Certified Security Compliance Specialist™ (CSCS™)
A 2-Day Instructor-Led Security Compliance Program

Program Testimonials

Why CSCS™?

Increasingly, businesses are challenged with both securing their digital assets and the information infrastructure as well achieving full compliance with numerous legislations and regulations that impact their industry. Healthcare, financial, government and other verticals are required to constantly monitor the changing dynamics of their infrastructure to mitigate risks and vulnerabilities as well as ensure compliance with international as well as U.S. federal and state legislations and industry best practices. Further, United States federal information systems and those of their business associates must meet specific certification and accreditation security guidelines.

CSCS™ Program Covers Major Information Security Regulations & Standards

The CSCS™ Program is the first and only program in the world that provides a comprehensive treatment of major information security regulations and standards. You can expect to learn and understand core requirements of the following from the CSCSTM program:

• ISO Standards including 27001, 27002, 27799
• PCI DSS
• COBIT Security Baseline
• FISMA
• NIST Standards
• HIPAA and HITECH: U.S. Healthcare Regulations
• U.S. State Regulations on Information Security
• FACTA, Red Flag Rules – Identity Theft
  
  

The Certified Security Compliance Specialist™ (CSCS™) credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.

Compliance is big business. Legislation (including guidelines and standards) such as Sarbanes-Oxley, PIPEDA, FFIEC, HIPAA, FACTA and standards such as the ISO 27000 are a requirement for organizations to comply with. A key objective for organizations worldwide is to integrate security best practices and be in compliance. Skilled professionals who understand regulatory compliance requirements and information security are valued across several industries, especially healthcare, financial and the government.

The Certified Security Compliance Specialist™ (CSCS™) is a unique program of its type in the compliance and security industry - indeed the first of its type in the world. It is laser-beam focused on thoroughly examining compliance requirements and establishing best practices that can be applied in securing today’s digital business information infrastructure.

Organizations are quickly moving to a digital ecosystem that is governed by strict regulatory compliance requirements. Validate your compliance security skills and knowledge and distinguish yourself with the credential, Certified Security Compliance Specialist™ (CSCS™).

Distinguish Yourself in the Marketplace – Get the CSCS™ Credential!

Just having a background in Information Technology (IT) or information security is not sufficient anymore for the challenges of business today. Employers are looking for individuals who not only have IT skills but also understand compliance regulations that impact their industry and business – because these are priorities that must be met.

Learning Objectives

From this compliance and security training program you will:

• Examine the security aspects of the SOX legislation with emphasis on key sections and critical compliance steps. Examine the COBIT security baseline.
• Learn about FISMA, NERC CSS, and the HIPAA Security Rule.
• Step through the core requirements of PCI DSS.
• Analyze the international security standard, ISO’s 27001, ISO 27002, ISO 27799 and others.
• Learn about authentication requirements in published guidance documents
• Examine California’s SB 1386, SB 541, AB 1950, AB 1298, AB 211 and other U.S. State information security related regulations.
• Understand the security certification and accreditation process for U.S. federal information systems. This is an important requirement for business associates worldwide.
• Review international regulations including PIPEDA, PIP, European Union’s DPD and EC Directive, Australia’s Privacy Act, and the UK’s Data Protection Act, Freedom of Information Act.
• Step through the FTC final rules and guidelines for implementing FACTA.
• Step through processes for conducting a comprehensive risk analysis and vulnerability assessments.
• Review key contingency compliance requirements for developing the framework for disaster recovery and emergency mode operation plans.
  
  

Prerequisite Requirements

• To be certified as a CSCS™, the candidate must attend the two-day CSCS™ training session delivered by ecfirst or any of its Authorized Partners. For a list of scheduled dates and locations, please visit www.ecfirst.com.
• It is strongly recommended that the candidate pass a major security certification exam such as CISSP, CISA or CISM or have equivalent knowledge and experience.
  
  

Practice Exam

The CSCS™ Practice Exam is available through the Resource Center at www.ecfirst.com. The cost of the practice exam is $75 and you are permitted to take the practice exam for a maximum of 3 times over a 2 week period. Contact ecfirst at +1.515.453.8247 x16 to purchase a CSCS™ Practice Exam voucher or if you need additional information.

