EC – Council – Certified Chief Information Security Officer (CCISO) – Course
Domain 1 – Governance and Risk Management:
- Define, Implement, Manage, and Maintain an Information Security Governance Program
- Information Security Drivers
- Establishing an information security management structure
- Laws / Regulations / Standards as drivers of Organizational Policy / Standards / Procedures
- Managing an enterprise information security compliance program
- Introduction to Risk Management
Domain 2 – Information Security Controls, Compliance, and Audit Management
- Information Security Controls
- Compliance Management
- Guidelines, Good and Best Practices
- Audit Management
Domain 3 – Security Program Management & Operations
- Program Management
- Operations Management
Domain 4 – Information Security Core Competencies
- Access Controls
- Physical Security
- Network Security
- Certified Chief
- Endpoint Protection
- Application Security
- Encryption Technologies
- Virtualization Security
- Cloud Computing Security
- Transformative Technologies
Domain 5 – Strategic Planning, Finance, Procurement and Vendor Management
- Strategic Planning
- Designing, Developing, and Maintaining an Enterprise Information Security Program
- Understanding the Enterprise Architecture (EA)
- Vendor Management
EC-Council’s Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, formed the foundation of the program and outlined the content covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as instructors. Each segment of the program was developed with the aspiring and sitting CISO in mind and looks to transfer the knowledge of seasoned executives to the next generation of leaders in the areas that are most critical in the development and maintenance of a successful information security program.
The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. The job of the CISO is far too important to be learned by trial and error. Executive level management skills are not areas that should be learned on the job.
Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
Exam Eligibility & Minimum Requirements
In order to qualify to sit for the CCISO Exam without taking any training, candidates must have five years of experience in each of the 5 CCISO domains verified via the Exam Eligibility Application.
To sit for the exam after taking training, candidates must have five years of experience in three of the five CCISO Domains verified via the Exam Eligibility Application.
Waivers for the CCISO are available to Self-Study Candidates
|1. Governance and Risk Management||Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years|
|2. Information Security Controls, Compliance, and Audit Management||Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years|
|3. Security Program Management & Operations||Ph.D. Information Security – 3 years, MS Information Security or MS Project Management – 2 years, BS Information Security – 2 years|
|4. Information Security Core Competencies||Ph.D. Information Security – 3 years, MS Information Security – 2 years, BS Information Security – 2 years|
|5. Strategic Planning, Finance, Procurement, and Vendor Management||CPA, MBA, M. Fin. – 3 years|
This course is described as a Live Online – Training, Candidates must posses and adhere to the requirements referenced in the Exam Eligibility & Minimum Requirements Section, as well as be verified by EC – Council on the above stated requirements to be able to take the Exam.