About CCSM

The Certified Cyber Security Manager (CCSM) is recognized certification for professionals in cybersecurity management. Awarded by the Institute of Forensics & ICT Security (IFIS), CCSM validates a professional’s deep technical, strategic, and managerial skills necessary to design, implement, and manage a comprehensive cybersecurity framework for an organization.

The CCSM certification is designed to empower candidates with practical skills aligned with international standards, such as ISO 27001, NIST CSF, and COBIT 2019, ensuring relevancy across all areas of cybersecurity management.

Successful candidates are proficient in the following seven domains:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Operations and Testing
7. Cybersecurity Leadership for Executives and Boards

Click here to register for the course

The CCSM certification equips professionals to manage the growing complexity of cybersecurity challenges while aligning with organizational objectives, ensuring career advancement and organizational impact.

CCSM Course Overview

Module 1: Security and Risk Management

This module provides a foundational understanding of managing security and risk, aligning cybersecurity efforts with organizational objectives, and ensuring compliance with international standards.

Topic 1.1: Professional Ethics in Cybersecurity

1. Understanding ISC2 and organizational codes of ethics.
2. Navigating ethical dilemmas in decision-making.
3. Promoting ethical practices within security teams.

Topic 1.2: Core Security Concepts

1. Overview of the CIA triad and additional principles like authenticity and non-repudiation.
2. Balancing security and business objectives.
3. Assessing real-world applications of security concepts.

Topic 1.3: Security Governance Principles

1. Aligning security functions with business strategies and goals.
2. Frameworks like ISO 27001, NIST CSF, and COBIT 2019.
3. Implementing governance processes such as acquisitions and committee integration.

Topic 1.4: Legal and Compliance Frameworks

1. Understanding and applying GDPR, CCPA, HIPAA, and other regulations.
2. Managing cross-border data flow and contractual compliance.
3. Handling regulatory audits and reporting.

Topic 1.5: Business Continuity and BIA

1. Conducting business impact analyses (BIA) to identify critical operations.
2. Developing recovery time objectives (RTO) and recovery point objectives (RPO).
3. Establishing and maintaining business continuity plans.

Topic 1.6: Risk Management Frameworks

31000. Identifying and assessing risks using frameworks like NIST RMF and ISO 31000.
31001. Implementing risk mitigation strategies and controls.
31002. Monitoring and continuously improving risk management processes.

Learning Outcomes for Module 1

By the end of this module, participants will:

1. Uphold and promote professional ethics in cybersecurity.
2. Apply foundational security concepts to protect organizational assets.
3. Align security efforts with business goals using global frameworks.
4. Navigate legal, regulatory, and compliance challenges effectively.
5. Conduct BIAs to develop robust business continuity plans.
6. Implement risk management frameworks to mitigate potential threats.

Module 2: Asset Security

This module focuses on securing organizational data and assets throughout their lifecycle.

Topic 2.1: Asset Classification and Ownership

1. Defining ownership roles: Custodians, processors, and users.
2. Categorizing assets based on sensitivity and criticality.

Topic 2.2: Asset Handling Policies

1. Developing secure storage and handling policies.
2. Implementing retention schedules for physical and digital assets.

Topic 2.3: Data Lifecycle Management

1. Managing data from creation to destruction.
2. Implementing controls for data in transit, at rest, and in use.

Topic 2.4: Cloud and Hybrid Security

1. Securing data across cloud and hybrid environments.
2. Utilizing tools like CASB for visibility and control.

Topic 2.5: Data Compliance and Protection

1. Applying encryption, DRM, and DLP solutions.
2. Ensuring compliance with international data protection standards.

Topic 2.6: Secure Data Destruction

1. Techniques for ensuring data is irrecoverable post-destruction.
2. Compliance considerations for data disposal.

Learning Outcomes for Module 2

By the end of this module, participants will:

1. Classify and assign ownership to organizational assets.
2. Implement secure handling and retention policies.
3. Manage data throughout its lifecycle, ensuring protection at all stages.
4. Secure cloud-based and hybrid environments effectively.
5. Ensure compliance with data protection regulations.
6. Develop and implement secure data destruction policies.

Module 3: Security Architecture and Engineering

This module teaches the principles and techniques to design and manage secure architectures.