Target Audience

The complete two-day CSCS™ program is of value to compliance professionals and managers, security officers, security practitioners, privacy officers and senior IT professionals.

The CSCS™ Exam

The Certified Security Compliance Specialist™ (CSCS™) exam is delivered at the conclusion of the CSCS instructor-led 2-day program. The CSCS™ exam validates knowledge and skill sets in information security for the following legislations, standards and frameworks:

1. Financial Regulations (e.g. SOX, COBIT, PCI DSS) --- (20% of exam)
2. Digital Healthcare & Security (e.g. HIPAA, ISO 27799) --- (20% of exam)
3. International Security Standards (e.g. ISO 27000, Other International) --- (20% of exam)
4. U.S. National and State Standards (e.g. FISMA, State laws) --- (20% of exam)
5. Business Continuity Planning (e.g. BIA, NIST guidelines) --- (20% of exam)

Exam Name	Exam Number	Number of Questions	Time Allowed	Passing Score
CSCS-1	CSC-101	60	60 Minutes	75%

The first four sections of the CSCS™ exam focus in the area of “security” for regulatory compliance. The last section of the exam emphasizes the “availability” principle that is required by legislations.

CSCS™ exam questions are developed with the intent of measuring and testing practical knowledge and application of general concepts and standards in the area of regulatory compliance and information security. All questions are multiple choice and are designed with one BEST answer.

Every CSCS™ exam question has a stem (question) and five options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may be included. These questions normally include a description of a situation and require the candidate to answer one or more questions based on the information provided.

 

The candidate is cautioned to READ the question carefully. Many times a CSCS™ exam question will require the candidate to choose the appropriate answer that is MOST LIKELY or BEST. In each instance, the candidate is required to read the question carefully, eliminate known incorrect answers and then make the best choice possible.

All questions should be answered. Grades are based solely on the number of questions answered correctly; so do not leave any questions blank. At the conclusion of each exam, test questions are reviewed. Questions identified as being ambiguous or having technical flaws will either not be used in the grading process or will be given multiple correct answer keys.

Course Outline

Module 1: Regulatory Compliance and Security

• State of Security
• U.S. Legislations
  • FDA’s CFR 21
  • GLB
  • NERC CSS
• Important International Regulations
  • Japan’s PIP
  • Canada’s PIPEDA
  • Australia’s Privacy Act
  • European Union’s DPD
  • EC Directive
  • UK’s Data Protection Act
  • UK’s Freedom of Information Act
    
    

Module 2: Financial Services and Security

• Key Sections of Sarbanes-Oxley
• Technology and Security Impact
  • Security Architecture and Infrastructure
• COBIT Security Baseline
  • Control Objectives
  • Security Domains

 

Module 3: PCI DSS Requirements

• Objective
• Control Objectives
• Defined Requirements
• Critical References
  
  

Case Study: Risk Analysis

Examine compliance mandates for risk analysis. Analyze how to conduct a comprehensive and thorough risk analysis to identify compliance and security deficiencies. Walk through core components of the resulting Corrective Action Plan (CAP) – your road-map for enabling a more resilient enterprise.

Module 4: Digital Healthcare & Security, HIPAA & HITECH

• Healthcare Security Challenges
• HIPAA Security & HITECH Legislations
• Administrative Safeguards
• Physical Safeguards
• Technical Safeguards
• ISO 27799 Standard

 

Module 5: ISO 27001/2 Standards

• Introduction to ISO 27001
  • Security Framework Requirements
• ISO 27002 Standard
• Scope
• Key Clauses, Categories and Controls
  • Definition
  • Requirements

 

Module 6: U.S. Government Security Requirements

• California’s SB 1386 and SB 541
• California’s AB 1950, AB 1298, and AB 211
• Nevada’s 597.970
• Massachusetts’s 201 CMR 17.00
• Data Breach Challenges
• Encryption Requirements

 

Module 7: NIST Standards & Guidance

• Objective
• Special Publications
• Key Guidance References

 

Module 8: Business Continuity Planning (BCP)

• Definition and Scope
• Components of a Contingency Plan 
  • Disaster Recovery Plan
  • Emergency Mode Operation Plan
• Classification of Information 
• Classification of Threats 
• Types of Alternate Sites
• Getting Started
  • Conducting a Business Impact Analysis (BIA)
    • Key Activities
  • Developing Your Disaster Recovery Plan (DRP)
    
    

Case Study: Conducting a Business Impact Analysis (BIA)

Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report.

