Certified Security Compliance Specialist™ (CSCS™)
A 2-Day Instructor-Led Security Compliance Program
The complete two-day CSCS™ program is of value to compliance professionals and managers, security officers, security practitioners, privacy officers and senior IT professionals.
Course fee includes the Certified Security Compliance SpecialistTM (CSCSTM) training manual, which will be provided on the first day of class. Also included, continental breakfast, lunch & snacks during the training days.
The training program includes Quick Reference Cards (QRC) to support the materials provided for the course.
Compliance professionals and managers, information security officers, security practitioners, privacy officers, internal compliance auditors and senior IT professionals.
The CSCS™ Exam
The CSCS™ exam is delivered at the conclusion of the instructor-led 2-day program. The exam validates knowledge and skill sets in information security for the legislations, standards and frameworks delivered in class.
The exam comprises two parts, a practical session during which students work together in groups to solve real world problems using the skills learned on day 1 and a multiple-choice paper exam.
In the practical session, students will be divided into groups and given scenarios to solve, including evidence of real world issues such as information security breaches and regulatory noncompliance. The session is open book and students are encouraged to bring their own knowledge & experience to enhance the group performance as well as using research and collaboration skills to achieve the best results.
The practical session accounts for 25% of the overall exam score and will be marked in “real-time” during the group presentations. These scores will be pre-entered on the multiple-choice paper so that each student knows what they have to achieve from the second part of the exam.
The multiple-choice paper consists of 60 questions; time allowed: 60 minutes.
Percentage of Exam
US National and State Standards (FISMA, NIST, State Regulations)
International Standards (ISO 27001, PIP, PIPEDA, DPA)
Business Regulations (PCI DSS, SOC2)
Healthcare Regulations (HIPAA, HITECH, ISO 27799)
Cyber Security Strategy (Risk Analysis and Management, Business Impact Analysis, Business Continuity Planning)
Scores from the practical and multiple-choice exams are added together and to achieve CSCS™ certification students must achieve an overall score of 75% or more.
CSCS™ exam questions are developed with the intent of measuring and testing practical knowledge and application of general concepts and standards in the area of regulatory compliance and information security. Every CSCS™ exam question has a stem (question) and five options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may be included.
Module 1: State of Cybersecurity
- A Current Cyber Assessment
- Ransomware Cyber-attacks
- Cyber Attack Lifecycle
· Module 2: Regulations: Getting Started
- Gramm-Leach-Bliley (GLB)
- 21 CFR Part 11
- NERC’s Cybersecurity Standards
- SOC2, PIP, PIPEDA
- Federal Trade Commission (FTC)
Module 3: GDPR
- GDPR Impact
- GDPR Requirements
- Fundamental GDPR Concepts
- GDPR Facts
- GDPR Enforcement
Module 4: ISO/IEC 27K Series
- Benefits of ISO
- ISO 27k, ISO 27799
- ISO/IEC 27001, ISO/IEC 27002
Module 5: Healthcare Information Security
- HITECH Act
- HIPAA Final Rule
- Business Associates
- Breach Notification
- HIPAA Privacy Rule
- HIPAA Security Rule
- Risk Management
- Security Standard
Module 6: Payment Card Industry (PCI) Data Security Standard (DSS)
- PCI DSS Key Requirements
- Control Objectives
- PCI DSS Compliance
Module 7: HITRUST CSF
- Building the HITRUST CSF
- Control Categories
- HITRUST Assessment Domains
- Maturity Levels
- HITRUST Certification
- HITRUST CSF Assessment Process Flow
Module 8: U.S. State Regulations
- 23 NYCRR 500
- SB 1386
- AB 1950, AB 1298 & AB 211
- SB 541, SB 24, SB 227
Module 9: U.S. Federal Regulations
Module 10: NIST Frameworks and Guidance
- Role of NIST
- NIST SP 800-37
- Risk Management Framework (RMF)
- NIST 800-34 Rev 1
- DRP Outline
- Contingency Planning
- NIST SP 800-171
Case Study: Risk Analysis
Examine compliance mandates for risk analysis. Analyze how to conduct a comprehensive and thorough risk analysis to identify compliance and security deficiencies. Walk through core components of the resulting Corrective Action Plan (CAP) – your roadmap for enabling a more resilient enterprise.
Case Study: ISO 27001 Certification
Effective communication at all stages is vital to the success of the ISMS and achieving conformance/certfication.
Case Study: Conducting a Business Impact Analysis (BIA)
Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report.
Case Study: Anatomy of a Policy
Understand the key components of a well written information security policy. Review sample policy types and organization.
Fast Track for CISSP/Security +/SCNA
The fast track is available only for CSCS™ students that attend Instructor Led Training. ecfirst recognizes the breadth of security content that must be mastered to attain certain security credentials. Fast Track for the CSCS™ class means if you have another security credential, such as CISSP or Security+, you will still need to take the class but you will not have to take the exam to get the CSCS™ credential. It will automatically be given once you send the documentation that you have another security credential.
For inquires about this special event please contact John Schelewitz at +1.515.444.1221
Certified Security Compliance Specialist™ (CSCS™)
- Product Code: CSCS-CLASS
- Availability: In Stock