Date(s) - 08/14/14 - 08/17/14
8:00 am - 6:00 pm
Click Location Link above to contact EC-Council Foundation conference staff regarding this course.
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program.
Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
In order to qualify to sit for the CCISO Exam without taking any training, candidates must have five years of experience in each of the 5 CCISO domains verified via the Exam Eligibility Application.
To sit for the exam after taking training, candidates must have five years of experience in three of the five CCISO Domains verified via the Exam Eligibility Application.
Governance (Policy, Legal, and Compliance)
IS Management Controls and Auditing Management
Management – Projects and Operations
Information Security Core Concepts
Strategic Planning and Finance
Waivers for the CCISO are available to Self Study Candidates
|Domain||Professional Certification Waivers||Education Waivers|
|1. Governance (Policy, Legal & Compliance)||CGEIT, CRISC 2 – years||Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years|
|2. IS Management Controls and Auditing Management (Projects, Technology & Operations)||CISA, CISM – 2 years||Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years|
|3. Leadership – Projects & Operations||PMP, ITIL, PM in IT Security – 2 years||Ph.D. Information Security – 3 years, MS Information Security or MS Project Management – 2 years, BS Information Security – 2 years|
|4. Information Security Core Competencies||CISSP, LPT, E|DRP, CIPP, MBCP – 2 years||Ph.D. Information Security – 3 years, MS Information Security – 2 years, BS Information Security – 2 years|
|5. Strategic Planning & Finance||None||CPA, MBA, M. Fin. – 3 years|
Todd Fitzgerald is the Global Director of Information Security for Grant Thornton International, Ltd. and is responsible for providing strategic information security leadership, promoting the establishment of global information security standards, solutions, and best practices for the sake of Grant Thornton member firms supporting 35,000 employees across more than 100 countries.
Todd authored the 2012 book, Information Security Governance Simplified: From the Boardroom to the Keyboard, and co-authored the ISC2 leadership series book entitled CISO Leadership: Essential Principles for Success, along with numerous other chapters for security publications, including the Official ISC2 Guide to the CISSP CBK and the Information Security Handbook Series. His certifications include CISSP, CISA, CISM, CRISC, CGEIT, PMP, ISO27000, CIPP, CIPP/US, and ITILv3f.
(Policy, Legal, and Compliance)
The first Domain of the C|CISO program is concerned with the following:
- Information Security Management Program
- Defining an Information Security Governance Program
- Regulatory and Legal Compliance
- Risk Management
(Projects, Technology, and Operations)
Domain 2 of the CCISO program, one of the cornerstones of any information security program, is concerned with the following:
- Designing, deploying, and managing security controls
- Understanding security controls types and objectives
- Implementing control assurance frameworks
Understanding the audit management process
Domain 3 of the C|CISO program covers the day-to-day responsibilities of a CISO, including:
- The role of the CISO
- Information Security Projects
- Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
Domain 4 of the CCISO program covers, from an executive perspective, the technical aspects of the CISO job including:
- Access Controls
- Physical Security
- Disaster Recovery and Business Continuity Planning
- Network Security
- Threat and Vulnerability Management
- Application Security
- System Security
- Vulnerability Assessments and Penetration Testing
- Computer Forensics and Incident Response
Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:
- Security Strategic Planning
- Alignment with business goals and risk tolerance
- Security emerging trends
- Key Performance Indicators (KPI)
- Financial Planning
- Development of business cases for security
- Analyzing, forecasting, and developing a capital expense budget
- Analyzing, forecasting, and developing an operating expense budget
- Return on Investment (ROI) and cost-benefit analysis
- Vendor management
- Integrating security requirements into the contractual agreement and procurement process
- Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.