This course provides a review of topics and exam preparation for the Certified Chief Information Security Officer (C|CISO) certification. The C|CISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. The Certified CISO (C|CISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The C|CISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.
In this course students prepare for the C|CISO exam by studying and understanding the 5 Domains:
- Domain 1: Governance (Policy, Legal & Compliance)
- Domain 2: IS Management Controls and Auditing Management
- Domain 3: Management – Projects and Operations (Projects, Technology & Operations)
- Domain 4: Information Security Core Competencies
- Domain 5: Strategic Planning & Finance
In addition, the application and testing process for the C|CISO and EISM (Associate CISO) as well as key topics on the exam will be covered.
- Information Security Management Program
- Defining an Information Security Governance Program
- Regulatory and Legal Compliance
- Risk Management
IS Management Controls and Auditing Management
- Designing, deploying, and managing security controls
- Understanding security controls types and objectives
- Implementing control assurance frameworks
- Understanding the audit management process
Management - Projects and Operations
- The role of the CISO
- Information Security Projects
- Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
Information Security Core Competencies
- Access Controls
- Physical Security
- Disaster Recovery and Business Continuity Planning
- Network Security
- Threat and Vulnerability Management
- Application Security
- System Security
- Vulnerability Assessments and Penetration Testing
- Computer Forensics and Incident Response
Strategic Planning and Finance
- Security Strategic Planning
- Alignment with business goals and risk tolerance
- Security emerging trends
- Key Performance Indicators (KPI)
- Financial Planning
- Development of business cases for security
- Analyzing, forecasting and developing a capital expense budget
- Analyzing, forecasting, and developing an operating expense budget
- Return on Investment and cost-benefit analysis
- Vendor Management
- Integrating security requirements into the contractual agreement and procurement process
In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISOrequirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
Candidates who do not yet have 5 years of information security experience in at least 3 of the 5 CCISO Domains can still pursue a management certification to help propel their careers and put them on fast track toward obtaining the CCISO. EISM students must attend training – the same CCISO training that upper level executives attend – before attempting the EISM exam. There are no experience requirements for this exam. The courseware and training programs are exactly the same as those of the CCISO program. Imagine being able to push your new information security career forward using the same resources as seasoned professionals. That’s what the EISM program does. The EISM exam is a light version of the CCISO exam and tests the fundamentals of information security management.
The EISM Exam is based on the same bank of questions as the CCISO exam – questions written by CISOs for current and aspiring CISOs. The difference is, there are scenario-based questions that require years of on the job experience to answer on the CCISO exam. These are omitted from the EISM exam and only the basic information security management questions remain.
The EISM exam:
· 150 questions
· 2 hour time limit
· Multiple choice
· 70% is the minimum passing score
All EISM students must take EC-Council official training before sitting for the EISM exam.
Duration30 Hours | 5 Days or 10 Nights
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.