Home / All Courses / Cyber Security / The Certified CISO (CCISO) Training Course

The Certified CISO (CCISO) Training Course


EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

Upon completion of The Certified CISO (CCISO) Training Course, you will accomplish the following:

  • Define, implement, and manage an information security governance program that includes leadership, organizational structures, and processes.
  • Assess the major enterprise risk factors for compliance.
  • Design and develop a program to monitor firewalls and identify firewall configuration issues.
  • Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools.
  • Deploy and manage anti-virus systems.
  • Understand various system-engineering practices.
  • Identify the volatile and persistent system information.
  • Develop and manage an organizational digital forensic program.
  • Identify the best practices to acquire, store and process digital evidence.


This Training is available to individuals who possess the requisite Information Security Management experience.

Recommended Course


Full Description

Table of Contents

Domain 1: Governance 

    Knowledge Assumptions.

 1. Drivers that Influence Governance

1.1 Business Drivers

1.1.1 Form of Business Organization

1.1.2 Organizational Structure

1.1.3 Industry

1.1.4 Organizational Maturity

1.2 Information Security Drivers

1.2.1 Corporate Governance and Organizational Alignment

1.2.2 Compliance 

1.2.3 Information Privacy

2. Corporate Governance Activities

2.1 Risk Oversight

2.2 Enterprise Architecture

2.2.1 The Zachman Framework

2.2.2 The Open Group Architecture Framework (TOGAF)

2.2.3 Sherwood Applied Business Security Architecture (SABSA)

2.2.4 Federal Enterprise Architecture Framework (FEAF) 

2.2.5 Department of Defense Architecture Framework (DoDAF)

2.3 Asset Management

2.3.1 Asset Ownership

2.3.2 Classification

2.3.3 Asset Inventory

2.3.4 Asset Value

2.3.5 Asset Protection

2.3.6 Asset Management in Practice

2.4 Managing and Controlling Organizational Changes

2.4.1 Change Control

2.4.2 Change Management

2.5 Business Continuity Management

2.5.1 Business Impact Analysis

2.5.2 Business Continuity Planning

2.5.3 Disaster Recovery Planning

2.5.4 Alternate Processing Sites

2.5.5 BCM Plan Testing

2.5.7 Crisis Management

3. Information Security Governance Activities

3.1 Information Security Program Management

3.1.1 Formal Documentation

3.1.2 Education, Training, and Awareness

3.1.3 Information Security Steering Committee

3.1.4 Metrics and Reporting

3.2 Security Engineering

3.3 Security Operations

3.4 Corporate Governance and Security Responsibilities

4. Governance and Ethical Decision Making

4.1 EC-Council Code of Ethics

Domain 1 Summary

Domain 2: Security Risk Management, Controls, and Audit Management

Knowledge Assumptions

1. Risk Management

1.1 Risk Assessment

1.2 Risk Analysis Approaches

1.3 Organizational Risk Perspectives

1.4 Risk Management Constraints

2. Risk Treatment

2.1 Risk Treatment Options

2.2 Attributes of Controls

2.3 Selecting and Implementing Controls

2.4 Control Catalogs

3. Risk Management Frameworks

3.1 ISO 27005

3.2 NIST Risk Management Framework

3.2.1 NIST Risk Management and Assessment

3.3 Additional Risk Management Tools

3.3.1 ISO 31000

3.3.2 Threat Agent Risk Assessment (TARA)

3.3.3 Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro

3.3.4 Factor Analysis of Information Risk (FAIR)

3.3.5 COBIT Risk Management

3.3.6 ITIL Risk Management

4. Audit Management 

4.1 Evaluation Standards and Controls

4.2 Analysis and Interpretation of Audit Results

4.3 Outcomes for Ineffective or Missing Controls

5. Risk Communication and Organizational Reporting

Domain 2 Summary

Domain 3: Security Program Management and Operations119 Knowledge Assumptions

1. Information Security Portfolio Management

1.1 Information Security Portfolio Planning

1.2 Information Security Portfolio Alignment

2. Information Security Program Management

