On Compliance & Cyber Security - HIPAA Academy

t

World’s First Program On Compliance & Cyber Security

© All Rights Reserved || Confidential || ecfirst 2006-2016 || www.ecfirst.com

2

Why CSCS™?

Increasingly, businesses are challenged with both securing their digital assets and the information infrastructure as well achieving full compliance with numerous legislations and regulations that impact their industry. Healthcare, financial, government and other verticals are required to constantly monitor the changing dynamics of their infrastructure to mitigate risks and vulnerabilities as well as ensure compliance with international as well as U.S. federal and state legislations and industry best practices. Further, United States federal information systems and those of their business associates must meet specific certification and accreditation security guidelines.

The Certified Security Compliance Specialist™ (CSCS™) credential is a role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.

Compliance is big business. Legislation (including guidelines and standards) such as PIPEDA, HIPAA, HITECH and standards such as the ISO 27000 series are compliance requirements for organizations of all sizes and industries. A key objective for organizations worldwide is to integrate security best practices and be in compliance. Skilled professionals who understand regulatory compliance requirements and information security are valued across several industries, especially healthcare, financial and the government.

The CSCS™ is a unique program in the compliance and security industry - indeed the first of a kind in the world. It is laser-beam focused on thoroughly examining compliance requirements and establishing best practices that can be applied in securing today’s digital business information infrastructure.

Organizations are quickly moving to a digital ecosystem that is governed by strict regulatory compliance requirements. Validate your compliance security skills and knowledge and distinguish yourself with the credential, CSCS™.


3

Program Testimonials

“I believe the CHP+CSCS™ training is an invaluable way to understand the policies and procedures behind information security. The emphasis on healthcare and government networks helped, as that is what my focus is. Thank you Lorna and Ali for facilitating my course of instruction.” Ferdie Santos Naval Special Warfare, U.S. Navy

“CSCS™ is a very comprehensive review of security compliance requirements across the spectrum of standards in use. Very helpful high-level overview.” Francesca Lanier State of Utah, U.S. Department of Health

“The CSCS™ course should be mandatory training for anyone sitting in a security officer role, in any size organization. The material is invaluable at shining a much needed light on the myriad of regulations and compliance requirements facing information security professionals today. Well worth the price of admission!” Chris Letterman State of Alaska, United States

“I learned more in 2 days of the CSCS™ program than I have in week-long courses I have taken elsewhere. My mind is filled with ideas of things to work on when I get back to the office.” Bruce Tadlock Children’s Medical Center of Dallas

“This has been one of the most accurate and comprehensive training modules I have ever experienced. The content and delivery was thorough and organized well. I would recommend the course to all persons holding executive level positions in order to appropriately make decisions in regards to complying with regulations that impact their industry.” Steve Payne Integris Health

“Instructor, Ian Walters, is very knowledgeable to teach this class and I would highly recommend the instructor led versus online training.” Alice Martell Indian Health Services, U.S. Department of Health & Human Services

“Ali Pabrai’s presentation was dynamic and very informative. A lot of information was covered and was focused on much needed topics. Compliance and security measures are changing daily. Therefore, programs like CSCS™, are much needed.” Jennifer Washington MS, Division of Medicaid


4

Learning Objectives

From this compliance and security training program you will:

● Learn about FISMA, NERC CSS, and the HIPAA Security Rule.

● Examine business critical standards and requirements such as PCI DSS, SOC 2 and more.

● Analyze the international security standard, ISO 27001, ISO 27002, ISO 27799 and others.

● Learn about authentication requirements in published guidance documents.

● Examine California’s SB 1386, SB 541, AB 1950, AB 1298, AB 211 and other U.S. State information security related regulations.

● Understand the security life cycle process for U.S. federal information systems. This is an important requirement for business associates worldwide.

● Review international regulations including PIPEDA, PIP, European Union’s DPD and EC Directive, Australia’s Privacy Act, and the UK’s Data Protection Act, Freedom of Information Act.

● Step through processes for conducting a comprehensive risk analysis and vulnerability assessments.

● Review key contingency compliance requirements for developing the framework for disaster recovery and emergency mode operation plans.

Certification Roadmap

● To be certified as a CSCS™, the candidate must attend the two-day CSCS™ training session delivered by ecfirst. For a list of scheduled dates and locations, please visit www.ecfirst.com.

● It is strongly recommended that the candidate pass a major security certification exam such as CISSP, CISA or CISM or have equivalent knowledge and experience.

Target Audience

The complete two-day CSCS™ program is of value to compliance professionals and managers, information security officers, security practitioners, privacy officers, internal compliance auditors and senior IT professionals.

http://www.ecfirst.com/


5

The CSCS™ Exam

The CSCS™ exam is delivered at the conclusion of the instructor-led 2-day program. The exam validates knowledge and skill sets in information security for the legislations, standards and frameworks delivered in class.

