top of page




EC-Council’s C|CISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the C|CISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training.


Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.

The Certified CISO (C|CISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.


  • Domain 1: Governance (Policy, Legal & Compliance)

  • Domain 2: IS Management Controls and Auditing Management

  • Domain 3: Management – Projects and Operations (Projects, Technology & Operations)

  • Domain 4: Information Security Core Competencies

  • Domain 5: Strategic Planning & Finance

Who Would Benefit

Current and aspiring CISOs



5 years of IS management experience in 3 of the 5 CCISO Domains.

Exam eligibility application


Exam Info

  • EC Council’s CCISO Exam

  • Exam Format: Multiple Choice

  • Total number of questions: 250

  • Exam duration: 4 Hours

  • Required passing score: 70%


Course Length

5 Days | 40 Hours


Course Objectives

In this course, you will learn in-depth content in each of the 5 CCISO Domains:

Domain 1: Governance (Policy, Legal & Compliance)

  • The first Domain of the C|CISO program is concerned with the following:

  • Information Security Management Program

  •  Defining an Information Security Governance Program

  •  Regulatory and Legal Compliance

  •  Risk Management

Domain 2: IS Management Controls and Auditing Management

  •  Designing, deploying, and managing security controls

  •  Understanding security controls types and objectives

  •  Implementing control assurance frameworks

  •  Understanding the audit management process

Domain 3: the day-­‐to-­‐day responsibilities of a CISO, including:

  •  The role of the CISO

  •  Information Security Projects

  •  Integration of security requirements into other operational processes (change management, version
    control, disaster recovery, etc.)

Domain 4: from an executive perspective, the technical aspects  of the CISO job including:

  •  Access Controls

  •  Physical Security

  •  Disaster Recovery and Business Continuity Planning

  •  Network Security

  •  Threat and Vulnerability Management

  •  Application Security

  •  System Security

  •  Encryption

  •  Vulnerability Assessments and Penetration Testing

  •  Computer Forensics and Incident Response

Domain 5: area with which many more  technically inclined professionals may have the least experience, including:

  • Security Strategic Planning

  • Alignment with business goals and risk tolerance

  • Security emerging trends

  • Key Performance Indicators (KPI)

  •  Financial Planning

  • Development of business cases for security

  • Analyzing, forecasting, and developing a capital expense budget

  • Analyzing, forecasting, and developing an operating expense budget

  • Return on Investment (ROI) and cost-benefit analysis

  • Vendor management

  •  Integrating security requirements into the contractual agreement and procurement process

Taken together, these five Domains of the C|CISO program translate to a thoroughly  knowledgeable, competent executive information security practitioner.

bottom of page