2.5 Setting Your Goals: Business Growth vs. Intense Specialization 2.6 Tweaking a Successful Business Plan to Garner Dividends 2.7 Enhancing Business

Size: px

Start display at page:

Download "2.5 Setting Your Goals: Business Growth vs. Intense Specialization 2.6 Tweaking a Successful Business Plan to Garner Dividends 2.7 Enhancing Business"

Antonia Hunter
5 years ago
Views:

1 Domain 1. SECURITY CONSULTING BASICS 1.1 The Business and Value of Security Consulting ASIS/IAPSC Successful Security Consulting (2012) Module #1 1.2 Security Consulting Inside & Outside the Organization 1.3 Traits of Becoming a Trusted Advisor 1.4 Types of Consultants (5) ASIS/IAPSC Successful Security Consulting (2012) Module # Management ASIS/IAPSC Successful Security Consulting (2012) Module # Forensic ASIS/IAPSC Successful Security Consulting (2012) Module # Technical / Physical ASIS/IAPSC Successful Security Consulting (2012) Module # IT / Information Security Consulting ASIS/IAPSC Successful Security Consulting (2012) Module # Internal ASIS/IAPSC Successful Security Consulting (2012) Module #1 1.5 Areas of Specialization ASIS/IAPSC Successful Security Consulting (2012) Module #1 1.6 Developing a Business Plan ASIS/IAPSC Successful Security Consulting (2012) Module # Business Description ASIS/IAPSC Successful Security Consulting (2012) Module # Markets Targeted/Services Contemplated ASIS/IAPSC Successful Security Consulting (2012) Module # Marketing Strategies (Internet, Social Media (e.g. Facebook, LinkedIn, Associations) ASIS/IAPSC Successful Security Consulting (2012) Module # Market Niche Impact Strategies Writing, Speaking & Leading ASIS/IAPSC Successful Security Consulting (2012) Module # Competition Analysis ASIS/IAPSC Successful Security Consulting (2012) Module # Financial Goals/Analysis ASIS/IAPSC Successful Security Consulting (2012) Module # Service Delivery Strategies ASIS/IAPSC Successful Security Consulting (2012) Module # Sales Strategies ASIS/IAPSC Successful Security Consulting (2012) Module # Five Year Strategic Plan ASIS/IAPSC Successful Security Consulting (2012) Module # Administrative Planning ASIS/IAPSC Successful Security Consulting (2012) Module # Project Management ASIS/IAPSC Successful Security Consulting (2012) Module # Licensing /Authority/Agents ASIS/IAPSC Successful Security Consulting (2012) Module # Insurance & Liability ASIS/IAPSC Successful Security Consulting (2012) Module # Contracting ASIS/IAPSC Successful Security Consulting (2012) Module # Pricing: Establishing Fees, Expense Accounting, Invoicing and collections best practices, Billing Types, Cash Flow ASIS/IAPSC Successful Security Consulting (2012) Module #11 ASIS/IAPSC Successful Security Consulting (2012) Module # Performance Metrics ASIS/IAPSC Successful Security Consulting (2012) Module # Roles Responsibilities (Prime vs. Sub vs. DBE) ASIS/IAPSC Successful Security Consulting (2012) Module # Prime/Sub Agreements and Non-payment ASIS/IAPSC Successful Security Consulting (2012) Module # Billing Types/Schedules/Expected Payment ASIS/IAPSC Successful Security Consulting (2012) Module # Developing & Submitting Winning Proposals ASIS/IAPSC Successful Security Consulting (2012) Module # Establishing a Definitive Scope ASIS/IAPSC Successful Security Consulting (2012) Module # Estimating a Project ASIS/IAPSC Successful Security Consulting (2012) Module # Communicating a Proposal theme ASIS/IAPSC Successful Security Consulting (2012) Module # Letter Proposals vs. Tomes ASIS/IAPSC Successful Security Consulting (2012) Module # Responding to RFP s and Government Bids ASIS/IAPSC Successful Security Consulting (2012) Module # Searching for Solicitations ASIS/IAPSC Successful Security Consulting (2012) Module #4 1.9 Teaming & Networking with Other Consultants/End Users ASIS/IAPSC Successful Security Consulting (2012) Module # Completing the Consulting Assignment: The Nuances and Skills of Project Management Domain 2. ADVANCED SECURITY CONSULTING 2.1 Advanced Security Consulting: Fine Tuning Your Business 2.2 Tough Nuts to Crack: Organizational Readiness, Program Maturity and Leadership Gaps 2.3 Enhancing Credibility & Trust Relationships 2.4 Guides, Codes & Standards: Assessing Client Requirements A Potpourri