Module 9: Cyber Security Strategy

• What is Your Security Strategy?
• Enterprise Security Methodology
• Risk Analysis
• Getting Started

Case Study: Sample Information Security Policy Templates

Step through key sections of critical information security templates in-class. Review sample policy types and organization.

Recognition for Other Security Certifications Earned

This is an excellent program for professionals that have earned credentials such as CISSP, CISM, CISA, Security+, MCSE, and CBCP.

CISSP, CISM, CISA, Security+, MCSE and CBCP certified professionals will find that the CSCS™ program adds significant depth to their knowledge of compliance requirements related to information security. These compliance requirements directly impact the security priorities and initiatives across all types of organizations and business.

CISSPs

As (ISC)² CISSPs participate in this two-day instructor-led program and pass the CSCS™ exam, they are then responsible to document their time at  Continuing Professional Education (CPE), i.e. https://www.isc2.org/cgi-bin/content.cgi?category=24 for possible eligibility for additional CPEs. The CSCS™ program offers 16 CPEs for CISSPs.  

Exam Fee

The Certified Security Compliance Specialist™ (CSCS™) exam fee is $495.00.

Requirements for Maintaining CSCS™

CSCS™s must comply with the following requirements to retain certification:

• Comply with the ecfirst Code of Professional Ethics.
• Re-certify once every three (3) years. Information on re-certification exams are announced at www.ecfirst.com. Re-certification exam fee is $295.00.
  
  

Revocation of CSCS™ Certification

ecfirst may, at its discretion after due and thorough consideration, revoke an individual’s CSCS™ certification for any of the following reasons:

• Violating any provision of the ecfirst.com Code of Professional Ethics
• Falsifying or deliberately failing to provide relevant information
• Intentionally misstating a material fact
• Engaging or assisting others in dishonest, unauthorized or inappropriate behavior at any time in connection with the CSCS™ exam or the certification process
  
  

Training Options

The two-day Certified Security Compliance Specialist™ (CSCS™) program is delivered worldwide. Call ecfirst at 877.899.9974 x16 today to discuss details about locations and schedules. 

CSCS™ program attendees may pursue additional career development with the Certified HIPAA Professional (CHP) program. Mention you have passed the CSCS™ exam and receive 20% off the instructor-led tuition fee for the CHP program. 

On Site Training

Bring ecfirst training, certification and executive briefs to your site. ecfirst will customize the session to meet your specific requirements and time frames. 

CSCS Program Attendees (Partial List)

Central Valley Collaborative	ACMC
SCVHHS	Mays Homecare
CareSource	Horne LLP
Maricopa Integrated Health System	Prime Healthcare Services
Yampa Valley Medical Center	Pioneers Medical Center
Aspen Valley Hospital	Southwest Memorial Hospital
Rangely District Hospital	St. Mary’s Hospital
Community Hospital	Pensacola Junior College
City of Pensacola	Lakeland Regional Medical Center
SeniorLink	Torchmark Corp.
Krystal Air	Essex County Hospital
The Salvation Army	Hewlett-Packard
California Rural Indian Health	Epocrates
All India Radio (AIR)	Amity Group
Telecomers	K. genix Biotech Pvt. Ltd.
Moorings Park	Integris Health
State of Alaska	Erickson Retirement
CHRISTUS Health	HCA
Children’s Medical Center of Dallas	Meritain Health
Advocate Healthcare	Rush North Shore Medical Center
ICE Technologies	Core Communications
Carroll County, Iowa	CVS Caremark
Halifax Health	Ghana Health Service
University of California, San Francisco Medical Center	National Health Insurance Authority Ghana
Hoag Hospital	Loma Linda University Medical Center
Coulton-Potsdam Hospital	United Healthcare – Prescription Solutions
Perot Systems	Aultman Health Foundation
OSF Healthcare Systems	Red Hat, Inc.
Nyemaster Goode, PC	Lockheed Martin
Howard Technology Solutions	Innovative Solutions
3SG	City of Los Angeles, California
Vemics	Northwest Community Hospital
Zayata India Pvt. Ltd.	Revolution.com
ITCHI, Inc.	Riverside County, California
American Hospital Association Solutions	Ascension Health
ITS	Onsite Computer Solutions
Gotham OHC, Inc.	WorldTech USA, Inc.
Cascade Healthcare Community	Rockford Health Systems
Moylans Insurance Underwriters, Inc.	Familylinks, Inc.
Intuit, Inc.	Trace Security, Inc.
Compliance Counsel, LLC	Blessing Hospital
Sherman Hospital	Ernst & Young
Humility of Mary Health Partners

