We are inviting EC-Council certified CCT members to be a part of the CCT Scheme Committee. Click here for more details.

Chief Information Security Officer

EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.

The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.

What is the role of a certified Chief Information Security Officer(CISO)?

The CISO position emerged worldwide as a designation of executive leaders who can address the emerging threats to information security by developing and maintaining a tough information security strategy. CISOs – with the experience, leadership, communication skills and innovative strengths are born to resolve the ever-growing information security threats. The CISO of tomorrow will play a vital role in creating effective and efficient processes and will lead a team of technically skilled professionals to defend the core interests of their organization.

Become a Chief Information Security Officer

Today’s world is one of constant and instant information exchange. Organizations, be it private businesses or government bodies, rely on sophisticated computer databases and networks to share digital information on a daily basis with their subsidiaries, branches, partners, clients, employees, and other stakeholders. However, years of information security incidences and the onslaught of the recent cyber-attacks prove that digital data can be easily compromised. Organizations therefore, are increasingly in need of a new set of skills and processes to ensure the security of information at a scale that will be required tomorrow.

If your aspiration is to have the highest regarded title within the information security profession – CISO, if you already have earned the role of a CISO, or if you are currently playing the role of a CISO in your organization without the official title, the CISO designation is the recognition of your knowledge and achievements that will award you with professional acknowledgement and propel your career.

Achieving the CCISO Certification will differentiate you from others in the competitive ranks of senior Information Security Professionals. CCISO will provide your employers with the assurance that as a CCISO executive leader, you possess the proven knowledge and experience to plan and oversee Information Security for the entire corporation.

Certification Target Audience

CCISOs are certified in the knowledge of and experience in the following CISO Domains:

  • Governance, Risk, Compliance
  • Information Security Controls and Audit Management
  • Security Program Management & Operations
  • Information Security Core Competencies
  • Strategic Planning, Finance, Procurement, and Third-Party Management
Clause: Age Requirements and Policies Concerning Minors

The age requirement for attending the training or the exam is restricted to any candidate that is permitted by his/her country of origin/residency.

If the candidate is under the legal age as permitted by his/her country of origin/residency, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center/EC-Council a written consent/indemnity of their parent/legal guardian and a supporting letter from their institution of higher learning. Only candidates from a nationally accredited institution of higher learning shall be considered.

Disclaimer: EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.

CCISO Exam Details

CCISO Exam Details
Duration 2.5 Hours
Questions 150
Hand Book Blue Print

For more information, please click here.

Passing Criteria:

In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only have academic rigor but also have "real world" applicability. We also have a process to determine the difficulty rating of each question . The individual rating then contributes to an overall "Cut Score" for each exam form. To ensure each form has equal assessment standards, cut scores are set on a "per exam form" basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

FAQs:

What is the CCISO Program?
The Certified Chief Information Security Officer program is the first of its kind certification that recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organizational goals. C|CISO equips information security leaders with the most effective toolset to defend organizations from cyber-attacks. To rise to the role of the CISO, strong technical knowledge, and experience is more imperative now than ever before but it must be accompanied by the ability to communicate in business value. C|CISOs understand that their information security decisions often have a direct impact on their organization's operational cost, efficiency, and agility. As organizations introduce new technologies, C|CISOs will develop and communicate a strategy to avoid the potential risks stemming from their implementation to the organization's operations.
How do I apply for the CCISO Exam?
How long does it take to process the CCISO Exam Eligibility Application?
What are the five CCISO Domains?
The five CCISO Domains are:
  • Domain 1 - Governance, Risk, Compliance
  • Domain 2 - Information Security Controls and Audit Management
  • Domain 3 - Security Program Management & Operations
  • Domain 4 - Information Security Core Competencies
  • Domain 5 - Strategic Planning, Finance, Procurement, and Third-Party Management
Five years of experience is required in each of the five CCISO Domains (self-study). Does that mean 25 years of experience is required?
No! In most high-level information security management jobs, each of the 5 CCISO Domains is part of each day. The five years can and usually do overlap.
What if I don’t have five years of experience in three of the five CCISO domains? Does that mean I can’t take the CCISO training?
No! If you do not meet the minimum requirements for the CCISO Exam, that doesn’t mean you can’t take training. Anyone can take the CCISO course, but only those who qualify to take the CCISO Exam will be issued an exam voucher. Students who do not have the years required can take the EC-Council Information Security Manager (EISM) exam after CCISO training.
What is the EC-Council Information Security Manager (EISM) program?
The EISM program allows students who are not yet qualified to sit for the CCISO exam to take the training course and attain an EC-Council certification. EISMs may apply for the CCISO Exam once they have acquired the years of experience. The eligibility application fee is waived and EISMs will receive a 50% discount from the normal CCISO Exam price.
What are the EC-Council Authorized Training options?
CCISO training is available at:
How do I know if C|CISO is for me?

C|CISO is the right choice for you and your career if you:

  • Aspire to attain the highest regarded title within the information security profession – CISO.
  • Already serve as an official CISO
  • Or perform CISO functions in their organization without the official title.
I am an HR manager. Why should I hire a C|CISO?
C|CISO will give you assurance that the certified professional possesses the necessary skills to identify factors that pose risk to the successful operation of your organization and develop and implement technical, operational, and procedural safeguards to manage those risk factors. C|CISOs are the leadership force that will protect your organization from unwanted and costly security breaches by designing information security programs and leading a team of information security professionals.
What do I need to do to renew my certification?
To renew your certification you must satisfy the Continuing Education requirements and remit a renewal fee of $100.00 (USD).
I have more questions.
We would love to help! Contact us at [email protected] or +1-505-341-3228 for answers!