Home / All Courses / Cyber Security / CCISO Certification & Training Course

CCISO Certification & Training Course

Overview

What is CCISO?

EC-Council Certified CISO (Chief Information Security Officer) program is meant for the highest level of the executive professionals of information security. It’s a leadership program as the role demands overseeing information systems and company security.

It combines the knowledge and skills of audit management, governance, IS controls, human capital management, and strategic program development. The CCISO course emphasizes the implementation of information security management, planning, compliance, and audit management. It has less focus on delivering theoretical knowledge. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have.

Why CCISO Training?

SpireTec offers comprehensive module-wise CCISO training to help you score well in the CISCO Exam (Code 712-50). The exam has 150 scenario-based questions to be answered in 2.5 hours. The exam has a passing score of 72%.

We have experienced faculty members to deliver training based on the latest CCISO course. Develop skills required to maintain procedures, standards, and policies to protect the privacy and integrity of data, ensure compliance with regulations and security policies, train security specialists from middle-level of management, and develop contingency plans and manage security breaches.

CCISO Exam: Skills Measured

  1. Governance and Risk Management
  2. Information Security Controls, Compliance and Audit Management
  3. Security Program Management and Operations
  4. Information Security Core Competencies
  5. Strategic Planning, Finance, Procurement and Vendor Management

Who Should Earn CCISO Certification?

Chief Information Security Officer

The CCISO is a senior-level role in the Information security, cyber-security, or cyber-forensic department. Upskill your skills and learn to better align information security programs to the goals of organizations. Other information security management certification programs focus on middle management. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their processes and programs. The average salary of a CISO in the USA economy is $165,391 per annum.

Aspiring CCISOs

Middle-level IT managers working as Information Security Analyst, Ethical Hacker, Cyber Security Consultant, and Digital Forensic Analyst can advance their career with the CCISO certification, which is an endorsement of your leadership quality in designing and implementation of the best Internet security practices.

Prerequisites for CCISO Certification

5 years of experience in at least 3 of the 5 CCISO domains (experience can be overlapping). Candidates not meeting this requirement have to first qualify EC-Council Information Security Manager (EISM) exam.

Full Description

Table of Contents

Domain 1: Governance 

    Knowledge Assumptions.

