ICT Security Expert with federal diploma («ICTSED»)

• Embedding the security strategy in your company
• Establishing an information security management system (ISMS) based on ISO/IEC 27001
• Running a security program in your organization
• Managing stakeholders
• Raising safety awareness in your company
• Managing events and backing up information
• Identification and assessment of risks
• Defining and coordinating protective measures
• Ensuring the effectiveness of defensive measures
• Knowing and understanding the new requirements of the nFADP

1. Onboarding (1 hour)
2. IT & Cybersecurity Risk Management (1 day)
   • Introduction cybersecurity risk management
   • The impact of cyber-threats
   • Risk management as part of a broader cyber security management approach
   • Compliance with cyber security standards
   • Risk management strategy
   • Best practice
3. ISO/IEC 27001:2022 Lead Implementer (4 days)
   • Introduction to ISO/IEC 27001 and initiation of an ISMS 
   • Planning the implementation of an ISMS 
   • Implementation of an ISMS
   • ISMS monitoring, continuous improvement and preparation for the certification audit
4. ISO/IEC 27001:2022 Lead Implementer Brush-up (0.5 days)
5. ISO 27001 in practice (0.5 days)
   • Why did we choose ISO 27001?
   • How did we proceed?
   • Learnings and recommendations
6. Project Management Basics for IPMA Level D (3 days, without exam)
   • Definition project / project management
   • Project management procedure models
   • Project portfolio management
   • Initiating projects
   • Planning of projects
   • Execution and monitoring of projects
   • Completion of projects
7. Security Awareness in the company (0.5 days)
   • Strategic planning of security awareness measures
   • Examples of methodical training approaches and concepts
   • Examples of holistic security awareness programs
   • Sustainable communication methods and channels
   • Performance measurement of security awareness measures/KPIs
8. The new Swiss Federal Act on Data Protection (1 day)
   • Data protection principles
   • Scope
   • Personal data categories
   • Profiling
   • Information requirements (cookies, profiling tools, etc.) 
   • Consent (clickwrapping) 
   • Reporting obligations (process data breaches)
   • IT security principles (privacy by default and privacy by design) 
   • Sanctions (fines)
   • Data subject rights (process descriptions)
   • Code of conduct and certification procedures
   • Special issues: Cloud computing and foreign storage, commissioned data processing
9. Development of data protection concept / DSMS Data protection management system (1 day)
   • Directory of processing activities
   • Data protection impact assessment 
   • Privacy policy
10. Cloud Service Governance (for Manager) (1 day)
    • Cloud services – Service models, architecture models and the cloud reference architecture
    • Cloud services in a business context and governance
    • Cloud and the data life cycle; legal requirements regarding cloud security
    • Security certifications and attestations in the cloud environment
    • Cryptography and key management in clouds; Cloud Access Security Broker (CASB)
    • Cloud services and business continuity, disaster recovery
    • Risks of Cloud Services and the Secure Way into the Cloud
    • Cloud Security Operations, Security Incident Management, Security Testing and Forensics in Cloud Services
11. Cybersecurity – Technical Overview (2 days)
    • Differentiation between information security, ICT security, cyber security; IT security and OT security, safety & security
    • Lifecycle of data
    • Technology levels – abstraction levels between business process and IT / technology
    • Security architectures – Security models
    • Computer systems – client/server; processor architectures
    • Cryptography 
    • Network fundamentals: the OSI model from the physical layer to the application layer
    • Network Security, Physical Security
    • Identity and Access Management (IAM)
    • Security Assessment and Testing
    • Software development security
12. Security Governance and Management (2 days)
    • Information security governance
    • ICT security organization
    • ICT security architecture
    • Information security metrics, reporting
    • Information security business case, return on security investment
    • Information security incident management
13. Exam preparation (4 days)

Consists of the following modules

• Exam Q&A
• Onboarding
• IT & Cybersecurity Risk Management («RISK»)
• ISO/IEC 27001:2022 Lead Implementer Course
• ISO/IEC 27001:2022 Lead Implementer Brush-up
• Project Management Basics for IPMA Level D («PMEM»)
• Security Awareness in your company («SAWG»)
• The new Swiss Federal Act on Data Protection («NDSGT»)
• Development of data protection concept / DSMS Data protection management system
• Cloud Service Governance (for Manager) («CLSECU»)
• Cybersecurity – Technical Overview («ICTTEC»)
• Security Governance and -Management («ICTMAG»)
• Exam preparation

This exam preparation course is designed for executives of private companies and public institutions who are responsible for the management of information security and intend to prepare for the ICT Security Expert degree with a federal diploma.

In order to carry out the activities of an ICT Security Expert professionally, you are familiar with your organisation and its products, processes and information and are able to guarantee appropriate information security.

The exam ICT Security Expert with federal diploma is open to those who:

1. Have a tertiary degree in computer science (federal diploma of higher education; bachelor; master) or an equivalent qualification and has at least three years of professional experience in the field of ICT security
2. OR have a tertiary degree in another field (federal diploma of higher education; bachelor; master) or an equivalent qualification and at least four years' professional experience in ICT security
3. OR have completed upper secondary education in informatics or an equivalent qualification and has at least six years' professional experience in ICT security
4. OR have completed upper secondary education in another field (federal diploma of vocational education and training; educ. school leaving examination; vocational secondary school certificate) or an equivalent qualification and at least eight years' professional experience in the field of ICT security
5. AND provides up-to-date evidence that there is no entry in the central criminal record incompatible with professional activity

Please note that the professional experience refers to the competences defined by ICT Berufsbildung: You must have work experience based on management competencies, not technical competencies. 

Mandatory preliminary clarification:
It is mandatory that you clarify your admission to the federal examination through ICT Berufsbildung BEFORE registering for your course. ICT Berufsbildung requires the following documents so that a binding statement can be made about your admission to the examination.

• Preliminary clarification of admission to the examination ICT Security Expert
• CV
• Job references showing the required professional experience (a job description from the current position with confirmation that you are working in this position is sufficient)
• Diploma/certificate of the highest degree

The examination is held once a year in November by ICT Berufsbildung and consists of four parts:

• Portfolio work (this is prepared in advance in written form)
• Presentation and expert discussion on the portfolio (30 to 40 minutes)
• Case studies (120 minutes in written form)
• Case simulation (300 minutes practical cases)

The examination fee is CHF 3'400.–

• Eidg. dipl. ICT Security Expert

• Eidg. dipl. ICT Security Expert

Please also note the information provided by Staatssekretariat für Forschung, Bildung und Innovation (SFBI) for the financing of preparatory courses. You can have your course fees partially refunded, on the condition that you have taken the federal examination. More information can be found here.