The exam comprises two parts, a practical session during which students work together in groups to solve real world problems using the skills learned on day 1 and a multiple-choice paper exam.

In the practical session, students will be divided into groups and given scenarios to solve, including evidence of real world issues such as information security breaches and regulatory non-compliance. The session is open book and students are encouraged to bring their own knowledge & experience to enhance the group performance as well as using research and collaboration skills to achieve the best results.

The practical session accounts for 25% of the overall exam score and will be marked in “real-time” during the group presentations. These scores will be pre-entered on the multiple-choice paper so that each student knows what they have to achieve from the second part of the exam.

The multiple-choice paper consists of 60 questions; time allowed: 60 minutes.

Scores from the practical and multiple-choice exams are added together and to achieve CSCS™ certification students must achieve an overall score of 75% or more.

CSCS™ exam questions are developed with the intent of measuring and testing practical knowledge and application of general concepts and standards in the area of regulatory compliance and information security. Every CSCS™ exam question has a stem (question) and five options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may be included.


6

Course Outline

Module 1: Introduction ● State of Security ● U.S. Requirements ♦ SOC2

Module 2: PCI DSS ● Objective ● Control Objectives ● Defined Requirements ● Critical References

Module 3: Healthcare Information Security

Module 4: ISO 27000

♦ Information Security Management Systems

Module 5: ISO 27001

♦ Security Domains

Module 6: ISO 27002 ● ISO 27002 Standard ● Scope ● Key Clauses, Categories and Controls ♦ Definition

♦ Requirements

Module 7: U.S. Federal & State Regulations ● California’s SB 1386 and SB 541 ● California’s AB 1950, AB 1298, & AB 211 ● Nevada’s 597.970 ● Massachusetts’s 201 CMR 17.00 ● Data Breach Challenges ● Encryption Requirements

Module 8: NIST Standards & Guidance ● Objective ● Special Publications ● Key Guidance References

● Definition and Scope ● Components of a Contingency Plan ♦ Disaster Recovery Plan ♦ Emergency Mode Operation Plan ● Classification of Information ● Classification of Threats ● Types of Alternate Sites ● Getting Started

Module 10: Cyber Security Strategy

Risk Analysis Examine compliance mandates for risk analysis. Analyze how to conduct a comprehensive and thorough risk analysis to identify compliance and security deficiencies. Walk through core components of the resulting Corrective Action Plan (CAP) – your roadmap for enabling a more resilient enterprise. ISO 27001 Certification Effective communication at all stages is vital to the success of the ISMS and achieving conformance/certification. Conducting a Business Impact Analysis (BIA) Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report. Anatomy of a Policy Understand the key components of a well written information security policy. Review sample policy types and organization.

Practice Exams and Study Group

Practical Studies


7

Recognition for Other Security Certifications Earned

This is an excellent program for professionals that have earned credentials such as CISSP, CISM, CISA, Security+, MCSE, and CBCP.

CISSP, CISM, CISA, Security+, MCSE and CBCP certified professionals will find that the CSCS™ program adds significant depth to their knowledge of compliance requirements related to information security. These compliance requirements directly impact the security priorities and initiatives across all types of organizations and business.

Fast Track for CISSP/Security+/SCNA

The fast track is available only for CSCS™ students that attend instructor led training. ecfirst recognizes the breadth of security content that must be mastered to attain certain security credentials. Fast Track for the CSCS™ class means if you have another security credential, such as CISSP or Security+, you will still need to take the class but you will not have to take the exam to get the CSCS™ credential. It will automatically be given once you send the documentation that you have another security credential.

(ISC)2 Members

As (ISC)² members participate in this two-day instructor-led program and pass the CSCS™ exam, they are then responsible to document their time as Continuing Professional Education (CPE), for registering CPEs. The CSCS™ program offers 16 CPEs for CISSPs.

Requirements for Maintaining CSCS™ Certification

CSCS™ must comply with the following requirements to retain certification: ● The CSCS™ certification is valid for three-years. Recertification costs $495 and you will get an

updated copy of the CSCS™ manual and a new certificate. If you do not renew your certification within the three year period you will be required to retake the CSCS™ exam and pay $495.

Exam Fee

The Certified Security Compliance Specialist™ exam fee is $495.00.

https://www.isc2.org/


8

Revocation of CSCS™ Certification

ecfirst may, at its discretion after due and thorough consideration, revoke an individual’s CSCS™

certification for any of the following reasons: ● Falsifying or deliberately failing to provide relevant information. ● Intentionally misstating a material fact. ● Engaging or assisting others in dishonest, unauthorized or inappropriate behavior at any time in

connection with the CSCS™ exam or the certification process.