Topic 3.1: Secure Architecture Design Principles

1. Applying zero trust and defense-in-depth principles.
2. Designing with privacy-by-design methodologies.

Topic 3.2: Cryptography Fundamentals

1. Understanding symmetric, asymmetric, and elliptic curve encryption.
2. Implementing encryption for data security.

Topic 3.3: Emerging Technology Challenges

1. Securing IoT, microservices, and edge computing.
2. Addressing vulnerabilities in distributed systems.

Topic 3.4: Threat Modeling Techniques

1. Identifying and mitigating potential vulnerabilities.
2. Using frameworks to prioritize threat responses.

Topic 3.5: Physical Security Design

1. Securing data centers, server rooms, and evidence storage facilities.
2. Implementing environmental and physical controls.

Topic 3.6: Lifecycle Security Management

1. Integrating security throughout the system lifecycle.
2. Ensuring continuous monitoring and improvement.

Learning Outcomes for Module 3

By the end of this module, participants will:

1. Design secure systems using advanced architectural principles.
2. Apply cryptographic methods to secure sensitive information.
3. Protect emerging technologies from evolving cyber threats.
4. Conduct threat modeling to mitigate risks proactively.
5. Implement physical security controls for critical facilities.
6. Manage secure system lifecycle processes.

Module 4: Identity and Access Management (IAM)

This module covers IAM strategies for managing secure access to systems and data.

Topic 4.1: IAM Fundamentals

1. Overview of AAA principles.
2. Applying least privilege and need-to-know access models.

Topic 4.2: Modern Authentication Mechanisms

1. Implementing MFA and password-less authentication.
2. Addressing security concerns in session management.

Topic 4.3: Access Control Models

1. Enforcing RBAC, attribute based access control (ABAC) , and MAC.
2. Managing exceptions and temporary access.

Topic 4.4: Federated Identity Management

1. Integrating third-party identity providers.
2. Implementing single sign-on (SSO) solutions.

Topic 4.5: Privileged Access Monitoring

1. Managing privileged accounts securely.
2. Detecting and preventing misuse with PAM tools.

Topic 4.6: Access Lifecycle Management

1. Onboarding, provisioning, and deprovisioning accounts.
2. Conducting access reviews and audits.

Learning Outcomes for Module 4

By the end of this module, participants will:

1. Implement effective IAM systems for secure access control.
2. Deploy modern authentication mechanisms like MFA and SSO.
3. Utilize advanced access control models to prevent unauthorized access.
4. Integrate IAM with third-party and cloud solutions.
5. Monitor and manage privileged accounts to mitigate insider threats.
6. Oversee access lifecycle processes to ensure compliance.

Module 5: Security Operations

This module emphasizes operational practices, incident response, and monitoring.

Topic 5.1: Incident Response

1. Detecting, containing, and recovering from incidents.
2. Conducting post-incident analyses to improve resilience.

Topic 5.2: Security Assessments

1. Conducting vulnerability assessments and penetration tests.
2. Simulating real-world breach scenarios.

Topic 5.3: Threat Monitoring

1. Using SIEM, UEBA, and threat intelligence for proactive monitoring.
2. Conducting threat hunting and analysis.

Topic 5.4: Disaster Recovery Planning

1. Developing, testing, and maintaining disaster recovery plans.
2. Ensuring continuity during crises.

Topic 5.5: Operational Threat Trends

1. Addressing challenges like AI-based attacks and ransomware.
2. Adapting operations to counter emerging threats.

Topic 5.6: Security Audits

1. Conducting internal and external audits.
2. Ensuring regulatory and organizational compliance.

Learning Outcomes for Module 5

By the end of this module, participants will:

1. Establish incident response procedures to minimize impact.
2. Conduct thorough security assessments and simulations.
3. Leverage advanced monitoring tools to detect and prevent threats.
4. Develop disaster recovery plans to maintain business operations.
5. Adapt operations to address emerging security trends.
6. Perform regular audits to ensure compliance.

Module 6: Advanced Cybersecurity for Executives and Boards

This module focuses on equipping executives and board members with strategic cybersecurity knowledge.

