Chief Information Security Officer Certificate Program Overview
The Harrisburg University, Security Center of Excellence, Chief Information Security Officer (CISO) Certificate provides a unique focus on leadership in the area of information security for IT professionals. It enables IT leaders responsible for information security to further develop the knowledge and skills necessary to succeed at the executive level. The program focuses on enhancing the following skills:
Leadership and Management – leadership and communications skills to build alliances across the business and establish security strategies that align with organizational objectives.
Information Security Governance & Risk Management – Compliance requirements and the strategic decisions based on the identification of risk
Information Security Architecture Management – Fundamental concepts of computer security, software development lifecycle, and countermeasures
Security Technology & Operations – Incident detection, incident response, and disaster recovery scenarios.
- To enable CISOs to successfully bridge business and security strategies, the curriculum carefully balances technical and management topics, and will appeal to both those who are natural techies, and those who are more at home with business and management responsibilities.
- By focusing on security strategy, technology, communications, policy, finance, and emerging technologies, the program covers a broad range of knowledge and skills needed to lead at the executive level.
- Senior level IT security professionals will experience a venue for peer learning, network building and brainstorming that is refreshing and highly valuable.
- Participants will explore all of the relevant skills and knowledge to conduct a thorough security assessment of their own organization, resulting in an action plan for improvement as an applied project and work-product.
This course prepares individuals to perform the primary responsibilities of a Chief Information Security Officer (CISO). Application of these skills to the performance of security management will be emphasized. The program will help develop the skills and knowledge needed to:
- Provide strategic leadership as a steward of the organization’s information security and a trusted partner with other business executives in the organization.
- Develop and implement a robust, accurate, and actionable metrics reporting process that maps back to the business.
- Understand and manage the risk posture of an organization.
- Communicate and work closely with legal and privacy officers to protect the organization from legal and regulatory non-compliance.
- Establish and manage an IT security strategy for the organization that maps to the business objectives and lifecycle.
- Establish and manage the organization’s security policy catalog.
- Understand requirements for secure development lifecycle, and application security concepts.
- Understand and manage the security implications of emerging technologies.
- Secure adequate resources, and manage the IT Security budget.
- Lead and manage a technical staff of security managers, architects, engineers and specialists, as well as contractors and vendors.
The program will consist of classes at Harrisburg University, two days per month, led by corporate faculty, in collaboration with industry experts who present special topics throughout the program. Class sessions are dynamic and interactive. These include presentations, case studies, group exercises and guest lecturers from leading technology companies. Peer-learning is emphasized as a valuable method of gaining perspective and discussing lessons learned from others within the cohort. Additionally, independent readings, the applied security assessment project, and online discussions support varied instructional approaches for all kinds of learners.
Candidates must possess the following criteria to be considered for admission to the program:
(1) Minimum of 5 years’ IT security experience OR IT security leadership responsibility in their current role;
(2) Senior-level management/executive responsibility; and
Candidates are anticipated to be a chief information security officer or Information Security Officer (ISO), or have CISO or ISO responsibilities.
Expectations of Participants and Class Attendance Policy
Participants will be expected to complete readings and some written work prior to sessions. A capstone project, applying the program’s core curriculum to a security assessment of their own organization, will be produced and presented by participants. Attendance at a minimum of 90% of the sessions is required. Awarding of a certificate of completion will be based on a pass-fail assessment of the program’s curricular, attendance, and project-based requirements.