the U.S. FBI InfraGard.

He can be reached at Pabrai@ecfirst.com or at 949.260.2030.

Security Professionals who are tasked with protecting your organizations networks from a security perspective will enjoy this class; it compares HIPAA, ISO, PCI/DSS and other standards, discusses best practices for these regulations and prepares the learner for a security credential CSCS.

Overview
** Price Does Not Include Exam Costs **
This event includes the Certified Security Compliance Specialist™ (CSCS™) program.

For inquires about this special event please contact Lorna Waggoner at 1-877-899-9974 x17.

Course fees include training manuals, continental breakfast, lunch & snacks during the training days.