CCISO Certification is an up skill to be succeeded at the highest levels of information security. It’s first of its kind training certification program aimed at producing top-level information security executives. It not only concentrates on technical knowledge but also on the application security management principles from an executive management point of view.
The program consists of three committees: Training, Body of Knowledge and the C|CISO Exam. Every element of this program was developed with the aspiring CISO keeping in minds and looks to spread the knowledge of seasoned professionals to the next generation in the arena that are most critical in the growth sector and maintenance of a successful information security program.
EC-Council Certified Chief Information Security Officer (C|CISO)
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
Domain 1 – Governance (Policy, Legal, and Compliance)
The first Domain of the C|CISO program is concerned with the following:
• Information Security Management Program
• Defining an Information Security Governance Program
• Regulatory and Legal Compliance
• Risk Management
Domain 2 - IS Management Controls and Auditing Management
Domain 2 of the CCISO program, one of the cornerstones of any information security program, is concerned with the following:
• Designing, deploying, and managing security controls
• Understanding security controls types and objectives
• Implementing control assurance frameworks
• Understanding the audit management process
Domain 3 of the C|CISO program covers the day-?to-?day responsibilities of a CISO, including:
The role of the CISO
• Information Security Projects
• Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
Domain 4 of the CCISO program covers, from an executive perspective, the technical aspects of the CISO job including:
• Access Controls
• Physical Security
• Disaster Recovery and Business Continuity Planning
• Network Security
• Threat and Vulnerability Management
• Application Security • System Security
• Encryption
• Vulnerability Assessments and Penetration Testing
• Computer Forensics and Incident Response
Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:
• Security Strategic Planning
• Alignment with business goals and risk tolerance
• Security emerging trends
• Key Performance Indicators (KPI)
• Financial Planning
• Development of business cases for security
• Analyzing, forecasting, and developing a capital expense budget
• Analyzing, forecasting, and developing an operating expense budget
• Return on Investment (ROI) and cost-benefit analysis
• Vendor management
• Integrating security requirements into the contractual agreement and procurement process
• Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of organization as well as aspiring CISOs. Other Information Security Management Certification programs focus on middle management. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their own processes & programs.
This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems.
In order to sit for the CCISO exam, applicants that attend training must apply via the CCISO Eligibility Application showing 5 years of experience in at least 3 of the 5 CCISO domains (experience can be overlapping). Students who do not meet the eligibility criteria for the CCISO exam can sit for the EC-Council Information Security Manager (EISM) exam & apply for the CCISO exam they meet the requirements
EXAM TITLE – EC-Council Certified CISO
EXAM CODE – 712-50
# OF QUESTIONS – 150
DURATION – 2.5 Hours
AVAILABILITY – ECC Exam Portal
TEST FORMAT – Scenario-based multiple choice
Check out what our students have to say
EC-Council Certified Chief Information Security Officer | CCISO
Overview:
EC-Council Certified Chief Information Security Officer (C|CISO)
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
Course Objectives:
Domain 1 – Governance (Policy, Legal, and Compliance)
The first Domain of the C|CISO program is concerned with the following:
• Information Security Management Program
• Defining an Information Security Governance Program
• Regulatory and Legal Compliance
• Risk Management
Domain 2 - IS Management Controls and Auditing Management
Domain 2 of the CCISO program, one of the cornerstones of any information security program, is concerned with the following:
• Designing, deploying, and managing security controls
• Understanding security controls types and objectives
• Implementing control assurance frameworks
• Understanding the audit management process
Domain 3 of the C|CISO program covers the day-?to-?day responsibilities of a CISO, including:
The role of the CISO
• Information Security Projects
• Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
Domain 4 of the CCISO program covers, from an executive perspective, the technical aspects of the CISO job including:
• Access Controls
• Physical Security
• Disaster Recovery and Business Continuity Planning
• Network Security
• Threat and Vulnerability Management
• Application Security • System Security
• Encryption
• Vulnerability Assessments and Penetration Testing
• Computer Forensics and Incident Response
Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:
• Security Strategic Planning
• Alignment with business goals and risk tolerance
• Security emerging trends
• Key Performance Indicators (KPI)
• Financial Planning
• Development of business cases for security
• Analyzing, forecasting, and developing a capital expense budget
• Analyzing, forecasting, and developing an operating expense budget
• Return on Investment (ROI) and cost-benefit analysis
• Vendor management
• Integrating security requirements into the contractual agreement and procurement process
• Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
10 reviews for EC-Council Certified Chief Information Security Officer | CCISO
Rated 5 out of 5
Kishore Angrishi –
Training was very useful to be successful in the certification. I liked the interactive sessions and real life examples provided through-out the session. Tushar is very knowledgeable and could explain all the concepts very well. I would highly recommend the training for anyone aspiring to get C-CISO certification
Certified Threat Intelligence Analyst | CTIA by ISACA is a training and credentialing program from Infosavvy which is designed and developed in collaboration with cyber security and threat intelligence experts across the globe. It helps organizations in identifying and mitigating business risks by converting unknown threats mainly internal and external into known threats. It is a comprehensive specialist level program that teaches a structured approach for building effective threat intelligence.
ECSA training from Infosavvy provides an absolute learning progress continuing where the CEH program left off. This new ECSAv10 program has updated syllabus and an industry recognized comprehensive penetration testing methodology.
Inclusive of all the above mentioned topics certifies the learner to elevate their abilities by applying these skills learned through intensive practical labs and challenges.
Various methods are covered by ECSA in this course which has different requirements across all the verticals. ECSA is an amalgamation of both manual and automated penetration testing.
ECIH is a program which enables individuals and organizations with the ability to handle and respond to various types of cyber security incidents in a systematic way (I, H and R). Restoring regular operations of the organizations at the earliest and mitigating the negative impact on the business operations.
The I, H and R process includes stages like incident handling and response preparation, incident validation and prioritization, incident escalation and notification, forensic evidence gathering and analysis, incident containment, systems recovery, and incident eradication.
ISO 27001 Lead Implementer is a professional certification course for specializing in information security management from ISACA offered by Infosavvy. Being protected is the need of every organization, relying on information systems to support all of their critical business processes.
With the increase in number of attacks, it can come from any private organization, individuals or even clandestine foreign intelligence agencies. These attacks can cause huge loss of information, theft of confidential data or damage to critical systems and documents, organization which can lead in severe consequences inclusive of financial repercussions and reputation risk.
Your obtained knowledge with ISO 27001 helps the organization in implementing an effective information security management system (ISMS) and your understanding of awareness can lead you in improving the process
CISSP stands for Certified Information System Security Professional. It is an information security certification granted by the International Information System Security Certification Consortium also known as (ISC)². CISSP is considered as gold standard in the field of information security.
A Lead Auditor is a position between Senior Auditor and Head of Division which makes sure and examines financial records. Ensuring that financial records are accurate and that taxes are paid properly and on time. They assess financial operations and work to help ensure that organizations run efficiently.
This course is guided by experienced Lead Auditors who have audited for almost Blue Chip clients. This program is important in becoming a registered Lead Auditor or Auditor. It provides you the skills which are required to assess the Information Security Management System of an organization.
This teaches you how to protect the information from a wide range of threats in order to ensure that the business is not breached in any way
Kishore Angrishi –
Training was very useful to be successful in the certification. I liked the interactive sessions and real life examples provided through-out the session. Tushar is very knowledgeable and could explain all the concepts very well. I would highly recommend the training for anyone aspiring to get C-CISO certification