2.1 Information Security Program Development Model

3. Information Security Project Management

3.1 Project Initiation

3.2 Intermediate Project Phases

3.3 Project Closure

4. Security Operations

4.1 Security Operations Center (SOC)

4.1.1 Security Operations Personnel

4.1.2 Security Operations Processes: Policies and Procedures

4.1.3 Security Operations Technology

4.1.4 Security Operations Communication

4.2 Security Operations Program Activities

4.2.1 Event Management and Incident Response

4.2.2 Digital Forensic Investigation

4.2.3 Threat Hunting

Domain 3 Summary

 Domain 4: Information Security Core Competencies

Knowledge Assumptions

1. Access Control

1.1. Access Control Plan

1.2. Types of Access Control

1.3. Authentication

1.4. Authorization

1.5. Access Administration

2. Physical Security

2.1. Physical Risk Analysis

2.2. Physical Security Audits

2.3. Physical Security Strategy

2.4. Facility Design

3. Network and Communications Security

3.1. Network Security Planning 

3.2. Network Management Concerns

3.3. Network Topologies

3.4. Network Standards and Protocols

3.5. Network Security Controls

3.6. Wireless Communications Security

3.7. Voice-over-IP (VoIP) Security

4. Threat and Vulnerability Management

4.1. Threat Management

4.2. Vulnerability Management

5. System and Application Security

5.1. System Development

5.2. Separation of production, development, and test environments

5.3. Application Testing

5.4. System Security Management

5.5. Configuration management

5.6. System Hardening

5.7. Data Sanitization

5.8. Mobile System Security

6. Encryption Concepts and Technology

6.1. Encryption Algorithms

6.2. Public Key Infrastructure

6.3. Hashing

6.4. Digital Signatures

Domain 4 Summary

Domain 5: Strategic Planning, Financial Management, and Vendor Management

Knowledge Assumptions

1. Strategic Planning

1.1. Strategic Planning Phases

1.2. Strategic Planning Tools

2. Financial Management

2.1. Fundamental Accounting Concepts

2.2. Budgeting

2.3. Expense Management

2.4. Comparing Capital Investment Opportunities

2.5. Financial Accounting for Security Leaders

3. Vendor Risk Management

3.1. Procurement

3.1.1 Planning

3.1.2 Vendor assessment and selection

3.1.3 Contract negotiation

3.1.4 Managing Expectations and Performance

3.2. Vendor Management

3.2.1 Oversight

3.2.2 Risk Management

3.2.3 Disposition

Domain 5 Summary



Fees & Schedule

Delivery Mode Course Duration Fees
Live Virtual Training 5 Days Ask for Quote
Onsite Classroom Training 5 Days Ask for Quote
Customized Training 5 Days Ask for Quote


SpireTec solutions is the latest technology enabled I.Tmanagement training company specialized in offering 1500+ courses with the state of art training facilities backed by a team of industry experts in various domains with assuring best quality services.
Since SpireTec provides 24X7 training and support for your training needs is very adaptable to your time availabilities and offers customized training programs according to your availability and time zones of your contingent.
Because SpireTec aims for the personal & professional growth of you as individual & corporate as a whole, providing training on the latest and updated versions in the designated domains.
It is preferable but not mandatory to have domain experience in the area of your interest in which you want to opt training, supported by good English communication skills, a good Wi-Fi and computer or laptop system in case you want remote training
Spire Tec aims and ensure to offer finest and world-class training to the participants by giving them a proper counselling and a guided career path by our industry experts which leads guaranteed success for you in the corporate world
We offer online training (1-1, Group training), Classroom training, Onsite training with state of art facilities.
You can make payment online via PayPal with any of the debit & credit cards or via direct bank transfer.