- Certified Security Compliance Specialist™ (CSCS™)
- CSCS™ Course Outline
- About CSCS™ Instructor
- CSCS™ exam
- CSCS™ FAQ
- CSCS™ Testimonials
- SHOP ONLINE
Increasingly, businesses are challenged with both securing their digital assets and the information infrastructure as well achieving full compliance with legislations that impact their industry. Healthcare, financial, government and other verticals are required to constantly monitor the changing dynamics of their infrastructure to mitigate risks and vulnerabilities as well as ensure compliance with international as well as U.S. federal and state legislations and industry best practices. Further, United States federal information systems and those of their business associates must meet specific certification and accreditation security guidelines.
CSCS™ Program Covers Major Information Security Regulations & Standards
The CSCS™ Program is the first and only program in the world that provides a comprehensive treatment of major Information Security regulations and standards. You can expect to learn and understand core requirements of the following from the CSCS™ program:
- ISO 27002
- PCI DSS
- Information Security Requirements
The Certified Security Compliance Specialist™ (CSCS™) credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with Information Security-based regulations.
Compliance is big business. Legislations such as PIPEDA, FFIEC, HIPAA and standards such as the ISO 27002 are a requirement for organizations to comply with. A key objective for organizations worldwide is to integrate security best practices and be in compliance. Skilled professionals who understand regulatory compliance requirements and Information Security are valued across several industries, especially healthcare, financial and the government.
The Certified Security Compliance Specialist™ (CSCS™) is a unique program of its type in the compliance and security industries – indeed the first of its type in the world. It is laser-beam focused on thoroughly examining compliance requirements and establishing best practices that can be applied in securing today’s digital business information infrastructure.
Organizations are fast moving to a digital ecosystem that is governed by strict regulatory compliance requirements. Validate your compliance security skills and knowledge and distinguish yourself with the credential, Certified Security Compliance Specialist™ (CSCS™).
Distinguish Yourself in the Marketplace – Get the CSCS™ Credential!
Just having a background in Information Technology (IT) or Information Security is not sufficient anymore for the challenges of business today. Employers are looking for individuals who not only have IT skills but also understand compliance regulations that impact their industry and business – because these are priorities that must be met.
Module 1: Introduction
- State of Security
- U.S. Requirements
Module 2: PCI DSS
- Control Objectives
- Defined Requirements
- Critical References
Module 3: Healthcare Information Security
- Healthcare Security Challenges
- HIPAA Security & HITECH Legislations
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- ISO 27799 Standard
Case Study: Risk Analysis
Examine compliance mandates for risk analysis. Analyze how to conduct a comprehensive and thorough risk analysis to identify compliance and security deficiencies. Walk through core components of the resulting Corrective Action Plan (CAP) – your roadmap for enabling a more resilient enterprise.
Module 4: ISO 27000
- Introduction to ISO 27000
- Information Security Management Systems
Module 5: ISO 27001
- Introduction to ISO 27001
- Security Domains
Module 6: ISO 27002
- ISO 27002 Standard
- Key Clauses, Categories and Controls
Case Study: ISO 27001 Certification
Effective communication at all stages is vital to the success of the ISMS and achieving conformance/certification.
Module 7: U.S. Federal & State Regulations
- California’s SB 1386 and SB 541
- California’s AB 1950, AB 1298, & AB 211
- Nevada’s 597.970
- Massachusetts’s 201 CMR 17.00
- Data Breach Challenges
- Encryption Requirements
Module 8: NIST Standards & Guidance
- Special Publications
- Key Guidance References
Module 9: Business Continuity Planning (BCP)
- Definition and Scope
- Components of a Contingency Plan
- Disaster Recovery Plan
- Emergency Mode Operation Plan
- Classification of Information
- Classification of Threats
- Types of Alternate Sites
- Getting Started
Case Study: Conducting a Business Impact Analysis (BIA)
Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report.
Module 10: Cyber Security Strategy
- What is Your Security Strategy?
