EC-Council’s CCISO Program has certified leading information security professionals
around the world. A core group of high-level information security executives, the CCISO
Advisory Board, contributed by forming the foundation of the program and outlining the
content that would be covered by the exam, body of knowledge, and training. Some
members of the Board contributed as authors, others as exam writers, others as quality
assurance checks, and still others as trainers. Each segment of the program was developed
with the aspiring CISO in mind and looks to transfer the knowledge of seasoned
professionals to the next generation in the areas that are most critical in the development
and maintenance of a successful information security program.
The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.
In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the certification.
Who should attend
This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems.
Candidates interested in earning the C|CISO Certification must qualify via ECCouncil’s Exam Eligibility application before sitting for the C|CISO Exam. Only students with at least five years of experience in three of the five domains are permitted to sit for the C|CISO Exam. Any student who does not qualify to sit for the exam or who does not fill out the application will be permitted to take the EC-Council Information Security Manager (EISM) exam and earn that certification. EISMs may then apply for the CCISO Exam once they have achieved the required years of experience.
In this course, you will learn in-depth content in each of the 5 CCISO Domains:
- Governance, Risk, Compliance
- Information Security Controls and Audit Management
- Security Program Management & Operations
- Information Security Core Competencies
- Strategic Planning, Finance, Procurement, and Third-Party Management
Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
In order to earn the CCISO, every applicant must pass the exam covering all 5 CCISO domains, regardless of experience in each domain. The exam consists of 150 multiple-choice questions administered over a two and a half hour period. The questions on the exam require extensive thought and evaluation.
About the Exam
There are three cognitive levels tested on the CCISO exam but only two tested on the EISM exam:
- Level 1 – Knowledge: This cognitive level of questions is used to recall memorized facts. This is the most basic cognitive level rarely accepted on certifications as it merely recognizes the candidate’s ability to memorize information. It can be effectively used when asking for basic definitions, standards or any concrete fact. This level appears on both the CCISO and EISM exam.
- Level 2 – Application: This cognitive level of questions is used to identify the candidate’s ability to understand the application of a given concept. It differs from Knowledge based questions in the sense that it requires the understanding and correct applicability of a given concept – not just the concept itself. This type of question often quires additional context before the actual question is provided in the stem. This level appears on both the CCISO and EISM exam.
- Level 3 – Analysis: This cognitive level of questions is used to identify the candidate’s ability to identify and resolve a problem given a series of variables and context. Analysis questions differ greatly from Application based questions in the sense that they require not only the applicability of a concept but also how a concept, given certain constrain can be used to solve a problem. This level appears on the CCISO and not on the EISM exam.
The program focuses on five domains to bring together all the components required for a C-Level position.
It combines governance, security risk management, controls, audit management, security program
management and operations, information-security core concepts, and strategic planning, finance, and
vendor management––skills that are vital to leading a highly successful information security program.
The five domains were mapped in alignment to the NICE Cybersecurity Workforce Framework (NCWF),
a national resource that categorizes and describes cybersecurity work, listing common sets of duties and
skills needed to perform specific tasks.
The framework consists of seven highly important categories; one of which is “Oversight and Development” and deals with leadership, management, direction, and advocacy. It was upon these requirements that the CCISO program was created, with skill development courses in legal advice and advocacy, strategic planning and policy development, Information Systems Security Operations (ISSO), and Security Program Management (CISO) being 95% related to the NCWF.