About the course
About the Program
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.
In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
Why should you consider the CCISO program?
The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security.
Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
NICE Framework
The NICE Cybersecurity Workforce Framework (NCWF)(link is external) NIST Special Publication 800-181, is a national resource that categorizes and describes cybersecurity work.The NCWF provides employers, employees, educators, students, and training providers with a common language to define cybersecurity work as well as a common set of tasks and skills required to perform cybersecurity work.
EC-Council has mapped the domains of CCISO to the NCWF in the following document.
Training
This option is open to anyone interested in taking CCISO training. Official CCISO Training is required for applicants who do not meet the requirement for self-study (above). Once training has been completed, applicants who would like to sit for the CCISO Exam will be required to fill out and return the Exam Eligibility Application proving that in addition to the the training, they also have 5 years of IS management experience in 3 of the 5 CCISO Domains. Once that application has been approved, instructions for purchasing a Pearson VUE voucher will be issued. Applicants who do not meet these requirements have the option of sitting for the EC-Council Information Security Manager (E|ISM) exam as part of the Associate CCISO Program.
The Associate CISO Program
This option is available to candidates who do not yet possess the required years of experience for either the self-study or training options. Associate CCISOs may sit for official CCISO training and then take and pass the EC-Council Information Security Manager (EISM) exam to enter the program at the associate level. Once the requisite years of experience have been completed, Associate CCISOs may take the full CCISO exam and earn the full certification at a discounted price.
About the EISM Program
Candidates who do not yet have 5 years of information security experience in at least 3 of the 5 CCISO Domains can still pursue a management certification to help propel their careers and put them on fast track toward obtaining the CCISO. EISM students must attend training – the same CCISO training that upper level executives attend – before attempting the EISM exam. There are no experience requirements for this exam. The courseware and training programs are exactly the same as those of the CCISO program. Imagine being able to push your new information security career forward using the same resources as seasoned professionals. That’s what the EISM program does. The EISM exam is a light version of the CCISO exam and tests the fundamentals of information security management.
About the Exam
Please see the exam blueprint. In order to earn the CCISO, every applicant must pass the exam covering all 5 CCISO domains, regardless of experience in each domain. The exam consists of 150 multiple-choice questions administered over a two and a half hour period. The questions on the exam require extensive thought and evaluation.
Exam Format : Multiple Choice
- Total number of questions : 150
- Exam duration : 2.5 Hours
Passing Score
In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.