- Enterprise Security Methodology
- Risk Analysis
- Getting Started
Case Study: Anatomy of a Policy
Understand the key components of a well written information security policy. Review sample policy types and organization.
A highly sought after professional, he has successfully delivered solutions to U.S. government agencies, IT firms, healthcare systems, legal & other organizations worldwide.
Mr. Pabrai served as an Interim CISO for a health system with 40+ locations in USA. Mr. Pabrai has led numerous engagements worldwide for ISO 27001, PCI DSS, NIST & HIPAA/HITECH security assessments.ecfirst is an approved HITRUST CSF assessor & a PCI Qualified security Assessor.
Mr. Pabrai developed a signature security methodology called, bizSHIELDtm. The Seven Steps to HIPAA Security. bizSHIELDtm today provides the framework for many security and compliance initiatives at client organizations worldwide.
Mr. Pabrai was the creator of the world’s most successful Internet skills certification, CIW. Mr. Pabrai also established the industry’s first certification program on HIPAA – Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist™ (CHSS™). He also launched the Certified Security Compliance Specialist™ (CSCS™) program.
Mr. Pabrai is the co-creator of the Security Certified Program (SCP) – a program approved by the U.S. Department of Defense Directive 8570.1M and one of the industry’s most comprehensive hands-on information security certification programs.
Mr. Pabrai has presented passionate briefs to tens of thousands globally, including the USA, United Kingdom, France, Taiwan, Singapore, Canada, India, UAE, Africa, Saudi Arabia, Philippines, Japan & others. Conferences Mr. Pabrai has been featured at include HCCA, ISACA CSX, HIMSS, InfraGuard(FBI), ISSA, HIPAA Summit, Google Privacy & Security Summit, Microsoft Tech Summit, Internet World, DCI Expo, & dozens of others. Mr. Pabrai is the author of several Published works.
He has delivered fast paced, high energy briefings in many cities worldwide including Jeddah, (Saudi Arabia); New Delhi, Bangalore, Chennai and Mumbai (India); Tsukuba City (Japan); Dubai, Abu Dhabi (UAE); Karachi and Lahore (Pakistan); London (UK), and across the United States. Mr. Pabrai’s clients have included hundreds of hospitals, long-term care facilities, Kaiser, Microsoft, Kemin, Ernst & Young, Elkay, Intuit, Pella, Principal Financial, U.S. Naval Surface Warfare Center, U.S. Defense Intelligence Agency, U.S. Department of Veteran Affairs, as well as numerous federal, state and county governments.
His career was launched with the U.S. Department of Energy’s nuclear research facility, Fermi National Accelerator Laboratory, in Chicago. During his career, he has served as Vice-Chairman and in several senior officer positions with NASDAQ-based firms.
Mr. Pabrai was appointed and servers as a member of the select HITRUST CSF Assessor Council.
Mr. Pabrai is a proud member of the U.S. InfraGard (FBI).
He can be reached at Pabrai@ecfirst.com or at +1.949.528.5224.
Control your excitement!
The CSCS™ exam is delivered at the conclusion of the instructor-led 2-day program. The exam validates knowledge and skill sets in information security for the legislations, standards and frameworks delivered in class.
The exam comprises two parts, a practical session during which students work together in groups to solve real world problems using the skills learned on day 1 and a multiple-choice paper exam.
In the practical session, students will be divided into groups and given scenarios to solve, including evidence of real world issues such as information security breaches and regulatory noncompliance. The session is open book and students are encouraged to bring their own knowledge & experience to enhance the group performance as well as using research and collaboration skills to achieve the best results.
The practical session accounts for 25% of the overall exam score and will be marked in “real-time” during the group presentations. These scores will be pre-entered on the multiple-choice paper so that each student knows what they have to achieve from the second part of the exam.
