Certified Chief Information Security Officer (CCISO)

  1. Home
  2. Trainings
  3. Certified Chief Information Security Officer (CCISO)

Certified Chief Information Security Officer (CCISO)

CISO, or Chief Information Security Officer, is an established top-level executive position in the industry, similar to CEO or CTO. CISO is the highest-level executive in an organization charged with information security. With the increasing awareness of digital information as an asset in the industry at large, the demand for CISOs across organizations is on a rise. The CISOs focus on the core areas pertaining to information security in an enterprise and lead the IS program.

The CCISO certification training is aimed at providing the learners with comprehensive knowledge and skills regarding the information security domain. The Chief Information Security Officer Certification Training covers vital areas such as policy setting, project management, audit management, executive strategy, contract management, and financial expertise. These areas of knowledge are essential for leading a successful IS program. The CCISO certification validates the competence of a professional in handling the top-level executive tasks and in effectively leading an information security program. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

Target Audience

  • Network Engineers with security specialization
  • Experienced IT Professionals engaged in information security management
  • Those who perform CISO functions, but don’t have an official title
  • All the professionals who aspire to reach top-level position in information security profession

Pre-Requisite

  • Candidates must have 3 - 5 years of experience in the 5 core CCISO domains  

CCISO Course Content 

Domain 1: Governance (Policy, Legal, and Compliance)

  • Information Security Management Program
  • Defining an Information Security Governance Program
  • Regulatory and Legal Compliance
  • Risk Management

Domain 2: IS Management Controls and Auditing Management

  • Designing, deploying, and managing security controls
  • Understanding security controls types and objectives
  • Implementing control assurance frameworks
  • Understanding the audit management process

Domain 3: Security Program Management & Operations

  • The role of the CISO
  • Information Security Projects
  • Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)

Domain 4: Information Security Core Concepts

  • Access Controls
  • Physical Security
  • Disaster Recovery and Business Continuity Planning
  • Network Security
  • Threat and Vulnerability Management
  • Application Security
  • System Security
  • Encryption
  • Vulnerability Assessments and Penetration Testing
  • Computer Forensics and Incident Response

Domain 5: Strategic Planning, Finance, & Vendor Management

  • Security Strategic Planning
  • Alignment with business goals and risk tolerance
  • Security emerging trends
  • Key Performance Indicators (KPI)
  • Financial Planning
  • Development of business cases for security
  • Analyzing, forecasting, and developing a capital expense budget
  • Analyzing, forecasting, and developing an operating expense budget
  • Return on Investment (ROI) and cost-benefit analysis
  • Vendor management
  • Integrating security requirements into the contractual agreement and procurement process

Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.