EC-Council’s C|CISO Program

Train to become a Certified Chief Information Security Officer

Train for the C-Suite!

EC-Council’s Chief Certified Information Security Officer (CCISO) program has empowered information security professionals across the globe.

EC-Council developed the CCISO certification by leveraging the knowledge of a core group of deeply experienced information security executives within our CCISO Advisory Board. These seasoned professionals built the program’s foundation and outlined the content covered in the CCISO exam, body of knowledge, and training program. Each segment of the CCISO Program was developed in order to move a security professional’s career into the realm of executive leadership.

Through the CCISO program, we will transfer the knowledge of experienced professionals to you, the next generation of leadership, by focusing on the most critical competencies required to develop and maintain a successful information security portfolio. The CCISO program is a first-ofits-kind training and certification course that aims to produce cybersecurity executives of the highest caliber and ethics.

Register for the official CISO training

Who Needs the CCISO Program?

The CCISO certification is designed for information security professionals who want to advance their careers as a CISO or other executive-level security career path. In the CCISO program, cybersecurity leaders hone their knowledge and learn how to integrate information security initiatives with needs of the business by aligning to the critical goals and objectives of an organization.

Existing CISOs are also encouraged to participate in this program to strengthen their security program knowledge, understand current technology principles, and sharpen their business insight.

Are you ready to become a CCISO?

Find out what steps you need to take to get certified!

CCISO is a First-of-Its-Kind Certification

Accredited by ANSI

EC-Council’s CCISO certification program is accredited by ANSI. EC-Council is one of the few certification bodies with a primary specialization in information security to meet the ANSI/ ISO/IEC 17024 personnel certification accreditation standard.

Compliant with the NICE Framework

The five domains of the CCISO program are mapped to the NICE Framework, a national resource that describes and categorizes key cybersecurity functions, common sets of responsibilities, and skills needed to perform specific tasks.

Includes All Competencies Required for C-Level Cybersecurity Positions

The CCISO program imparts the skills necessary to lead a successful information security program including audit management, information security controls, human capital management, governance, strategic program development, and financial expertise.

Abstraction of Technical Knowledge

The CCISO course material includes a high-level understanding of technical topics, enabling executives to be familiar with technology principles and concepts. This empowers informed decisions and conceptual discussions.

Bridges Gaps Between Technical, Executive Management, and Financial Functions

Traditionally, leadership skills have been learned on the job, creating knowledge gaps as practitioners move from middle to senior management and executive roles. The CCISO program creates a bridge between the technical expertise many aspiring CISOs already possess and critical executive management skills. The CCISO training enables successful transition to the top levels of information security management.

Recognizes the Importance of Real-World Experience

Cybersecurity executives need deep experience in order create, lead, and enable security professionals. The CCISO program incorporates extensive real-world experience and input from current CISOs around the world. The CCISO Program transfers the knowledge, allowing our students to develop security portfolios that enable organizations to pursue their plans in the safest, most secure manner possible.

Designed by Industry Experts

The CCISO Advisory Board is comprised of practicing CISOs who have designed the program based on their operational experiences, technical knowledge, and management expertise. The Board includes security leaders from a wide range of industries and verticals, to include Amtrak, HP, the City of San Francisco, Lennar, the Centers for Disease Control, leading universities, and international consulting firms. They have contributed their vast knowledge to address the need for effective, efficient security leadership training.

Register for the official CISO training

The Five CCISO Domains

CCISOs exhibit their knowledge and experience in the following domains:


Governance and risk management (policy, legal, and compliance)


Information security controls, compliance, and audit management


Security program management and operations


Information security core competencies


Strategic planning, finance, procurement, and vendor management

Register for the official CISO training

Explore Program Options

There are three paths to attaining the CCISO designation:

  • Training
  • The Associate CISO Program
  • Self Study


This option is open to anyone interested in taking CCISO training. Official CCISO Training is required for applicants who do not meet the requirement for self-study.

Once training has been completed, applicants who would like to sit for the CCISO Exam will be required to fill out and return the Exam Eligibility Application proving that in addition to the the training, they also have 5 years of IS management experience in 3 of the 5 CCISO Domains. Once that application has been approved, instructions for purchasing a ECC Exam center voucher will be issued. Applicants who do not meet these requirements have the option of sitting for the EC-Council Information Security Manager (E|ISM) exam as part of the Associate CCISO Program.

Register for the official CISO training

The Associate CISO Program

This option is available to candidates who do not yet possess the required years of experience for either the self-study or training options. Associate CCISOs may sit for official CCISO training and then take and pass the EC-Council Information Security Manager (EISM) exam to enter the program at the associate level. Once the requisite years of experience have been completed, Associate CCISOs may take the full CCISO exam and earn the full certification at a discounted price.

Self Study

This option is available to individuals who possess the requisite Information Security Management experience. Self study candidates must submit the Exam Eligibility Application proving they have at least five years of experience in each of the five CCISO domains. After a candidate’s application has been approved, they may purchase an exam voucher in order to take the CCISO Exam. Credit toward experience is granted in certain domains in the case of industry-accepted, professional certifications and higher degrees in information security as shown below. Between certification and training waivers, applicants can only waive 3 years of experience for each domain.