The multiple-choice paper consists of 60 questions; time allowed: 60 minutes.
|Examination Areas||Percentage of Exam|
|US National and State Standards (FISMA, NIST, State Regulations)||15%|
|International Standards (ISO 27001, PIP, PIPEDA, DPA)||15%|
|Business Regulations (PCI DSS, SOC2)||15%|
|Healthcare Regulations (HIPAA, HITECH, ISO 27799)||15%|
|Cyber Security Strategy (Risk Analysis and Management, Business Impact Analysis, Business Continuity Planning)||15%|
Scores from the practical and multiple-choice exams are added together and to achieve CSCS™ certification students must achieve an overall score of 75% or more.
CSCS™ exam questions are developed with the intent of measuring and testing practical knowledge and application of general concepts and standards in the area of regulatory compliance and information security. Every CSCS™ exam question has a stem (question) and five options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may be included.
What is the CSCS™ program all about?
The Certified Security Compliance Specialist™ (CSCS™) is a unique program of its kind in the compliance and security industry and the first of its type in the world. It is laser -beam focused on thoroughly examining compliance requirements and establishing best practices that can be applied in security today’s digital business information infrastructure.
This program is designed to enable professionals to understand, prioritize and ultimately,assist organizations achieve compliance with information security - based regulations
Is there a prerequisite for the CSCS™ program?
There is no prerequisite for the program; however, you must attend the two-day training session delivered by ecfirst of one of its Authorized Partners and pass the exam or pass the online exam to receive certification.
Who is the target audience for the CSCS™ program?
- Compliance professionals and managers
- Information Security Officers
- Security practitioners
- Privacy Officers
- Senior It professions
What are the major areas the CSCS™ program covers?
This is the first and only program in the world that provides a comprehensive treatment of major information and security regulations and standards. You can expect to learn and understand the core requirements of these regulations following completion of the program:
- ISO Standards, including 27001, 27002, 27799
- PCI DSS
- NIST Standards
- U.S State Regulations on Information Security
Can I earn Continuing Education Units (CEUs) for taking this course?
Yes, upon successful completion of the course, you may earn 16 CEUs.
How is the CSCS™ program offered?
You can complete the CSCS™ program two ways:
- Self-study through CHP study kit
What is the cost of the CSCS™ program?
- Instructor-led Training— $1,650 plus $495 exam fee
- Self-study through CSCS™ study kit and exam — $695
How do I register for the CSCS™ program?
To register for a CSCS™ program and pay by credit card, visit our Online Store. If you wish to pay by check, please email Kristen.Laidley@ecfirst.com. to request of registration form and invoice. If you register for the Self- study, you will receive an exam voucher. This allows you online access to the exam for up to six months.
If I’m registered for an instructor- led course, when will I receive my training materials?
Training materials are delivered on the first day of class.
After passing the certification exam, how soon will I receive my certification?
Your certification will be sent to you by the HIPAA Academy within 30 days of passing the exam. If you do not receive your certification within 30 days, please email Kristen.Laidley@ecfirst.com.
If I don’t pass the exam, can I retake it?
Yes, if you do not pass the CSCS™ certification exam, you can retake the exam online. The cost for a retake exam is $395. Register here for a retake exam or email Kristen.Laidley@ecfirst.com.
Do I need to renew my CSCS™ certification?
Your CSCS™ certification is valid for three years. The HIPAA Academy will notify you when your renewal is approaching. Recertification fees are $395. With this you will receive an updated copy of the CSCS™ manual and a new certificate valid for three years.
What happens if I don’t renew my CSCS™ certification within the three - year period?
If you do not renew your certification within three years of your certification date, you are required to retake the CSCS™ exam and pay $495.
How will this certification enhance my skills?
Comprehensive training and certification in the CSCS™ program provides a solid foundation to quickly identify potential violations of compliance regulations and a solid knowledge of how to correct problems.
How will this certification benefit my employer?
Employers will realize potential loss incidents from information security violations when employees are more thoroughly trained in the regulations.
Will this certification help me in a job search?
Certification can provide a distinguishing factor for potential employers in the information technology industry. The program prepares you to examine the world’s leading standards for information security and compliance. You can apply for job which require knowledge of key security standards and compliance mandates. The credential can be used after your name upon passing the exam.