Topic 6.1: Cybersecurity Overview for Leaders

1. Understanding cybersecurity in a business context.
2. Basics of the threat landscape.

Topic 6.2: Strategic Risk Management

1. Developing risk appetites and responses.
2. Aligning cybersecurity with business objectives.

Topic 6.3: Financial Impacts of Cyber Threats

1. Evaluating costs of breaches and downtime.
2. Making informed investment decisions.

Topic 6.4: Cybersecurity Metrics and Reporting

1. Interpreting technical reports for decision-making.
2. Identifying key metrics for board-level reporting.

Topic 6.5: Crisis Leadership During Incidents

1. Leading organizational responses to major incidents.
2. Ensuring effective communication during crises.

Topic 6.6: Regulatory Compliance for Executives

1. Understanding the board’s role in cybersecurity compliance.
2. Addressing accountability and liability.

Learning Outcomes for Module 6

By the end of this module, participants will:

1. Understand the strategic importance of cybersecurity in business.
2. Develop risk management strategies aligned with business goals.
3. Assess financial impacts of cyber incidents effectively.
4. Use metrics to make informed cybersecurity decisions.
5. Lead effectively during cybersecurity crises.
6. Ensure organizational compliance with regulatory requirements.

Module 7: Capstone and Practical Application

Participants will apply their knowledge in real-world scenarios and challenges.

Topic 7.1: Real-World Case Studies

1. Solving industry-specific cybersecurity problems.

Topic 7.2: Incident Simulation

1. Participating in simulated breach and response exercises.

Topic 7.3: Practical Assessments

1. Designing secure architectures and presenting solutions.

Topic 7.4: Final Exam

1. Testing theoretical and practical knowledge from the course.

Learning Outcomes for Module 7

By the end of this module, participants will:

1. Apply theoretical knowledge to practical challenges.
2. Demonstrate problem-solving skills in real-world scenarios.
3. Design and present comprehensive security solutions.
4. Successfully complete the CCSM certification – and become CCSM Certified Associate Member.
5. After two years of professional practice, become a CCSM or if you joined the course after working for two years, automatically become a CCSM Certified Member.

The CCSM Course is well-rounded –a practical approach to modern cybersecurity challenges, ideal for both practitioners and executives.

Experience Requirements

Candidates for the CCSM must meet the following experience requirements:

1. Minimum Work Experience
   1. Two years of professional work experience in the field of cybersecurity, internal audit, risk management or operations.
   2. At least one year of experience in a managerial role.
2. Relevant Roles and Domains
   1. Experience must span two or more of the seven CCSM domains.

Candidates without the required work experience may pursue the CCSM qualification by completing the required training and passing the exam. They will have up to two years of professional work experience to earn the requisite work experience.

Accreditation and value of the course

The CCSM certification is a practical course and aligns with globally recognized standards, such as ISO/IEC 17024, ensuring its credibility and relevance for cybersecurity professionals worldwide. This is a handson course designed to empower learners with practical skills. Graduates will gain practical skills that can readily be applied to their work upon completion thereby setting themselves apart of the park.

Job Task Analysis (JTA)

The CCSM certification undergoes a comprehensive Job Task Analysis (JTA) periodically to ensure it reflects the evolving roles and responsibilities of cybersecurity managers. The JTA process involves gathering data on the tasks performed by industry professionals and using these insights to update the certification domains and examination content. The CCSM course by IFIS is relevant today’s work requirements.

CCSM Examination Information

The CCSM examination evaluates a candidate’s ability to apply practical knowledge in real-world scenarios, ensuring competency in cybersecurity management.

CCSM Examination Weights by Domain

The CCSM exam is structured around seven key domains. The weight of each domain in the exam is as follows:

Key Features of CCSM Certification

1. Global Recognition — CCSM is recognized worldwide as a benchmark for cybersecurity management excellence.
2. Comprehensive Coverage — The seven domains ensure candidates develop skills across the spectrum of cybersecurity management.
3. Practical Application — The certification emphasizes hands-on skills through scenario-based assessments and real-world case studies.
4. Strategic Leadership Focus — Unique inclusion of a domain tailored for executive and board-level cybersecurity awareness.

Target Audience

CCSM certification is critical certification offering holders opportunities to work in any global organisation as it empowers holders with critical practical skills that are in short supply. This certification is best suited for:

1. Security consultants and managers
2. IT directors and managers
3. Security auditors and architects
4. Security systems engineers
5. Chief Information Security Officers (CISOs)
6. Information security managers
7. IS/IT consultants
8. Chief Compliance/Privacy/Risk Officers
9. University students who want to gain a competitive edge.
10. Audit and Risk Committees of the Board

Click here to register for the course