 1. Drivers that Influence Governance

1.1 Business Drivers

1.1.1 Form of Business Organization

1.1.2 Organizational Structure

1.1.3 Industry

1.1.4 Organizational Maturity

1.2 Information Security Drivers

1.2.1 Corporate Governance and Organizational Alignment

1.2.2 Compliance 

1.2.3 Information Privacy

2. Corporate Governance Activities

2.1 Risk Oversight

2.2 Enterprise Architecture

2.2.1 The Zachman Framework

2.2.2 The Open Group Architecture Framework (TOGAF)

2.2.3 Sherwood Applied Business Security Architecture (SABSA)

2.2.4 Federal Enterprise Architecture Framework (FEAF) 

2.2.5 Department of Defense Architecture Framework (DoDAF)

2.3 Asset Management

2.3.1 Asset Ownership

2.3.2 Classification

2.3.3 Asset Inventory

2.3.4 Asset Value

2.3.5 Asset Protection

2.3.6 Asset Management in Practice

2.4 Managing and Controlling Organizational Changes

2.4.1 Change Control

2.4.2 Change Management

2.5 Business Continuity Management

2.5.1 Business Impact Analysis

2.5.2 Business Continuity Planning

2.5.3 Disaster Recovery Planning

2.5.4 Alternate Processing Sites

2.5.5 BCM Plan Testing

2.5.7 Crisis Management

3. Information Security Governance Activities

3.1 Information Security Program Management

3.1.1 Formal Documentation

3.1.2 Education, Training, and Awareness

3.1.3 Information Security Steering Committee

3.1.4 Metrics and Reporting

3.2 Security Engineering

3.3 Security Operations

3.4 Corporate Governance and Security Responsibilities

4. Governance and Ethical Decision Making

4.1 EC-Council Code of Ethics

Domain 1 Summary

Domain 2: Security Risk Management, Controls, and Audit Management

Knowledge Assumptions

1. Risk Management

1.1 Risk Assessment

1.2 Risk Analysis Approaches

1.3 Organizational Risk Perspectives

1.4 Risk Management Constraints

2. Risk Treatment

2.1 Risk Treatment Options

2.2 Attributes of Controls

2.3 Selecting and Implementing Controls

2.4 Control Catalogs

3. Risk Management Frameworks

3.1 ISO 27005

3.2 NIST Risk Management Framework

3.2.1 NIST Risk Management and Assessment

3.3 Additional Risk Management Tools

3.3.1 ISO 31000

3.3.2 Threat Agent Risk Assessment (TARA)

3.3.3 Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro

3.3.4 Factor Analysis of Information Risk (FAIR)

3.3.5 COBIT Risk Management

3.3.6 ITIL Risk Management

4. Audit Management 

4.1 Evaluation Standards and Controls

4.2 Analysis and Interpretation of Audit Results

4.3 Outcomes for Ineffective or Missing Controls

5. Risk Communication and Organizational Reporting

Domain 2 Summary

Domain 3: Security Program Management and Operations119 Knowledge Assumptions

1. Information Security Portfolio Management

1.1 Information Security Portfolio Planning

1.2 Information Security Portfolio Alignment

2. Information Security Program Management

2.1 Information Security Program Development Model

3. Information Security Project Management

3.1 Project Initiation

3.2 Intermediate Project Phases

3.3 Project Closure

4. Security Operations

4.1 Security Operations Center (SOC)

4.1.1 Security Operations Personnel

4.1.2 Security Operations Processes: Policies and Procedures

4.1.3 Security Operations Technology

4.1.4 Security Operations Communication

4.2 Security Operations Program Activities

4.2.1 Event Management and Incident Response

4.2.2 Digital Forensic Investigation

4.2.3 Threat Hunting

Domain 3 Summary

 Domain 4: Information Security Core Competencies

Knowledge Assumptions

1. Access Control

1.1. Access Control Plan

1.2. Types of Access Control

1.3. Authentication

1.4. Authorization

1.5. Access Administration

2. Physical Security

2.1. Physical Risk Analysis

2.2. Physical Security Audits

2.3. Physical Security Strategy

2.4. Facility Design

3. Network and Communications Security

3.1. Network Security Planning 

3.2. Network Management Concerns

3.3. Network Topologies

3.4. Network Standards and Protocols

3.5. Network Security Controls

3.6. Wireless Communications Security

3.7. Voice-over-IP (VoIP) Security

4. Threat and Vulnerability Management

4.1. Threat Management

4.2. Vulnerability Management

5. System and Application Security

5.1. System Development

5.2. Separation of production, development, and test environments

5.3. Application Testing

5.4. System Security Management

5.5. Configuration management

5.6. System Hardening

5.7. Data Sanitization

5.8. Mobile System Security

6. Encryption Concepts and Technology

6.1. Encryption Algorithms

6.2. Public Key Infrastructure

6.3. Hashing

6.4. Digital Signatures

Domain 4 Summary

Domain 5: Strategic Planning, Financial Management, and Vendor Management

Knowledge Assumptions

1. Strategic Planning

1.1. Strategic Planning Phases

1.2. Strategic Planning Tools

2. Financial Management

2.1. Fundamental Accounting Concepts

2.2. Budgeting

2.3. Expense Management

2.4. Comparing Capital Investment Opportunities

2.5. Financial Accounting for Security Leaders

3. Vendor Risk Management

3.1. Procurement

3.1.1 Planning

3.1.2 Vendor assessment and selection

3.1.3 Contract negotiation

3.1.4 Managing Expectations and Performance

3.2. Vendor Management

3.2.1 Oversight

3.2.2 Risk Management

3.2.3 Disposition

Domain 5 Summary

References

Index

Fees & Schedule

Delivery Mode Course Duration Fees
Live Virtual Training 5 Days Ask for Quote
Onsite Classroom Training 5 Days Ask for Quote
Customized Training 5 Days Ask for Quote

FAQ's

SpireTec solutions is the latest technology enabled I.Tmanagement training company specialized in offering 1500+ courses with the state of art training facilities backed by a team of industry experts in various domains with assuring best quality services.
Since SpireTec provides 24X7 training and support for your training needs is very adaptable to your time availabilities and offers customized training programs according to your availability and time zones of your contingent.
Because SpireTec aims for the personal & professional growth of you as individual & corporate as a whole, providing training on the latest and updated versions in the designated domains.
It is preferable but not mandatory to have domain experience in the area of your interest in which you want to opt training, supported by good English communication skills, a good Wi-Fi and computer or laptop system in case you want remote training
Spire Tec aims and ensure to offer finest and world-class training to the participants by giving them a proper counselling and a guided career path by our industry experts which leads guaranteed success for you in the corporate world
We offer online training (1-1, Group training), Classroom training, Onsite training with state of art facilities.
You can make payment online via PayPal with any of the debit & credit cards or via direct bank transfer.