Join The New Generation of Information Security Officers


Are you ready to be a CISO?


The CCISO program trains individuals who are looking to make the jump from middle management to the executive ranks by focusing on high-level management skills specifically needed for IS executives. From project to audit management, procurement and finance, to strategy and policy, students will be taught to steer complex security programs strategically and successfully. The CCISO program was created and is taught by sitting high-level information security executives from across industries, resulting in the most relevant, challenging, and applicable content on the market.

CCISOs are certified in the knowledge of and experience in the following CCISO Domains:
Domain 1: Governance (Policy, Legal & Compliance)

1. Definitions
2. Information Security Management Program
3. Information Security Laws, Regulations, & Guidelines
4. Privacy Laws

Domain 2 – IS Management Controls and Auditing Management (Projects, Technology, and Operations)

1. Design, Deploy, and Manage Security Controls in Alignment with Business
Goals, Risk Tolerance, and Policies and Standards
2. Information Security Risk Assessment
3. Risk Treatment
4. Residual Risk
5. Risk Acceptance
6. Risk Management Feedback Loops
7. Business Goals
8. Risk Tolerance
9. Policies and Standards
10. Understanding Security Controls Types and Objectives
11. Implementing Control Assurance Frameworks
12. COBIT (Control Objectives for Information and Related Technology)
13. BAI06 Manage Changes
14. COBIT 4.1 vs. COBIT 5
15. ISO 27001/27002
16. Automate Controls
17. Understanding the Audit Management Process

Domain 3: Management – Projects & Operations

1. The Role of the CISO
2. Information Security Projects
3. Security Operations Management

Domain 4: Information Security Core Competencies

1. Access Controls
2. Physical Security
3. Disaster Recovery
4. Network Security
5. Threat and Vulnerability Management
6. Application Security
7. Systems Security
8. Encryption
9. Computer Forensics and Incident Response

Domain 5: Strategic Planning & Finance

1. Security Strategic Planning
2. Alignment with Business Goals and Risk Tolerance
3. Relationship between Security, Compliance, & Privacy
4. Leadership
5. Enterprise Information Security Architecture (EISA) Models, Frameworks, and Standards
6. Security Emerging Trends
7. It’s all about the Data
8. Key Performance Indicators (KPI)
9. Systems Certification and Accreditation Process
10. Resource Planning
11. Financial Planning
12. Procurement
13. Vendor Management
14. Request for Proposal (RFP) Process
15. Integrate Security Requirements into the Contractual Agreement and Procurement Process
16. Statement of Work
17. Service Level Agreements 

 Domain Steps
Qualifying areas under Domain 1 include (but are not limited to) the following:

Strategic Planning

  • Design, develop and maintain enterprise information security architecture (EISA) by aligning business processes, IT software and hardware, local and wide area networks, people, operations, and projects with the organization’s overall security strategy.
  • Perform external analysis of the organization (e.g., analysis of customers, competitors, markets and industry environment) and internal analysis (risk management, organizational capabilities, performance measurement etc.) and utilize them to align information security program with organization’s objectives.
  • Identify and consult with key stakeholders to ensure understanding of organization’s objectives.
  • Define a forward-looking, visionary and innovative strategic plan for the role of the information security program with clear goals, objectives and targets that support the operational needs of the organization.
  • Define key performance indicators and measure effectiveness on continuous basis.
  • Assess and adjust IT investments to ensure they are on track to support organization’s strategic objectives.
  • Monitor and update activities to ensure accountability and progress.