CCISO Course Overview
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
Who should attend CCISO
This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems.
Prerequisites
Candidates interested in earning the C|CISO Certification must qualify via ECCouncil’s Exam Eligibility application before sitting for the C|CISO Exam. Only students with at least five years of experience in three of the five domains are permitted to sit for the C|CISO Exam. Any student who does not qualify to sit for the exam or who does not fill out the application will be permitted to take the EC-Council Information Security Manager (EISM) exam and earn that certification. EISMs may then apply for the CCISO Exam once they have achieved the required years of experience.
Duration
Lectures: 1 year access to video lectures
Labs: 6 months access to labs
- A voucher for taking the official CCISO exam is included in the price
CCISO course objectives
In this course, you will learn in-depth content in each of the 5 CCISO Domains:
- Governance, Risk, Compliance
- Information Security Controls and Audit Management
- Security Program Management & Operations
- Information Security Core Competencies
- Strategic Planning, Finance, Procurement, and Third-Party Management
Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
CCISO Exam Information
In order to earn the CCISO, every applicant must pass the exam covering all 5 CCISO domains, regardless of experience in each domain. The exam consists of 150 multiple-choice questions administered over a two and a half hour period. The questions on the exam require extensive thought and evaluation.
About the CCISO Exam
There are three cognitive levels tested on the CCISO exam but only two tested on the EISM exam:
- Level 1 – Knowledge: This cognitive level of questions is used to recall memorized facts. This is the most basic cognitive level rarely accepted on certifications as it merely recognizes the candidate’s ability to memorize information. It can be effectively used when asking for basic definitions, standards, or any concrete fact. This level appears on both the CCISO and EISM exam.
- Level 2 – Application: This cognitive level of questions is used to identify the candidate’s ability to understand the application of a given concept. It differs from Knowledge-based questions in the sense that it requires the understanding and correct applicability of a given concept – not just the concept itself. This type of question often requires additional context before the actual question is provided in the stem. This level appears on both the CCISO and EISM exams.
- Level 3 – Analysis: This cognitive level of questions is used to identify the candidate’s ability to identify and resolve a problem given a series of variables and context. Analysis questions differ greatly from Application based questions in the sense that they require not only the applicability of a concept but also how a concept, given certain constrains can be used to solve a problem. This level appears on the CCISO and not on the EISM exam.
CCISO Course Content
The program focuses on five domains to bring together all the components required for a C-level position. It combines governance, security risk management, controls, audit management, security program management, and operations, information-security core concepts, and strategic planning, finance, and vendor management––skills that are vital to leading a highly successful information security program.
The five domains were mapped in alignment to the NICE Cybersecurity Workforce Framework (NCWF), a national resource that categorizes and describes cybersecurity work, listing common sets of duties and skills needed to perform specific tasks.
The framework consists of seven highly important categories; one of which is “Oversight and Development” and deals with leadership, management, direction, and advocacy. It was upon these requirements that the CCISO program was created, with skill development courses in legal advice and advocacy, strategic planning and policy development, Information Systems Security Operations (ISSO), and Security Program Management (CISO) being 95% related to the NCWF.
