CCISO

EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training.

Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers.

Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.

The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives.

The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

Key features in CCISO:

• Define, implement, and manage an information security governance program that includes leadership, organizational structures and processes.
• Assess the major enterprise risk factors for compliance.
• Design and develop a program to monitor firewalls and identify firewall configuration issues.
• Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools.
• Deploy and manage anti-virus systems.
• Understand various system-engineering practices.
• Identify the volatile and persistent system information.
• Develop and manage an organizational digital forensic program.
• Identify the best practices to acquire, store and process digital evidence.
• Define key performance indicators and measure effectiveness on continuous basis.
• Allocate financial resources to projects, processes and units within information security program.
• Identify and report financial metrics to stakeholders.
• Understand the IA security requirements to be included in statements of work and other appropriate procurement documents in this CCISO certification training program.

Course Content:

• Access Controls
• Physical Security
• Disaster Recovery and Business Continuity Planning
• Network Security
• Threat and Vulnerability Management
• Application Security
• System Security
• Encryption
• Vulnerability Assessments and Penetration Testing
• Computer Forensics and Incident Response
• Security Strategic Planning
• Alignment with business goals and risk tolerance
• Security emerging trends
• Key Performance Indicators (KPI)
• Financial Planning
• Development of business cases for security
• Analyzing, forecasting, and developing a capital expense budget
• Analyzing, forecasting, and developing an operating expense budget
• Return on Investment (ROI) and cos benefit analysis
• Vendor management
• Integrating security requirements into the contractual agreement and procurement process