ASEAN CISO Workshop 2016
ASEAN CISO KualaLumpur Banner2016 - ASEAN CISO Workshop 2016



  • October 18-20 2016
  • Venue: The Royale Chulan Hotel
Kuala Lumpur, Malaysia

EC-Council, the leading Information Security organization worldwide, aspires for the 1st time in South East Asia to:

  • Create InfoSec leaders in ASEAN region
  • Penetrate the inner sanctum of global InfoSec realm
  • Supply participants with the latest key InfoSec strategies
  • Drive positive change in the InfoSec industry of ASEAN region

The ASEAN CISO Workshop is a premium Training & Certification event for aspiring Chief Information Security Officers that wish to penetrate the inner sanctum of Information Security Management and Leadership.

South East Asia’s most strategic CISO gathering is conducted for the 2nd time in Kuala Lumpur aiming to address the needs of the region’s even most powerful leaders and policy makers in Cyber Security.

During the C|CISO workshop, participants will be challenged to develop a business continuity plan for a company in a given industry and situation, use metrics to communicate cyber risk for different audiences, and describe how to align a given security program with the goals of the business in which it resides, among many other exercises.

The challenges are aimed at helping aspiring leaders develop business acumen, practice on their managerial skills and further hone their technical expertise by diving deep into how security should be injected into the procurement process and how a CISO should manage budgets and assets.

Course OutlineAbout the Instructor5 DomainsThe Exam

Course Outline

Duration: 4DAYS

Trainer: Subrahmanya Gupta Boda

Certification: C|CISO Certified Chief Information Security Officer

On-site exam proctoring

(1 year exam voucher-redeem option)

The Certified CISO (C|CISO) course has certified leading information security professionals around the world and is the first of its kind training and certification program aimed at producing top-level Information Security Leaders. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by seasoned CISOs for current and aspiring CISOs.

C|CISO Material assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The C|CISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the C|CISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Domain 1
Domain 1: Governance (Policy, Legal & Compliance)

1. Definitions

2. Information Security Management Program

3. Information Security Laws, Regulations, & Guidelines

4. Privacy Laws

Domain 2
2 – IS Management Controls and Auditing Management (Projects, Technology, and Operations)

1. Design, Deploy, and Manage Security Controls in Alignment with Business

Goals, Risk Tolerance, and Policies and Standards

2. Information Security Risk Assessment

3. Risk Treatment

4. Residual Risk

5. Risk Acceptance

6. Risk Management Feedback Loops

7. Business Goals

8. Risk Tolerance

9. Policies and Standards

10. Understanding Security Controls Types and Objectives

11. Implementing Control Assurance Frameworks

12. COBIT (Control Objectives for Information and Related Technology)

13. BAI06 Manage Changes

14. COBIT 4.1 vs. COBIT 5

15. ISO 27001/27002

16. Automate Controls

17. Understanding the Audit Management Process

Domain 3
Domain 3: Management – Projects & Operations

1. The Role of the CISO

2. Information Security Projects

3. Security Operations Management

Domain 4
Domain 4: Information Security Core Competencies

1. Access Controls

2. Physical Security

3. Disaster Recovery

4. Network Security

5. Threat and Vulnerability Management

6. Application Security

7. Systems Security

8. Encryption

9. Computer Forensics and Incident Response

Domain 5
Domain 5: Strategic Planning & Finance

1. Security Strategic Planning

2. Alignment with Business Goals and Risk Tolerance

3. Relationship between Security, Compliance, & Privacy

4. Leadership

5. Enterprise Information Security Architecture (EISA) Models, Frameworks, and Standards

6. Security Emerging Trends

7. It’s all about the Data

8. Key Performance Indicators (KPI)

9. Systems Certification and Accreditation Process

10. Resource Planning

11. Financial Planning

12. Procurement

13. Vendor Management

14. Request for Proposal (RFP) Process

15. Integrate Security Requirements into the Contractual Agreement and Procurement Process

16. Statement of Work

17. Service Level Agreements

About the Instructor

asneaworkshop - ASEAN CISO Workshop 2016

Subrahmanya Gupta Boda, is Chief Information Security Officer (CISO) at an Indian infrastructure company with interests in Airports, Energy, and Transportation & Urban Infrastructure.

Prior to joining this company, he was associated with Mercedes-Benz Research and Development India for fifteen years, where he formed Information Security Practice and headed IT Services divisions. He began career with Central Research Laboratory, Ghaziabad (a div. of Bharat Electronics Ltd.,) worked on defense systems.

He holds BE Electronics and Communications from Andhra University, and Masters in Engineering in Software Systems from BITS Pilani. He is a Senior member of IEEE and Paul Harris Fellow, Rotary International.

He is a regular speaker at various Information technology and information Security events.

@guptabs / / [email protected]

Magazine for CISOs by CISO

The 5 Domains

domian steps - ASEAN CISO Workshop 2016
EC-Council’s C|CISO Program covers the 5 Domains of executive information security management. The content of each domain was developed by sitting CISOs for current and aspiring CISOs.

Domain 1 covers the importance of Governance, including solid policy writing, aligning the security program to industry-recognized frameworks, and adhering to sometimes contradicting law and regulations.

Domain 2 focuses on Management Controls, Audit Management, and Risk Management, leading students through detailed examples of how to run an audit as well as implement audit findings, choosing the correct management controls for each situation, and the importance of understanding asset value, risk tolerance, and risk treatment plans.

Domain 3 focuses on what makes up the bulk of a CISO’s day – Project Management and the importance of ensuring information security is part of projects from their inception. Domain 4 is the only CCISO Domain that focuses on technical topics as a high level of technical proficiency is assumed of all CCISO students.

Domain 4 stresses the importance of understanding technology and information security core concepts in order to lead teams of technicians and analysts and make decisions around technology issues.

Technical issues are addressed from an executive point of view. Domain 5 consists of content regarding leadership, aligning security programs to the overall goals of the business, strategic management, executive buy-in, financial management and much more. Domain 5’s content sets the CCISO program apart from all other infosec management certifications on the market by teaching the content that technical CISOs are usually lacking.

The Exam

The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. The C|CISO Exam is available at Pearson VUE testing centers around the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the CCISO class, applicants have at least 5 years of information security experience in 3 or more of the CCISO Domains. Any student lacking this experience may take the EC-Council Information Security Management (EISM exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.


CSM slide 1170x150 - ASEAN CISO Workshop 2016
CSM slider 3 1170x150 - ASEAN CISO Workshop 2016
Iverson slider 3 1170x150 - ASEAN CISO Workshop 2016