EC-Council has introduced a US government scholarship program to ensure that budgetary constraints don’t stand in the way of you taking the next step in your career to join the growing ranks of Certified CISOs.
EC-Council’s Certified CISO (CCISO) Program has been helping information security professionals take their careers to the next level since 2012. Join the ranks of infosec managers making the leap to executive infosec leadership with live CCISO Training.
Government employees in particular can benefit from the CCISO Program as it maps to the NICE framework. All of the following government agencies have CCISOs in their ranks.
How ready are you to lead an information security program according to today’s rigorous compliance, risk management, governance, policy, and strategic requirements? Take the short assessment below to find out how prepared you are.
Test Your Skills!
EC-Council is offering 5 partial scholarship seats to government employees for $1,999 (regular price $3,499). After the 5 seats have been filled, government employees still get 30% off.
Keyaan Williams, Senior Executive Instructor, CCISO, is both a seasoned information security executive as well as an experienced educator. He is currently serving as Director of the International Board of Directors of ISSA. His previous positions include serving as a Faculty Member at the University of Business and Management for the University of Phoenix and the Global Director of Information Security for the CDC in Atlanta. Keyaan brings a passion for information security as well as education to his role as Senior Executive Instructor for the CCISO Program. His areas of speciality include vendor and third party risk management, organizational culture and its influence on the perceived value of security, information security policy and strategy, risk management, regulatory compliance, project management, disaster recovery and business continuity planning, cloud security, security awareness, and especially, mentoring and developing security professionals.
Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
In order to qualify to sit for the CCISO Exam without taking any training, candidates must have five years of experience in each of the 5 CCISO domains verified via the Exam Eligibility Application.
To sit for the exam after taking training, candidates must have five years of experience in three of the five CCISO Domains verified via the Exam Eligibility Application.
Governance (Policy, Legal, and Compliance)
IS Management Controls and Auditing Management
Management – Projects and Operations
Information Security Core Concepts
Strategic Planning and Finance
Waivers for the CCISO are available to Self Study Candidates
|Domain||Professional Certification Waivers||Education Waivers|
|1. Governance (Policy, Legal & Compliance)||CGEIT, CRISC 2 - years||Ph.D. Information Security - 3 years, MS Information Security Management, MS Information Security Engineering - 2 years, BS Information Security - 2 years|
|2. IS Management Controls and Auditing Management (Projects, Technology & Operations)||CISA, CISM - 2 years||Ph.D. Information Security - 3 years, MS Information Security Management, MS Information Security Engineering - 2 years, BS Information Security - 2 years|
|3. Leadership - Projects & Operations||PMP, ITIL, PM in IT Security - 2 years||Ph.D. Information Security - 3 years, MS Information Security or MS Project Management - 2 years, BS Information Security - 2 years|
|4. Information Security Core Competencies||CISSP, LPT, E|DRP, CIPP, MBCP - 2 years||Ph.D. Information Security - 3 years, MS Information Security - 2 years, BS Information Security - 2 years|
|5. Strategic Planning & Finance||None||CPA, MBA, M. Fin. - 3 years|
(Policy, Legal, and Compliance)
The first Domain of the C|CISO program is concerned with the following:
- Information Security Management Program
- Defining an Information Security Governance Program
- Regulatory and Legal Compliance
- Risk Management
(Projects, Technology, and Operations)
Domain 2 of the CCISO program, one of the cornerstones of any information security program, is concerned with the following:
- Designing, deploying, and managing security controls
- Understanding security controls types and objectives
- Implementing control assurance frameworks
Understanding the audit management process
Domain 3 of the C|CISO program covers the day-to-day responsibilities of a CISO, including:
- The role of the CISO
- Information Security Projects
- Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
Domain 4 of the CCISO program covers, from an executive perspective, the technical aspects of the CISO job including:
- Access Controls
- Physical Security
- Disaster Recovery and Business Continuity Planning
- Network Security
- Threat and Vulnerability Management
- Application Security
- System Security
- Vulnerability Assessments and Penetration Testing
- Computer Forensics and Incident Response
Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:
- Security Strategic Planning
- Alignment with business goals and risk tolerance
- Security emerging trends
- Key Performance Indicators (KPI)
- Financial Planning
- Development of business cases for security
- Analyzing, forecasting, and developing a capital expense budget
- Analyzing, forecasting, and developing an operating expense budget
- Return on Investment (ROI) and cost-benefit analysis
- Vendor management
- Integrating security requirements into the contractual agreement and procurement process
- Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.