CertifiedChief InformationSecurity Officer-C|CISO

Certified Chief Information Security Officer C|CISO

EC-Council’s Chief Certified Information Security Officer (CCISO) program has empowered information security professionals across the globe. EC-Council developed the CCISO certification by leveraging the knowledge of a core group of deeply experienced information security executives within our CCISO Advisory Board. These seasoned professionals built the program’s foundation and outlined the content covered in the CCISO exam, body of knowledge, and training program.

Members of the Board contributed as authors, exam writers, and instructors. They also provided continuous quality assurance through periodic materials reviews. Each segment of the CCISO Program was developed in order to move a security professional’s career into the realm of executive leadership.

Through the CCISO program, EC-Council will transfer the knowledge of experienced professionals to you, the next generation of leadership, by focusing on the most critical competencies required to develop and maintain a successful information security portfolio. The CCISO program is a first-ofits-kind training and certification course that aims to produce cybersecurity executives of the highest caliber and ethics. The CCISO curriculum—developed by security executives for current and aspiring executives—provides an upper management viewpoint that incorporates information security management principles, business acumen, and general technical knowledge.

Professional experience is required for entry into this certification program. Candidates must meet the basic CCISO requirements in order to take the certification examination.

The Five C|CISO Domains

CCISOs exhibit their knowledge and experience in the following domains:

Governance and risk
management (policy, legal, and compliance)

Information security
controls, compliance, and audit management

Security program
management and
operations

Information
security core
competencies

Strategic planning,
finance, procurement,
and vendor management

Who Needs the CCISO Program?

The CCISO certification is designed for information security professionals who want to advance their careers as a CISO or other executive-level security career path. In the CCISO program, cybersecurity leaders hone their knowledge and learn how to integrate information security initiatives with needs of the business by aligning to the critical goals and objectives of an organization. Existing CISOs are also encouraged to participate in this program to strengthen their security program knowledge, understand current technology principles, and sharpen their business insight.

CCISO Certification Exam Eligibility

To take the CCISO examination, candidates must provide proof that they have 5 years of experience in at least 3 of the 5 domains. A training course is required if a candidate has 5 years of experience in 3 or 4 of the CCISO domains. If the candidate has 5 years of experience in all 5 domains the training course is not required. Experience waivers are available for some industry-accepted credentials and higher education within the field of information security. Waivers can be used for a maximum of 3 years of experience for each domain. Please see the chart (below) for additional information.

Upon passing the CCISO exam, candidates will receive their CCISO certificate and associated community privileges. The CCISO certification is valid for 3 years from the date of issuance. After 3 years, members must adhere to the certification renewal policy as outlined in the ECCouncil Continuing Education (ECE) requirements.

DOMAIN	EXPERIENCE WAIVERS
Governance and risk management	PhD in information security (3 years) Master of Science in information security management or information security engineering (2 years) Bachelor of Science in information security (2 years)
Information security controls, compliance, and audit management	PhD in information security (3 years) Master of Science in information security management or information security engineering (2 years) Bachelor of Science in information security (2 years)
Security program management and operations	PhD in information security (3 years) Master of Science in information security or project management (2 years)

DOMAIN

EXPERIENCE WAIVERS

Governance and risk management

PhD in information security (3 years)
Master of Science in information security management or information security engineering (2 years)
Bachelor of Science in information security (2 years)

Information security controls, compliance, and audit management

PhD in information security (3 years)
Master of Science in information security management or information security engineering (2 years)
Bachelor of Science in information security (2 years)

Security program management and operations

PhD in information security (3 years)
Master of Science in information security or project management (2 years)