2 2.5 Setting Your Goals: Business Growth vs. Intense Specialization 2.6 Tweaking a Successful Business Plan to Garner Dividends 2.7 Enhancing Business Operations through Software Applications 2.8 ipads, NotePads & Mini s: Running Your Business on The Fly 2.9 Internal Consulting: Becoming A Prophet in Your Own Land 2.10 Securing the Organization, Not Just the Buildings 2.11 Preparing & Presenting a Security Business Case 2.12 The Art of Consultant Reporting: The Pen and the Word 2.13 Proven Advantages and Strategies for Teaming & Networking Domain 3. SECURITY MANAGEMENT CONSULTING 3.1 Supporting Successful Security Leadership: Traits and Strategies 3.2 Organizational Development and the Security Function Effective Security Management, Fifth Edition, 2011, Charles E. Sennewald, Chapter 2 and Project Management & Budgeting Effective Security Management, Fifth Edition, 2011, Charles E. Sennewald, Chapter 15 and Determining Client Security Requirements and Compliance Conducting Security Audits & Assessments Overview of security assessment and audit methodologies ASIS/IAPSC Successful Security Consulting (2012) Module # Risks in Failing to Identify - Premise Liability Security Strategic Security Management, 2007, Karim Vellani, Chapter Considerations in methodology selection ASIS/IAPSC Successful Security Consulting (2012) Module # Understanding differences and reading results ASIS/IAPSC Successful Security Consulting (2012) Module #7 3.5 Risk Assessments & Security Planning Key Definitions and Components of a Risk Analysis General Security Risk Assessment Guideline, ASIS International, 2003, Facility Characterization General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory # Critical assets identification and assets analysis General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory # Threat assessment General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory #3 and # Vulnerability analysis General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory #3 and # Initial risk ranking General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory #3 and # Development of mitigating recommendations General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory # Final risk rating Cost benefit analysis General Security Risk Assessment Guideline, ASIS International, 2003, Appendix 1, Practice Advisory #6 and # Preparing Assessment Reports Common types of assessment reports Security Consulting, Fourth Edition, 2012, Charles E. Sennewald, Anatomy of a basic assessment report Security Consulting, Fourth Edition, 2012, Charles E. Sennewald, Tips for an effective assessment report Security Consulting, Fourth Edition, 2012, Charles E. Sennewald, 3.7 Integrated or Holistic Security: Security Measure Development

3 3.8 Security Policy and Procedure Development Effective Security Management, Fifth Edition, 2011, Charles E. Sennewald, Chapter 20. Strategic Security Management, 2007, Karim Vellani, Chapter Security Officer Operations Protection of Assets Edition, Security Officer Operations, Chapter 1, 2, 3, 4 and Security Incident Reporting and Tracking Effective Security Management, Fifth Edition, 2011, Charles E. Sennewald, Chapter Investigations Background Screening Protection of Assets Edition, Investigation, Chapter3 and Security Incident Investigation Protection of Assets Edition, Investigation, Chapter 1, 2 and Theft and Fraud Prevention Protection of Assets Edition, Security Management, Chapter Executive Protection Protection of Assets Edition, Security Management, Chapter Workplace Violence Protection of Assets Edition, Security Management, Chapter Workplace Substance Abuse Protection of Assets Edition, Security Management, Chapter Employee Security Awareness Training Protection of Assets Edition, Security Management, Chapter Legal and Regulatory Requirements Protection of Assets Edition, Legal Issues, Chapter 2, 3, 4, 5 and Relationships with Law Enforcement and Civil Authorities Effective Security Management, Fifth Edition, 2011, Charles E. Sennewald, Chapter Crime Prevention Through Environmental Design Security (CPTED) Crime Prevention Through Environmental Design, Second Edition, Timothy Crowe, Chapter Emergency Planning, Preparation, Response and Business Continui Protection of Assets Edition, Crisis Management, Chapter Operational Security Audits Domain 4. SECURITY TECHNICAL / PHYSICAL CONSULTING 4.1 The Five Phases of Technical Security ASIS/IAPSC Successful Security Consulting (2012) Module # Planning/Conceptual Design ASIS/IAPSC Successful Security Consulting (2012) Module # Detailed Security Design ASIS/IAPSC Successful Security Consulting (2012) Module # Bid & Negotiation ASIS/IAPSC Successful Security Consulting (2012) Module # Construction ASIS/IAPSC Successful Security Consulting (2012) Module # Commissioning, warranty and post warranty considerations ASIS/IAPSC Successful Security Consulting (2012) Module #1 4.2 Design Team Roles & Relationships 4.3 Coordination matters when working with Architects

