EC-Council Certified Chief Information Security Officer (C|CISO)

EC-Council Certified Chief Information Security Officer (C|CISO)

Overview:

EC-Council’s CCISO Program has certified leading information security professionals globally. The program’s foundation was shaped by the CCISO Advisory Board, a group of high-level information security executives who outlined the exam content, body of knowledge, and training curriculum. Board members contributed as authors, exam writers, quality assurance reviewers, and trainers. Each program segment was developed with aspiring CISOs in mind, aiming to transfer the knowledge of seasoned professionals to the next generation, focusing on the critical areas needed to develop and maintain a successful information security program.

Duration:

4 Days

Target Student:

This course is designed for aspiring or current upper-level managers looking to advance their careers by applying their deep technical knowledge to business problems.

Prerequisites:

Candidates interested in earning the C|CISO Certification must qualify through EC-Council’s Exam Eligibility application before taking the C|CISO Exam. Only students with at least five years of experience in three of the five domains can sit for the C|CISO Exam. Students who do not qualify or fail to complete the application may take the EC-Council Information Security Manager (EISM) exam and earn that certification. EISM holders can then apply for the C|CISO Exam once they meet the required experience.

Course Objectives:

In this course, you will gain in-depth knowledge in each of the five C|CISO Domains:

  1. Domain 1 – Governance (Policy, Legal, and Compliance)
  • Information Security Management Program
  • Defining an Information Security Governance Program
  • Regulatory and Legal Compliance
  • Risk Management
  1. Domain 2 – IS Management Controls and Auditing Management
  • Designing, deploying, and managing security controls
  • Understanding security control types and objectives
  • Implementing control assurance frameworks
  • Understanding the audit management process
  1. Domain 3 – Security Program Management & Operations
  • The role of the CISO
  • Information Security Projects
  • Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
  1. Domain 4 – Information Security Core Competencies
  • Access Controls
  • Physical Security
  • Disaster Recovery and Business Continuity Planning
  • Network Security
  • Threat and Vulnerability Management
  • Application Security
  • System Security
  • Encryption
  • Vulnerability Assessments and Penetration Testing
  • Computer Forensics and Incident Response
  1. Domain 5 – Strategic Planning, Finance, and Vendor Management
  • Security Strategic Planning
  • Alignment with business goals and risk tolerance
  • Security emerging trends
  • Key Performance Indicators (KPI)
  • Financial Planning
  • Development of business cases for security
  • Analyzing, forecasting, and developing a capital expense budget
  • Analyzing, forecasting, and developing an operating expense budget
  • Return on Investment (ROI) and cost-benefit analysis
  • Vendor management
  • Integrating security requirements into the contractual agreement and procurement process

Together, these five domains equip participants with the comprehensive knowledge and skills needed to become competent executive information security practitioners.