EC-Council Certified Chief Information Security Officer (C-CISO)

Course Overview

In this 4-Day class, students will learn in-depth content in each of the 5 CCISO Domains. The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. The job of the CISO is far too important to be learned by trial and error. Executive level management skills are not areas that should be learned on the job. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on-the-job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Course Objectives

This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems.

Who Should Attend?

The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of the organization as well as aspiring CISOs.

Course Prerequisites

There are no prerequisites for this course.

Course Outline

1 – Domain 1: Governance & Risk Management (Policy, Legal & Compliance)

  • Define, Implement, Manage, and Maintain an Information Security Governance Program
  • Information Security Drivers
  • Establishing an information security management structure
  • Laws/Regulations/Standards as drivers of Organizational Policy/ Standards/ Procedures
  • Managing an enterprise information security compliance program
  • Risk Management
  • Risk mitigation, risk treatment, and acceptable risk
  • Risk management frameworks
  • NIST
  • Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
  • Risk management plan implementation
  • Ongoing third-party risk management
  • Risk management policies and processes

2 – Domain 2: Information Security Controls, Compliance & Audit Management

  • Information Security Controls
  • Compliance Management
  • Guidelines, Good and Best Practices
  • Audit Management

3 – Domain 3: Security Program Management and Operations

  • Program Management
  • Operations Management

4 – Domain 4: Information Security Core Concepts

  • Access Controls
  • Physical Security
  • Network Security
  • Endpoint Protection
  • Application Security
  • Encryption Technologies
  • Virtualization Security
  • Cloud Computing Security
  • Transformative Technologies

5 – Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

  • Strategic Planning
  • Designing, Developing, and Maintaining an Enterprise Information Security Program
  • Understanding the Enterprise Architecture (EA)
  • Finance
  • Procurement
  • Vendor Management

Alliance Micro Solutions | Customer Satisfaction (

Leave a Reply