Training Options

The two-day CSCS™ program is delivered worldwide. Call ecfirst at +1.515.460.3481 today to discuss details about locations and schedules.

CSCS™ program attendees may pursue additional career development with the Certified HIPAA Professional (CHP) program. Mention you have passed the CSCS™ exam and receive 20% off the instructor-led tuition fee for the CHP program.

On Site Training

Bring ecfirst training, certification and executive briefs to your site. ecfirst will customize the session to meet your specific requirements and time frames

CSCS™ Program Attendees (Partial List)


9

ecfirst is passionate about developing and validating information security compliance knowledge. ecfirst, in business since 1999, was recognized as an Inc. 500 fastest growing privately held business in the United States in its first year of eligibility. ecfirst is an organization with deep hands-on experience in compliance and IT services.

ecfirst serves a Who’s Who client list of over 2,100 that includes Principal Financial, numerous hospitals including Edward, Sherman, Condell, BSA, Mercy, Northwest Community, Samaritan and many others. State and county governments that have been trained by ecfirst include the State of Oregon, Iowa, and Illinois. U.S. government agencies that have participated in ecfirst.com programs include the U.S. Department of Veterans Affairs, Air Force, Homeland Security, Coast Guard and several others.

Disclaimer This document is a guide to those pursuing the CSCS™ certification. No representations or warranties are made by ecfirst that the use of this guide or any other associate publication will assure candidates of passing the CSCS™ exam.

Disclosure Copyright © 2006 - 2016 by ecfirst. Reproduction or storage in any form for any purpose is not provided without prior written permission from ecfirst. No other right or permission is granted with respect to this work. All rights reserved.

Contact Information 295 NE Venture Drive Waukee, IA 50263, United States Cell: +1.515.460.3481 Email: [email protected] Web-site: www.ecfirst.com

About ecfirst

Delivering Everything Compliance.

Everything Security.

Certified HIPAA Administrator™

Fast track program for end users to learn the basics of HIPAA & HITECH regulations, including the HIPAA Privacy Rule.

Certified HIPAA Professional

Industry’s first & most comprehensive program on HIPAA & HITECH. Covers everything HIPAA, including Transactions, Code Sets, Privacy, Security & Breach Notification.

Training & Certification

Certified Security Compliance

Specialist™

World’s first program focused on compliance regulations & cyber security. Covers ISO 27000, PCI DSS, NIST, FISMA, HIPAA & more.

In-depth review of ISO 27000, 27001 & 27002.

Certified Cyber Security

ArchitectSM

First executive training program designed to enable development of a cyber security program in the class.

Client Testimonials

“Nixon Peabody retained the services of Ali Pabrai, MSEE, CISSP as an expert in information security. Found Mr. Pabrai & his firm, ecfirst, as exceptionally responsive in supporting all our activities as requested on a timely & professional manner. His insight was valued & of significance.” Linn F. Freedman, Partner Nixon Peabody LLP

"Prime Healthcare & its network of 30+ hospitals is excited to have partnered with an organization – ecfirst – that is recognized in the healthcare industry as a leader devoted to enabling health systems to continually address information privacy & security regulatory requirements." Prime Corp.

“ecfirst has demonstrated dedication to ensuring that project goals were met or exceeded every step of the way. I strongly recommend ecfirst to anyone in need of similar services." Doug Springmeyer

“Pabrai & his ecfirst Team are top notch, easy to work with, & helped us to meet our security project & compliance timelines.” Debbie Sarantopoulos-Palese, VP Seasons Healthcare

ecfirst Facts

• Established in 1999 • Clients in all 50 U.S. States • Global experience includes

Philippines, India, Canada, Africa

• Industry experience includes healthcare, IT, finance, government, & legal

• Privately held • Unconditional guarantee for

services delivered

Security Risk Assessment Conduct a comprehensive risk assessment to identify compliance gaps & security vulnerabilities. Services also include vulnerability assessment & penetration testing. On-Demand Consulting Immediately add resources, off-site or on-site, to jumpstart compliance & security projects. Flat rate pricing. Managed Compliance. Managed Security. Fixed monthly fee for a one, two, three or five year period to manage compliance & information security projects. Includes security risk assessments, policy/procedure development, training, consulting, remediation, certification & more.

1000s of Clients | Clients in all 50 States | Clients in 5 Continents

Delivering Everything Compliance. Everything Security.

Please contact [email protected] for a tailored proposal addressing your compliance & security priorities.

Contact Us

Corporate Office

295 NE Venture Drive

Waukee, IA 50263

United States

Karen Durbin, Senior Sales

Executive

Phone: +1.515.987.4044 x23

Email: [email protected]

www.ecfirst.com

Documents

On Compliance & Cyber Security - HIPAA Academy