Waivers for the CCISO are available to Self Study Candidates


Education Waivers

1. Governance, Risk, Compliance

Ph.D. Information Security (3 years),
MS Information Security Management,
MS Information Security Engineering (2 years),
BS Information Security (2 years)

2. Information Security Controls and Audit Management

Ph.D. Information Security (3 years),
MS Information Security Management,
MS Information Security Engineering (2 years),
BS Information Security (2 years)

3. Security Program Management & Operations

Ph.D. Information Security (3 years),
MS Information Security or
MS Project Management (2 years),
BS Information Security (2 years)

4. Information Security Core Competencies

Ph.D. Information Security (3 years),
MS Information Security (2 years),
BS Information Security (2 years)

5. Strategic Planning, Finance, Procurement, and Third-Party Management

CPA, MBA, M. Fin. (3 years)

About the EISM Program

Candidates who do not yet have 5 years of information security experience in at least 3 of the 5 CCISO Domains can still pursue a management certification to help propel their careers and put them on fast track toward obtaining the CCISO.

EISM students must attend training – the same CCISO training that upper level executives attend – before attempting the EISM exam. There are no experience requirements for this exam. The courseware and training programs are exactly the same as those of the CCISO program.

Imagine being able to push your new information security career forward using the same resources as seasoned professionals. That’s what the EISM program does. The EISM exam is a light version of the CCISO exam and tests the fundamentals of information security management.

Benefits of the EISM Program

  • EISM students are able to sit for the same training and courseware as seasoned CCISO students
  • EISM students are only tested on the basics of information security management while the CCISO candidates are tested on a much deeper level.
  • The EISM certification signals to the marketplace that you have chosen the management path as opposed to a purely technical career path
  • EISMs can apply for the CCISO program once they have acquired five years of experience in three of the five CCISO domains and receive the following:
    - Waived application fee
    - Half priced CCISO exam

The EISM program is right for you if:

  • You do not meet the minimum experience requirements for the CCISO program
  • You are more interested in a management career path than in a technical one
  • You have strong management skills and have worked in the information security industry for at least three years.
  • You are interested in one day obtaining a position as a CISO.

The EISM Exam

The EISM Exam is based on the same bank of questions as the CCISO exam – questions written by CISOs for current and aspiring CISOs. The difference is, there are scenario-based questions that require years of on the job experience to answer on the CCISO exam. These are omitted from the EISM exam and only the basic information security management questions remain.

The EISM exam:

  • 150 questions
  • 2 hour time limit
  • Multiple choice
  • 70% is the minimum passing score

All EISM students must take EC-Council official training before sitting for the EISM exam.

About the Exam

In order to earn the CCISO, every applicant must pass the exam covering all 5 CCISO domains, regardless of experience in each domain. The exam consists of 150 multiple-choice questions administered over a two and a half hour period. The questions on the exam require extensive thought and evaluation.

There are three cognitive levels tested on the CCISO exam but only two tested on the EISM exam:

  • Level 1 – Knowledge:
    This cognitive level of questions is used to recall memorized facts. This is the most basic cognitive level rarely accepted on certifications as it merely recognizes the candidate’s ability to memorize information. It can be effectively used when asking for basic definitions, standards or any concrete fact. This level appears on both the CCISO and EISM exam.

  • Level 2 – Application:
    This cognitive level of questions is used to identify the candidate’s ability to understand the application of a given concept. It differs from Knowledge based questions in the sense that it requires the understanding and correct applicability of a given concept – not just the concept itself. This type of question often quires additional context before the actual question is provided in the stem. This level appears on both the CCISO and EISM exam.

  • Level 3 – Analysis:
    This cognitive level of questions is used to identify the candidate’s ability to identify and resolve a problem given a series of variables and context. Analysis questions differ greatly from Application based questions in the sense that they require not only the applicability of a concept but also how a concept, given certain constrain can be used to solve a problem. This level appears on the CCISO and not on the EISM exam.

Passing Score

In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability.

We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

"Despite having 20 years of experience in information technology, including 8 years in information security and 15 years leading multidisciplinary teams in infrastructure and cybersecurity, I have gained a better understanding of the five critical domains explained in EC-Council’s CCISO body of knowledge and through real-life examples that the instructor presented during the CCISO certification program."

— Leandro Ribeiro Leader of Cyber Defense, United Health Group, Brazil

"If you want to be the best, I strongly believe the CCISO credential should be one of the first things you add to your professional profile."

— Rodney Gullatte, Jr. CEO, Firma IT Solutions and Services

"While my 23 years of a dynamic career reflects rich experiences and a successful journey, I realized it [was] time to move one step further and stay in power with the latest requirements for leaders in information security. The CCISO was an ideal choice for me, as it provided the necessary knowledge [of] required information security management, executive leadership, and risk management strategies to protect an organization."

— Deryck Rodrigues Vice President—Group CIO Regulatory, Risk & Control, Deutsche Bank

Recommendations and Accreditations

National Initiative for Cybersecurity Education

The five CCISO domains are mapped to the NICE Workforce Framework for Cybersecurity.

American National Standards Institute

The CCISO is independently accredited and designed to meet the rigorous ANSI standards.

U.S. Department of Defense

The CCISO certification is an approved baseline certification under DoD Directive 8570/8140.

U.S. Armed Forces

The CCISO certification provides an excellent opportunity for advancement in the U.S. military and is recognized by the U.S. Army, Navy, Air Force, and Marine Corps.

Do you have any questions about our training offerings?

Please feel free to get in contact with us and discuss your requirements
and find out how we can support skills development.

+386 1 320 78 80