Certified Chief Information Security Officer | CCISO Certification
Certified Chief Information Security Officer | CCISO Certification
The Certified Chief Information Security Officer (CCISO) program is designed to develop and validate the executive leadership, strategic, and governance skills required of modern CISOs. Unlike purely technical certifications, CCISO focuses on aligning cybersecurity programs with business objectives, regulatory requirements, and enterprise risk management.
Built by CISOs, for CISOs, this program prepares security leaders to operate effectively at the executive and board level.
Everyone learns differently, so we offer on-demand, live, and several other options to customize your training based on your learning style. Build your package below.
Single On-Demand
Certification Course
Starting at
$1,999
Single Live Online
Certification Course
Starting at
$2,799
Most Popular
Unlimited On-Demand
Certification Courses
Starting at
$3,999
Have
Questions?
Call us at
1-888-330-HACK
About the Certified Chief Information Officer (CCISO) Course
The CCISO Certification is an industry-leading, security certification program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful information security program. The job of the CISO is far too important to be learned by trial and error. Executive-level management skills are not areas that should be learned on the job.
The material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
Program Format
- Instructor-led or self-paced learning options
- Real-world case studies and executive scenarios
- Practical, outcome-focused instruction
- Certification exam aligned to real CISO responsibilities
Course Outline
Domain 1: Governance, Risk Management, Security, Compliance, Privacy, and Audit
Focuses on building a defensible, auditable, and business-aligned security program.
Key topics include:
- Information security governance frameworks and operating models
- Enterprise risk management concepts and methodologies
- Risk assessments, treatment options, and risk acceptance
- Security controls, control catalogs, and lifecycle management
- Compliance and regulatory drivers (global, industry, and privacy)
- Audit planning, execution, remediation, and reporting
- Zero Trust, cloud security, and emerging regulatory considerations
Domain 2: Organizational Executive Leadership
Develops the leadership and interpersonal skills required of effective CISOs.
Key topics include:
- CISO roles, responsibilities, and organizational placement
- Executive and board-level communication
- Leadership styles, ethics, and decision-making frameworks
- Building and leading high-performance security teams
- Organizational culture, influence, and change management
- Managing executive expectations and accountability
Domain 3: Information Security Controls, Program Management, and Operations
Covers how CISOs design, implement, and operate security programs at scale.
Key topics include:
- Security program architecture and operating models
- Security operations, incident response, and resilience planning
- Control design, implementation, and monitoring
- Security metrics, KPIs, and reporting
- Incident management, disaster recovery, and business continuity
- Integration of security into enterprise operations
Domain 4: Information Security Core Competencies
Addresses the foundational technical knowledge required of CISOs to lead effectively. Key topics include:
- Identity and access management (IAM)
- Network, endpoint, cloud, and application security
- Vulnerability management and threat intelligence
- Cryptography and key management
- Incident response and digital forensics
- Security frameworks and best practices
Domain 5: Strategic Planning, Finance, Procurement, and Third-Party Management
Equips CISOs with the business and financial skills needed to manage security as a function. Key topics include:
- Strategic security planning and roadmapping
- Budgeting, cost-benefit analysis, and ROI
- Security investment evaluation and prioritization
- Vendor and third-party risk management
- Contract security requirements and oversight
- Communicating program value to stakeholders
Who Should Attend
By completing the CCISO program, participants will be able to:
Lead enterprise-wide information security programs aligned to business strategy
- Current and aspiring CISOs
- Security Directors and Senior Managers
- Heads of Information Security and Risk
- Consultants advising on cybersecurity strategy
- IT leaders transitioning into executive security roles
What You’ll Learn
By completing the CCISO program, participants will be able to:
Lead enterprise-wide information security programs aligned to business strategy
- Communicate cyber risk effectively to executive leadership and boards
- Govern security, privacy, risk, compliance, and audit functions
- Manage security operations, teams, budgets, and vendors
- Apply core security principles in real-world executive decision making
Meet Your Instructor
What Our Students Say
Minimum Requirements
In order to qualify to sit for the CCISO Exam without taking any training, candidates must have five years of experience in each of the 5 CCISO domains verified via the Exam Eligibility Application.
To sit for the exam after taking training, candidates must have five years of experience in three of the five CCISO Domains verified via the Exam Eligibility Application.
Waivers for the CCISO are available to Self-Study Candidates
| Domain | Education Waivers |
| 1. Governance and Risk Management | Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years |
| 2. Information Security Controls, Compliance, and Audit Management | Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years |
| 3. Security Program Management & Operations | Ph.D. Information Security – 3 years, MS Information Security or MS Project Management – 2 years, BS Information Security – 2 years |
| 4. Information Security Core Competencies | Ph.D. Information Security – 3 years, MS Information Security – 2 years, BS Information Security – 2 years |
| 5. Strategic Planning, Finance, Procurement, and Vendor Management | CPA, MBA, M. Fin. – 3 years |
About the Exam
There are three cognitive levels tested on the CCISO exam.
- Level 1 – Knowledge: This cognitive level of questions is used to recall memorized facts. This is the most basic cognitive level rarely accepted on certifications as it merely recognizes the candidate’s ability to memorize information. It can be effectively used when asking for basic definitions, standards or any concrete fact.
- Level 2 – Application: This cognitive level of questions is used to identify the candidate’s ability to understand the application of a given concept. It differs from Knowledge based questions in the sense that it requires the understanding and correct applicability of a given concept – not just the concept itself. This type of question often quires additional context before the actual question is provided in the stem.
- Level 3 – Analysis: This cognitive level of questions is used to identify the candidate’s ability to identify and resolve a problem given a series of variables and context. Analysis questions differ greatly from Application based questions in the sense that they require not only the applicability of a concept but also how a concept, given certain constrain can be used to solve a problem.
Passing Score
In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.
Exam Details
Number of Questions: 150
Test Duration: 2.5 Hours
Test Format: Multiple Choice
Test Delivery: ECC Exam Portal
- Director, Chief Information Security Officer (CISO), Google Cloud
- Deputy CISO
- VP & Chief Information Security Officer
- Chief Information Security Officer (VP)
- System Dir, Info Sys. Security – CISO
- Chief Privacy Officer
- Associate Vice President and Chief Information Security Officer
- Chief Security Officer
- CIO COO
- Assistant Executive Director – Chief Information Security Officer
- CISO Threat Intel
- Chief Technical Officer (CTO)
- Chief Data Officer
- VP, Information Security
- Information Security Officer
- Chief Compliance Officer
- Senior Cyber Security CIO SME
- Regional Chief Information Officer
About OhPhish
OhPhish is a great way for CCISOs to jumpstart the security awareness programs at their companies at no cost. OhPhish is a simple and user-friendly solution for driving phishing simulations and online trainings. Launching phishing simulations is made easy through pre-existing phishing templates and connectors for authoritative identity repositories (like Active Directory). The solution not only sends customized emails and campaigns, but also tracks responses and actions (like clicking links or opening attachments) in real time, giving trends as well as detailed reports by user, department, or other key demographics.
Think you’re ready?
Have questions?
