Certified Chief Information Security Officer (inclusive of certification exam voucher)
Type
Virtual
Classroom ILT
Skill Level
Available dates
Learning Path
Virtual
Duration
1 Day
TYPE
Virtual
Classroom ILT
LEARNING PATH
SKILL LEVEL
DURATION
AVAILABLE DATES
Choose date
R36 900,00
Price excluding VAT
Introduction
The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavour to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.
The globally renowned Chief Certified Information Security Officer (CCISO) program, spearheaded by EC-Council, has truly revolutionized the capabilities of senior information security professionals worldwide. With unwavering dedication, EC Council harnessed the collective wisdom of a select group of esteemed senior information security executives within our esteemed CCISO Advisory Board. This exceptional panel of seasoned professionals meticulously crafted the program’s bedrock, delineating the comprehensive content encapsulated in the CCISO exam, the body of knowledge, and the training program. Through them invaluable expertise, EC-Council has empowered countless CISOs to excel in the realm of information security.
Professional experience is required for entry into this certification program. Candidates must meet the basic CCISO requirements to take the certification examination.
Audience profile
This course is best suited for professionals who aspire to attain the highest regarded title within the information security profession – Certified Chief Information Security Officer.
CCISOs (Certified Chief Information Security Officer) are certified in the knowledge of and experience in the following CISO Domains:
- Governance, Risk, Compliance
- Information Security Controls and Audit Management
- Security Program Management & Operations
- Information Security Core Competencies
- Strategic Planning, Finance, Procurement, and Third-Party Management
Pre-requisites
There are no formal prerequisites to sit on the course, however, there are prerequisites to be met when taking the CCISO exam.
There are Five CCISO Domains, of which candidates must provide proof that they have 5 years of experience in at least 3 of the 5 domains:
A training course is required is a candidate has 5 years of experience in 3 or 4 of the CCISO domains.
If the candidate has 5 years of experience in all 5 domains the training course is not required.
Experience waivers are available for some industry-accepted credentials and higher education within the field of information security. Waivers can be used for a maximum of 3 years of experience for each domain.
Domain | Experience Waivers |
Governance and Risk Management | PhD in information security
(3 years) |
Master of Science in information security management or information security engineering
(2 years) |
|
Bachelor of Science in information security (2 years) | |
Information security controls, compliance, and audit management | PhD in information security
(3 years) |
Master of Science in information security management or information security engineering
(2 years) |
|
Bachelor of Science in information security (2 years) | |
Security program management and operations | PhD in information security
(3 years) |
Master of Science in information security or Project Management
(2 years) |
|
Bachelor of Science in information security (2 years) | |
Information security core competencies | PhD in information security
(3 years) |
Master of Science in information security
(2 years) |
|
Bachelor of Science in Information security (2 years) | |
Strategic planning, finance, procurement, and vendor management | Certified Public Accountant (CPA) license, Master of Business Administration, or Master of Science in finance
(3 years) |
Course objectives
Upon completing this course, the learner will be able to:
- Define, implement, manage, and maintain an information security governance program that includes leadership, organisational structures, and processes.
- Establish information security management structure
- Assess the major enterprise risk factors for compliance
- Design and develop a program to monitor firewalls and identify firewall configuration issues
- Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools
- Deploy and manage anti-virus systems
- Understand various system-engineering practices
- Identify the volatile and persistent system information
- Develop and manage an organisational digital forensic program
- Identify the best practices to acquire, store and process digital evidence
- Define key performance indicators and measure effectiveness on continuous basis
- Allocate financial resources to projects, processes and units within information security program
- Identify and report financial metrics to stakeholders.