 

Reference Materials

ecfirst

ecfirst is passionate about developing and validating information security compliance knowledge. ecfirst, in business since 1999, was recognized as an Inc. 500 fastest growing privately held business in the United States in its first year of eligibility. ecfirst is an organization with deep hands-on experience in compliance and IT services.

ecfirst serves a Who’s Who client list of over 1,400 that includes Principal Financial, numerous hospitals including Edward, Sherman, Condell, BSA, Mercy, Northwest Community, Samaritan and many others. State and county governments that have been trained by ecfirst include the State of Oregon, Iowa, and Illinois. U.S. government agencies that have participated in ecfirst.com programs include the U.S. Department of Veterans Affairs, Air Force, Coast Guard, Homeland Security, Coast Guard and several others.

Disclaimer

This document is a guide to those pursuing the CSCS™ certification. No representations or warranties are made by ecfirst that the use of this guide or any other associate publication will assure candidates of passing the CSCS™ exam. 

Disclosure

Copyright © 2006-2011 by ecfirst. Reproduction or storage in any form for any purpose is not provided without prior written permission from ecfirst. No other right or permission is granted with respect to this work. All rights reserved. 

Contact Information

14225 University Avenue, Suite 240

Waukee, Iowa 50263, United States

Phone: +1.515.453.8247 x17

Fax: +1.515.453.8471

Email: Lorna.Waggoner@ecfirst.com

Web-site: www.ecfirst.com  

 

Program Architect - Cyber Security & Compliance Expert

Uday Ali Pabrai, CISSP (ISSAP, ISSMP), Security+, is the chief executive of ecfirst, an Inc. 500 business. A highly sought after information security and regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide.  

Author of Cyber Security Strategy: The 4 Laws of Information Security, he developed a unique security methodology called, BizShield: The Seven Steps to Enterprise Security. BizShield today provides the framework for many security initiatives at client organizations worldwide.  

Mr. Pabrai was the creator of the world’s most successful Internet skills certification, CIW. Mr. Pabrai also established the industry’s first certification program on HIPAA - Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSSTM). He also launched the Certified Security Compliance Specialist (CSCS™) program. Mr. Pabrai is the co-creator of the Security Certified Program (SCP) – a program approved by the U.S. Department of Defense Directive 8570.1M and one of the industry’s most comprehensive hands-on information security certification programs. 

Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISSA, HCFA, HIPAA Summit, Microsoft Tech Forum (HIMSS), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), HIMSS Midwest Conference, National Council for State Board of Nursing IT Conference, and many others.  

He has delivered fast paced, high energy briefings in many cities worldwide including New Delhi, Bangalore and Mumbai (India), Tsukuba City (Japan), Dubai (UAE), Karachi and Lahore (Pakistan), London (UK), and across the United States. 

Mr. Pabrai’s clients have included hundreds of hospitals, long term care facilities, Microsoft, Kemin, Ernst&Young, Elkay, Intuit, Pella, Principal Financial, U.S. Naval Surface Warfare Center, U.S. Defense Intelligence Agency, U.S. Department of Veteran Affairs, as well as numerous federal, state and county governments.  

His career was launched with the U.S. Department of Energy’s nuclear research facility, Fermi National Accelerator Laboratory in Chicago. During his career, he has served as Vice Chairman and in several senior Officer Positions with NASDAQ-based firms. Mr. Pabrai is a member of the U.S. FBI InfraGard. 

He can be reached at Pabrai@ecfirst.com or at 949.260.2030.