ec-council certified ciso · training through one of ec-council’s accredited training channels...

Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

EC-Council Certified CISO

The C|CISO Program


Introducing C|CISO

• CISO = Chief Information Security Officer

• C|CISO is NOT an entry-level program – it is intended for professionals with at least 5 years of specific industry experience


5 Domains

Governance (Policy, Legal, and Compliance)

IS Management Controls and Auditing Management

Management – Projects and Operations (Projects, Technology, and Operations)

Information Security Core Competencies

Strategic Planning and Finance

Introducing C|CISO


Currently the only people who carry the CCISO designation are top level executives with titles like:

C|CISO in the Market

• AVP - Information Security

• CEO

• Chief Architect & Sr. Director Security

• CIO

• CSO

• CISO

• Department Head – IT

• Director Information Security

• Director of Information Assurance

• Director of Risk Management

• Head of Infrastructure Security

• ISO

• IT Security Officer

• Vice President, IT Governance, Risk, and Compliance

• VP, Information Security Officer


A Sample of Companies with CCISOs


C|CISO in the Market Already known as a prestigious certification in the industry:

http://www.infosecisland.com


The InfoSec Landscape

• The penalties for breaches are increasing and are increasingly public relation nightmares for companies.

• Regulations are growing across industries, keeping in step with the importance of data to companies’ futures.

http://www.beechermadden.co.uk

This all means that the demand for senior, business-

focused Infosec professionals is growing.

Managers need training to take on this burden.


The Executive

Leadership Gap

There is a lack of IS professionals who have both the technical and the management expertise to do the job effectively.

http://www.csoonline.com


The Executive Leadership Gap

A certification that is tied to the title of

CISO helps boost the visibility of the role,

which helps the industry.


Why C|CISO?

The CCISO Program teaches aligning technical knowledge with the overall vision of a business and make information security an enhancement rather than a detriment to an organization.

Most managers in Information Security rise through the technical ranks and

must learn executive-level management, strategy, and organization skills on the job.


Why C|CISO?

HR Management

Budget Planning

Vendor Management

ROI

Audit Management

Aligning Security to the Business Goals

Working with other C-Levels

The CCISO fills these gaps by introducing concepts such as:


Why CCISO is Unique Other programs focus on the technical aspects of information security management – CCISO assumes a high level of technical expertise and focuses on technical issues from an executive perspective.


Anyone with a CISSP is a good candidate for CCISO as there are experience requirements for CISSP as well.

CISSP used to be a distinguisher – now it’s ubiquitous so professionals are looking for a way to stand out to clients and potential employers.

Why CCISO is Unique


Qualifying for the C|CISO Exam

In order to sit for the CCISO exam after

training, candidates must have five years of experience in at least three of the five domains (as verified by exam eligibility application sent to ECC)

Candidates who do not have the required experience or who do not fill out the application will be given a voucher for the EC-Council Information Security Manager (EISM) exam.


The C|CISO Exam

250 Multiple Choice Questions

Available on ECC Exam Centre

4 hour time limit

Remotely available


→ Qualifying for the C|CISO

Exam

Candidates must fill out and return to [email protected] the Exam Eligibility application (found on ciso.eccouncil.org) to determine their eligibility

The application processing fee is waived for anyone signed up for an AUTHORISED TRAINING through one of EC-Council’s accredited training channels

This application should be submitted to EC-Council at [email protected] BEFORE sitting for training and EC-Council will distribute the vouchers directly to students to ensure each student receives the correct exam

Processing time for the eligibility application varies depending on how quickly verifiers respond. Applications from ATCs are prioritized and expedited and can take as little as one day to process.

mailto:[email protected]

mailto:[email protected]


The C|CISO Exam

Written by practicing CISOs and based on their day-to-day challenges

Tests candidates’ knowledge of the 5 domains via extensive scenario-based questions

This forces an application of knowledge instead of a regurgitation of facts

Real-world experience is required to sit for the exam


EC-Council Information Security Manager

Candidates who pass the EISM exam earn the EISM certification

Once EISMs have accrued the required experience (5 years in 3 out of 5 domains), they can submit a new eligibility application and buy a CCISO voucher at a discount

The EISM program uses the SAME training and the SAME book as CCISO – only the exam is different


The EISM Exam

150 Multiple Choice Questions

Available on ECC Exam Centre

Remotely available

2 hour time limit


EC-Council Information Security

Manager

Benefits of EISM

CCISO training can be sold to anyone who is interested in taking it.

A voucher is included with training – just like other ECC programs

EISMs have a clear path to earning the CCISO


→ The C|CISO Class

• 5 days long

• Testing can be done on the

last day of class

• Can be condensed into 4 days

if necessary


→ The C|CISO Exam Process

Does the client have at

least five years of

experience in at least

three of the five

domains?

Yes

Submit CCISO Eligibility

Application to

[email protected]

at least 7 days before

testing

Take CCISO training .No

eligibility application

necessary No

Voucher will be

issued by EC-Council

to student after

training is complete

Proceed with EISM Exam

Voucher will be

issued by EC-Council

to student after

training is complete


Who is the Client? • Information Security Managers

• Chief Information Security Officers

• Middle managers who are looking to move to the executive ranks are eager to the letters CISO next to their name – this signals to the market that they are intent on moving up and understand the challenges involved in doing so.


Who is the Client?

Average Annual Leadership Salary (CISO) : $177,024

http://www1.salary.com


• A HUGE potential market for CCISO:

• Information Security Consultants

• Target the large consulting firms: FishNet, Dell SecureWorks, IBM, Deloitte, PWC

• Small firms or independent consultants are hungry for ways to distinguish themselves from the pack and beat the larger companies.

Who is the Client?


Who is the Client?

This means that most CISOs have a very good idea of the job market and are always

looking to stand out.

The average CISO changes jobs every 18 months as security breaches are inevitable and they are often the ones blamed after a catastrophe.


Who is the Client?

• Chief Information Security Officers (CISOs) or

Chief Security Officers (CSOs) are the highest ranking information security professionals at a company.

• These are coveted positions, with an 8.1%

increase in the average salary of a C(I)SO in the

last 2 years, now up to a range of $119,750 - $179,250.

http://www.itcareerfinder.com


Additional Benefits of CCISO

This program can help you forge relationships with the decision-makers

at large companies leading to new business opportunities for the

staff of CCISOs.


Adding CCISO to an ATC

• Instructors must:

➢ Fill out and turn in the exam eligibility application to [email protected] and be found eligible.

➢ Take CCISO Online Training (discounted for ATCs to provide to instructors)

➢ Pass the CCISO Exam (discounted vouchers for ATCs to provide to instructors)

➢ Be a CEI

➢ ECC can help match up training centers to qualified CCISOs!


Online Training

ATCs can also resell ECC online training if qualified instructors are not available.

ec-council certified ciso · training through one of ec-council’s accredited training channels...

Documents