The Certified CISO (CCISO) Program is an elite program designed to produce top-level information security leaders by concentrating on both technical skills and information security management strategies by the executive management’s goals. CCISO arms information security executives with the right weapons to prevent possible cyber-attacks from arising and harming an organization. To become a CISO, one must have the technical knowledge and must incorporate specific skills such as building and maintaining organization’s aims and strategy. The program was developed with the enthusiastic CISO in mind, focusing on the most critical aspects of an information security program.
The foundation and outline of the CCISO program comprise three elements—Training, Body of Knowledge, and the CCISO exam—made by a core group of high-level information security executives, the CCISO Advisory Board, exam writers, quality checkers, and trainers.
What is the Role of Chief Information Security Officer(CISO)?
The CISO is a business's senior-level information security manager, who develops and manages an information security strategy to address rising threats in the cyber world in association with a business’ objective. They play an essential role in creating and leading a team of technical professionals to defend organizations by decreasing cyber-risks, reacting to incidents, building controls, and establishing and implementing policies and systems.
What Does the CCISO Program Teach?
The program concentrates on five domains to bring together all the elements required for a C-Level position. It connects governance, security risk management, controls, audit management, security program management and operations, information-security core notions, and strategic planning, finance, and vendor management skills that are essential to leading a hugely successful information security program.
The five domains were mapped in association to the NICE Cybersecurity Workforce Framework (NCWF), a national resource that classifies and defines cybersecurity work, listing common sets of functions and skills needed to perform specific tasks.
The framework consists of seven highly essential categories; one of which is “Oversight and Development” and deals with leadership, management, direction, and support. It was upon these demands that the CCISO program was created, with skill development courses in legal advice and support, strategic planning and policy development, Information Systems Security Operations (ISSO), and Security Program Management (CISO) being 95% similar to the NCWF.
Five Domains of CCISO Program
The CCISO Body of Knowledge was addressed by CISOs for coming to CISOs and gives in-depth knowledge of the five domains that are crucial for a CISO. These five domains concentrate on technical education, as well as information-security management principles, from a managerial point of view.
Domain 1: Governance and Risk Management (Policy, Legal, and Compliance)
This domain includes structured planning, aligning information security requirements and business needs, leadership and management skills in agreement with cybersecurity and organizational laws and acts, examining the latest information security changes, trends, and best practices, and report writing.
Domain 2: Information Security Controls, Compliance, and Audit Management
This domain includes information-security management controls: analyzing, designing, identifying, implementing, and managing information system controls’ process to decrease risks, and test controls and produce detailed reports. It also covers auditing management: understanding the process, applying principles, skills, and procedures, executing and evaluating results, interpret the results, and develop new methods.
Domain 3: Security Program Management & Operations
This domain includes project development, planning, implementation, and budgeting, acquiring, developing, and maintaining information-security project teams, assigning tasks and training, managing teams, ensuring teamwork and communication, evaluating the project to ensure that it aligns with business requirements. Achieves optimal system performance, and ensuring that changes to the existing information system processes are made promptly.
Domain 4: Information Security Core Competencies
This domain includes designing, implementing, and ensuring proper plans for access control, risk management, phishing attacks, identification of theft, physical security, disaster recovery, business continuity plans, firewalls, IDS/IPS and network defense systems, wireless security, virus, Trojans and malware threats, secure coding best practices and securing web applications, hardening OS, encryption technologies, and computer forensics and incident response.
Domain 5: Strategic Planning, Finance, Procurement, and Vendor Management
Design, develop, and maintain enterprise information-security architecture (EISA), perform external and internal analysis of the organization, design a strategic plan that will enable business growth, acquire and manage resources based on an operational budget, and understand other business financial requirements.
These five domains are not restricted to the information above. You can learn more about the areas here.
Why to Choose CCISO?
Accredited by ANSI
EC-Council has been approved by the American National Standards Institute (ANSI) for its CCISO certification program. It is one of the several certification bodies whose primary specialization is information security to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard.
Designed by the Experts
The CCISO Advisory committee is comprised of functioning CISOs who created the program based on their day-to-day activities—based on both technical and management firms. The board is made up of security leaders from Amtrak, HP, the City of San Francisco, Lennar, the Center for Disease Control, universities, and consulting firms who have shared their vast knowledge to create this program to address the lack of leadership training in information security.
Focuses on C-Level Management through the Five Domains
By concentrating on these five domains, EC-Council not only assures that their beliefs align with those of the NCWF, but also meet the demands of businesses and organizations around the world.
Bridges the Gap between Technical Knowledge, Executive Management, and Financial Management
The CCISO program does not end at the technical features required, but increases to executive management and financial management, both of which are essential to leading a healthy information security program. It concentrates on the application of technical knowledge rather than technical information, which is related to a chief information security officer’s daily tasks. Information security administrators can rise through the professional ranks but must learn executive-level management, strategic planning, financial management, and organizational abilities to reach a C-Level position.
Recognizes the Importance of Real-World Experience
To reach a C-Level job, an information security officer must have prior knowledge to gain a holistic view of what to expect while in the area. With this in mind, the CCISO program consists of many real-world happenings faced by modern CISOs around the world.
The CCISO exam also examines students to develop a business succession plan for a company in a given industry and situation, use metrics to communicate risk for different audiences, and describes how to align security programs with the goals of the business––among many other exercises.
One Step beyond Other Certifications
What is it?
The CCISO is for information security executives trying to be CISOs through improving their skills and learning to align information security programs with business goals and objectives. This program also supports existing CISOs to enhance their technical and management skills, as well as business procedures.
Who can Qualify for CCISO?
The CCISO certification is not an entry-level program. To qualify for the program and examination, you must have a minimum of 5 years of prior experience in at least three of the five domains.
Candidates who do not meet the requirements for the CCISO program can attend the EC-Council Information Security Management (EISM) certification.
Test your knowledge to know if you’re ready for the CCISO exam.
The CCISO exam consists of 150 multiple choice questions that are given over two and a half hours. The questions are based on the experience of the five domains and require extensive thought and evaluation. The score necessary to achieve the CCISO certification is a minimum of 75%.