Security roles and responsibility, Information security governance, business alignment, information security metrics, information security models and balance scorecard, strategy development,

Risk management concept, risk management technology, risk management strategy, risk management frameworks, gap analysis and supports. Risk identification, likelihood, and impacts. Risk management life cycle, process and methodologies, Assets identification, valuation, and classifications.

Risk, Threat and vulnerability identification, likelihood and impacts assessment.

Risk management and Business continuity plans, Risk register, Risk third-party management, Risk integration, Risk indicators, monitoring and reporting. Security and awareness training,

Information security program development, frameworks, scope and charter and road map, risk treatment, risk treatment, Audit reviews and policy development. Event monitoring, vulnerability management, vulnerability management, Endpoint protection, identity and access management, security incident management, service provider, Data security, Desk Service, Incident, Problem, Change and Configuration Managements. Financial management, capacity management, Asset Management.

Control classification. Internal control, information systems control objectives, control assessment, Metrics, and monitoring.

Incident response plans and development, objective, maturity, resources, and controls.

Incident detection, initiation, evaluation, eradication, and recovery.

Business continuity and Disaster recovery planning. Test of business continuity and disaster recovery planning etc.