1 - Domain 1 – Governance (Policy, Legal, and Compliance)
Information Security Management ProgramDefining an Information Security Governance ProgramRegulatory and Legal ComplianceRisk Management
2 - IS Management Controls and Auditing Management
Designing, deploying, and managing security controlsUnderstanding security controls types and objectivesImplementing control assurance frameworksUnderstanding the audit management process
3 - Domain 3 of the C|CISO program covers the day-to-day responsibilities of a CISO, including
The role of the CISOInformation Security ProjectsIntegration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
4 - Domain 4 of the CCISO program covers, from an executive perspective, the technical aspects of the CISO job including:
Access ControlsPhysical SecurityDisaster Recovery and Business Continuity PlanningNetwork SecurityThreat and Vulnerability ManagementApplication SecuritySystem SecurityEncryptionVulnerability Assessments and Penetration TestingComputer Forensics and Incident Response
5 - Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:
Security Strategic PlanningAlignment with business goals and risk toleranceSecurity emerging trendsKey Performance Indicators (KPI)Financial PlanningDevelopment of business cases for securityAnalyzing, forecasting, and developing a capital expense budgetAnalyzing, forecasting, and developing an operating expense budgetReturn on Investment (ROI) and cost-benefit analysisVendor managementIntegrating security requirements into the contractual agreement and procurement processTaken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.
Actual course outline may vary depending on offering center. Contact your sales representative for more information.
Who is it For?
This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems.
Candidates interested in earning the C|CISO Certification must qualify via EC-Council’s Exam Eligibility application before sitting for the C|CISO Exam. Only students with at least five years of experience in three of the five domains are permitted to sit for the C|CISO Exam. Any student who does not qualify to sit for the exam or who does not fill out the application will be permitted to take the EC-Council Information Security Manager (EISM) exam and earn that certification. EISMs may then apply for the CCISO Exam once they have achieved the required years of experience.