CERTIFIED CHIEF INFORMATION SECURITY OFFICER V3 (C|CISO)
EC-Council’s CCISO Program has certified leading information security professionals around the world.
A core group of high-level information security executives, the C|CISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training.
Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers.
Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
The Certified CISO (C|CISO) program is the first of its kind training and certification program aimed at producing top-level information security executives.
The C|CISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view.
The program was developed by sitting CISOs for current and aspiring CISOs. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements.
Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the Associate C|CISO.
​
Certification
To be approved to take the C|CISO exam without first taking certified training, you will need to show evidence and present verifiers to show that you have 5 years of experience in each of the five C|CISO domains.
Experience waivers are available for some industry-accepted certifications and C|CISO Exam Eligibility Application Form higher education. Between certification and training waivers, applicants can only waive 3 years of experience for each domain.
If you have taken training, you must show 5 years of experience in 3 of the 5 domains in order to take the C|CISO exam. Applicants found not qualified for the C|CISO Exam may choose to take the EC-Council Associate C|CISO instead.
​
The Five C|CISO Domains
C|CISOs are certified in the knowledge of and experience in the following C|CISO Domains:
​
Domain 1: Governance and Risk Management
Domain 2: Information Security Controls, Compliance, & Audit Management.
Domain 3: Security Program Management & Operations.
​
Domain 4: Information Security Core Competencies.
​
Domain 5: Strategic Planning, Finance, Procurement, & Vendor Management.