- Design vendor selection process and management policy
Course content
Module 1: Governance (Policy, Legal & compliance) | |
Topic A: Define, Implement, Manage, and Maintain an Information Security Governance Program | |
|
|
|
|
Topic B: Information Security Drivers | |
|
|
|
|
|
|
|
|
|
|
|
|
Topic C: Establishing an information security management structure | |
|
|
|
|
Topic D: Laws/Regulations/Standards as drivers of Organisational Policy/Standards/Procedures | |
|
|
Topic E: Managing an enterprise information security compliance program | |
|
|
|
|
|
|
Topic F: Risk Management | |
|
|
Topic G: Risk mitigation, risk treatment, and acceptable risk | |
|
|
|
|
|
|
|
|
Topic H: Risk Management Frameworks | |
|
|
|
|
|
|
|
|
|
|
Topic I: NIST | |
|
|
|
|
Topic J: Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL) | |
|
|
|
|
|
|
Topic K: Risk management plan implementation | |
|
|
|
|
|
|
|
|
|
|
|
|
Topic L: On-going third-party risk management | |
|
|
Topic M: Risk Management policies and processes | |
Module 2: Security Risk Management, Controls, & Audit Management | |
Topic A: Information Security Controls | |
|
|
Topic B: Compliance Management | |
|
|
|
|
Topic C: Guidelines, Good/Best Practices | |
|
|
Topic D: Audit Management | |
|
|
Module 3: Security Program Management and Operations | |
Topic A: Program Management | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Data Backup and Recovery |
|
|
|
Topic B: Operations Management | |
|
|
|
|
|
|
|
|
|
|
Module 4: Information Security Core Concepts | |
Topic A: Access Control | |
|
|
|
|
|
|
|
|
|
|
Topic B: Physical Security | |
|
|
Physical Location Considerations |
|
|
|
Topic C: Network Security | |
|
|
|
|
|
|
|
|
Topic D: Endpoint Protection | |
|
|
|
|
|
|
|
|
Topic E: Application Security | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Topic G: Encryption Technologies | |
|
|
|
|
|
|
|
|
Topic H: Virtualization Security | |
|
|
|
|
|
|
Topic I: Cloud Computing Security | |
|
|
|
|
|
|
Topic J: Transformative Technologies | |
|
|
|
|
|
|
Module 5: Strategic Planning, Finance, Procurement and Vendor Management | |
Topic A: Strategic Planning | |
|
|
|
|
Topic B: Designing, Developing, and Maintaining an Enterprise Information Security Program | |
|
|
|
|
|
|
|
|
Topic C: Understanding the Enterprise Architecture (EA) | |
|
|
Topic D: Finance | |
|
|
|
|
|
|
Topic E: Vendor Management | |
|
|
|
|
|
|
|
Associated certifications and exam
The exam focuses on scenario-based questions that require applicants to apply their real-world experience to answer the questions successfully. To that end, to qualify to sit for the CCISO Exam, applicants must be approved by EC-Council to verify that they have at least five years of information security management experience in each of the five CCISO domains. Applicants with experience in three or less of the CCISO domains must first complete an Exam Eligibility Application and submit this to EC-Council for approval before attempting the exam
– Exam Eligibility Application.
Upon passing the CCISO exam, candidates will receive their CCISO certificate and associated community privileges. The CCISO certification is valid for 3 years from the date of issuance. After 3 years, members must adhere to the certification renewal policy as outlined in the EC-Council Continuing Education (ECE) requirements.
CCISO Associate Exam Program
Candidates who do not meet 5 years of experience in 3 of the CCISO domains but have 2 or more years of experience in at least 1 domain (or currently hold any one of the CISSP, CISM, and CISA certifications) can participate in the Associate CCISO program. Candidates participating in the Associate CCISO will have the opportunity to attend the same training as our CCISO candidates and learn the job requirements of a security executive so they can plan their careers to meet their career goals of security industry leadership. CCISO training is mandatory for all Associate CCISO candidates prior to taking the Associate CCISO examination.
Exam Details | CCISO Exam | Associate CCISO Exam |
Exam Title | EC-Council Certified Chief Information Security Officer (CCISO) | EC-Council Associate CCISO Certification |
Number of Questions/Practical Challenges | 150 Questions | 150 Questions |
Test Duration | 2.5 Hours | 2 Hours |
Test Format | Scenario-based multiple-choice questions | Multiple- choice questions |
Test Delivery | ECC EXAM portal | |
Availability | ||
Exam Prefix | 712-50 (ECC Exam) | |
Passing Score | 60% – 85%, depending on the exam form | 70% |
On successful completion of this course students will receive a Torque IT attendance certificate
Note:
When you attend any authorised EC Council training course at Torque IT you will receive the associated examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorised EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your examination voucher into a Pearson VUE examination voucher (Remote Procuring Services), at an additional cost.
EC-Council Overview
To beat a hacker, you need to think like one…
Ethical Hacking is the process of proactively penetrating systems, to which one has official permission to do so, with a view to determining whether vulnerabilities exist and then to undertake the necessary preventive, corrective, and protective countermeasures before an actual compromise to the systems can occur.
Torque IT’s authorised EC-Council training, and associated certification, solutions empower you to identify vulnerabilities and to assess the security posture of target systems. EC-Council certifications are universally recognised as demonstrating a high level of expertise and credibility for individuals and the organisations that employ them.
Torque IT being an EC-Council Accredited Training Center (ATC) has been the recipient of EC-Council’s most prestigious ATC of the year awards for 2016, 2014 and EC-Council’s Circle of Excellence Awards for 2015.
These achievements reflect our commitment to providing you with quality skills development, enablement, training, and certification solutions that demonstrate exceptional quality, depth and breadth.