4 4.4 Technical Security Deliverables by Phase 4.5 Design Guides and Standards 4.6 Representation of concepts and types of drawings 4.7 Developing Technical Specifications (e.g. CSI) Domain 5. SECURITY FORENSIC CONSULTING 5.1 Business Aspects of the Expert Witness Service Expert Witnesses Faust F. Rossi; ABA Litigation Bookshelf, 1991 Chapters The Attorney/Expert Witness Relationship The Comprehensive Forensic Services Manual Babitsky, Mangraviti & Todd; SEAK, Inc Chapters 16 & The Court/Expert Witness Relationship Effective Courtroom Advocacy Hon. Joseph F. Anderson; National Institute of Trial Advocacy 2010, pp Contracts / Letters of Agreement/Retainers Security Consulting Charles A. Sennewald; Butterworth-Heinemann; 2012; Chapter IAPSC Forensic Methodology IAPSC Best Practice #2; pages 2-9; IAPSC 5.3 Federal/State Laws and Relevant Opinions (e.g. Daubert, Kuhmo Tire, etc.) The Comprehensive Forensic Services Manual Babitski, Mangraviti & Todd; SEAK, Inc. 2000; Chapter 9 Premises Security Experts And Admissibility Considerations Under Daubert And Kumho: A Revised Standard, Norman D. Bates, Esq. & Danielle A. Frank, Esq., Suffolk Journal Of Trial & Appellate Advocacy [Vol. XV 5.4 Premise Security Liability and Civil Legal Process: Foreseeability, Duty, Breach of Duty & Proximat From the Files of a Security Expert Witness Charles A. Sennewald; Butterworth-Heinemann; 2012; Chapter Crime Analysis & Foreseeability (Prior Similar Acts & Totality of Circumstances) Applied Crime Analysis Vellani & Nahoun; Butterworth-Heinemann; 2007; Chapters Discovery The Comprehensive Forensic Services Manual; Babitsky, Mangraviti & Todd; SEAK, Inc. 2000; Chapter Security Survey / Site Inspection The Art & Science of Security Risk Assessment, Ira S. Somerson; ASIS, Int. 2009; Chapter 4 Security Consulting; Charles A. Sennewald; Butterworth-Heinemann, 4th Edition, 2012, Chapter Report Security Consulting; Charles A. Sennewald; Butterworth-Heinemann, 4th Edition, 2012, Chapter 10 Writing & Defending Your Expert Report; Babitsky & Mangraviti; SEAK, Inc. 2002; Chapters 4, 5, 6 10 & Testimony (Deposition and Trial) the business of being an expert witness How to Excel During Depositions; Babitsky & Mangraviti; SEAK, Inc. 1999; Chapters 3, 6 & 9 Domain 6. INTERNAL SECURITY CONSULTING 6.1 Internal Consultant Definition & Practice 6.2 Organizational Dynamics and Change: The Realm of the IC 6.3 Constraints and Risks of Internal Consulting 6.4 Advantages & Disadvantages of Internal Security Consulting vs. Traditional Security Consulting 6.5 IC Practice Areas: Management, Technical, Forensic, IT & All of the Above 6.6 Providing Expert Advice as an Embedded Employee 6.7 Dealing with Line Managers and Influencing Top Tier Leadership 6.8 Building A Business Case for Change 6.9 IC Contracting: A Maze of Internal Relationships & Expectations 6.10 Overcoming Sensitivities and Getting The Job Done 6.11 When to consider an outside security consultant 6.12 Developing Policy, Procedure, Post Orders, and Training Programs

5 Domain 7. IT/INFORMATION SECURITY CONSULTING 7.1 Information Security Standards International Standards Organization (ISO) 27001/ National Institute of Standards and Technology (NIST) Special Publications (800 series) Federal Information Processing Standards (FIPS) U.S. Department of Health and Human Services, Health Information Privacy, HIPAA Security Rule Payment Card Industry Data Security Standard (PCI DSS), The Prioritized Approach to Pursue PCI DSS Compliance pdf 7.2 Assessing Information Security Risks National Institute of Standards and Technology (NIST), Special Publication , Technical Guide to Information Security Testing and Assessment SANS Institute: Scoping Security Assessments - A Project Management Approach Security Consulting by Charles A. Sennewald (4th Ed) Chapter 13 Information Security Consulting, pages Sennewald/dp/ /ref=dp_ob_title_bk 7.3 Information Security Risk Treatment Strategies Overview of risk treatment options Information Systems Audit and Control Association (ISACA): The Risk IT Framework Chapter 7 Essentials of Risk Response, risk response options Relevant risk management standards: 1. International Standards Organization (ISO 31000) 2. National Institute of Standards and Technology Risk Management Framework (NIST )

6 7.4 Evaluating Information Security Controls California Office of Information Security, Information Security Risk Assessment Checklist doc SANS Institute, Measuring effectiveness in Information Security Controls Domain 8. SECURITY CONSULTING BUSINESS ETHICS 8.1 Creating a Business Around Independence and Ethics 8.2 The Security Consulting Code of Conduct 8.3 Basic Responsibilities & Networking Protocols 8.4 Professional Practice & Conduct (Gallati) 8.5 Client Engagements/Arrangements 8.6 Fees, Contracts and Transparency 8.7 Conflict of Interest & Disclosure Payment Card Industry Data Security Standard (PCI DSS), The Prioritized Approach to Pursue PCI DSS Compliance pdf

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance