Become a Certified Chief Information Security Officer (C|CISO)
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
EC-Council’s Certified Chief Information Security Officer (C|CISO) program has certified leading information security professionals around the world. A core group of high-level information security executives, the C|CISO Advisory Board, formed the foundation of the program and outlined the content covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as instructors. Each segment of the program was developed with the aspiring and sitting CISO in mind and looks to transfer the knowledge of seasoned executives to the next generation of leaders in the areas that are most critical in the development and maintenance of a successful information security program.
To earn the C|CISO, every applicant must pass the exam covering all 5 C|CISO domains, regardless of experience in each domain. The exam consists of 150 multiple-choice questions administered over a two-and-a-half-hour period. The questions on the exam require extensive thought and evaluation.
There are three cognitive levels tested on the C|CISO exam:
Level 1
Knowledge: This cognitive level of questions is used to recall memorized facts. This is the most basic cognitive level rarely accepted on certifications as it merely recognizes the candidate’s ability to memorize information. It can be effectively used when asking for basic definitions, standards or any concrete fact.
Level 2
Application: This cognitive level of questions is used to identify the candidate’s ability to understand the application of a given concept. It differs from Knowledge based questions in the sense that it requires the understanding and correct applicability of a given concept – not just the concept itself. This type of question often quires additional context before the actual question is provided in the stem.
Level 3
Analysis: This cognitive level of questions is used to identify the candidate’s ability to identify and resolve a problem given a series of variables and context. Analysis questions differ greatly from Application based questions in the sense that they require not only the applicability of a concept but also how a concept, given certain constraints, can be used to solve a problem.
Please see the exam blueprint.
Note: Students opting for the E|ISM exam must get tested on only two cognitive levels of the above viz.
Level 1: Knowledge &
Level 2: Application.
Domain | Experience Waivers |
---|---|
Governance and risk management |
|
Information Security Controls, Compliance, and Audit Management |
|
Security Program Management and Operations |
|
Information Security Core Competencies |
|
Strategic Planning, Finance, Procurement, and Vendor Management |
|
To earn the C|CISO, every applicant must pass the exam covering all 5 C|CISO domains, regardless of experience in each domain. The exam consists of 150 multiple-choice questions administered over a two-and-a-half-hour period. The questions on the exam require extensive thought and evaluation. There are three cognitive levels tested on the C|CISO exam: Level 1 Knowledge: This cognitive level of questions is used to recall memorized facts. This is the most basic cognitive level rarely accepted on certifications as it merely recognizes the candidate’s ability to memorize information. It can be effectively used when asking for basic definitions, standards or any concrete fact. Level 2 Application: This cognitive level of questions is used to identify the candidate’s ability to understand the application of a given concept. It differs from Knowledge based questions in the sense that it requires the understanding and correct applicability of a given concept – not just the concept itself. This type of question often quires additional context before the actual question is provided in the stem. Level 3 Analysis: This cognitive level of questions is used to identify the candidate’s ability to identify and resolve a problem given a series of variables and context. Analysis questions differ greatly from Application based questions in the sense that they require not only the applicability of a concept but also how a concept, given certain constraints, can be used to solve a problem. Please see the exam blueprint. Note: Students opting for the E|ISM exam must get tested on only two cognitive levels of the above viz. Level 1: Knowledge & Level 2: Application.
We have helped over 250,000 people answer this question over the past 20 years and we are excited to help you with this big decision! Choosing the right credential can seem like a difficult task, here are some things you should consider:
The Certified Chief Information Security Officer program is the first of its kind certification that recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organizational goals. C|CISO equips information security leaders with the most effective toolset to defend organizations from cyberattacks. To rise to the role of the CISO, strong technical knowledge, and experience is more imperative now than ever before but it must be accompanied by the ability to communicate business value. C|CISOs understand that their information security decisions often have a direct impact on their organization’s operational cost, efficiency, and agility. As organizations introduce new technologies, C|CISOs will develop and communicate a strategy to avoid the potential risks stemming from their implementation to the organization’s operations.
C|CISO is the right choice for you and your career if you:
– Aspire to attain the highest regarded title within the information security profession – CISO
– Already serve as an official CISO
– Perform CISO functions in your organization without the official
In order to qualify to take the C|CISO Exam, applicants must fill out the C|CISO Exam Eligibility Application found here. Applications should be emailed to [email protected]. If the applicant is attempting the exam without taking EC-Council Authorized Training, five years’ experience in each of the five C|CISO Domains is required (experience can be overlapping) and a $100 application fee is due with the application. If an applicant has purchased EC-Council Authorized Training, there is no application fee due and only five years of experience in three of the five domains is required. For more information, please drop your details for us to contact. Click here
Application processing time varies due to the fact that part of the process involves reaching out to verifiers indicated by the applicants as able to verify their experience. In order to speed up this process, applicants can assist the application processing team by reaching out to their verifiers to ensure they have received the required forms from EC-Council and understand what is required. Applications from students in EC-Council Authorized Training are prioritized and expedited in order to ensure testing can occur at the time of the class if the student desires.
Your C|CISO certification is valid for a period of three years.
To renew your certification you must satisfy the Continuing Education requirements and remit a renewal fee of $100.00 (USD).
C|CISO will give you assurance that the certified professional possesses the necessary skills to identify factors that pose risk to the successful operation of your organization and develop and implement technical, operational, and procedural safeguards to manage those risk factors. C|CISOs are the leadership force that will protect your organization from unwanted and costly security breaches by designing information security programs and leading a team of information security professionals.
C|CISO training is available at: Click here
– In-person training is available at EC-Council events (www.hackerhalted.com)
– Online via our iClass program. Options for self-paced and live online are available. Click here for more information!
– In-person training via our Accredited Training Center network! Fill out the form found here to find a training center in your area: https://www.eccouncil.org/Training.
The Associate C|CISO program covers a broad range of essential topics needed to successfully lead information security management functions. With a comprehensive curriculum, including in-depth knowledge of the essential infosec domains, the Associate C|CISO program helps security executive aspirants grow advanced skills by bridging the gap between their current capabilities to leadership competence and knowledge. The Associate C|CISO program enables candidates to leverage the C|CISO knowledge by training through C|CISO courseware, equipping them with a robust understanding of information security management systems and leadership skills.
To obtain full C|CISO status, candidates must meet the experience requirements by having a minimum of 5 years of experience in at least 3 of the 5 domains.
EC-Council has announced the retirement of its E|ISM certification effective December 1st 2023. Current E|ISM certification holders will be transitioned to the Associate C|CISO certification effective in June 2023. With the Associate C|CISO program, EC-Council will provide greater emphasis on executive mentorship, networking, and access to senior leaders to encourage growth and development from managers to executives as our associates earn the required experience to eventually achieve the full C|CISO designation.
Application processing time varies due to the fact that part of the process involves reaching out to verifiers indicated by the applicants as able to verify their experience. In order to speed up this process, applicants can assist the application processing team by reaching out to their verifiers to ensure they have received the required forms from EC-Council and understand what is required. Applications from students in EC-Council Authorized Training are prioritized and expedited in order to ensure testing can occur at the time of the class if the student desires.
The five CCISO Domains are:
No! In most high-level information security management jobs, each of the 5 C|CISO Domains is part of each day. The five years can and usually do overlap.
No! If you do not meet the minimum requirements for the CC|SO Exam, that doesn’t mean you can’t take training. Anyone can take the CC|SO course, but only those who qualify to take the CC|SO Exam will be issued an exam voucher. Students who do not have the years required can take the EC council Associate C|CISO exam after C|CISO training.
You can take our assessment exam! Test Your Knowledge Here!
See what our students say about their experiences and how earning C|CISO certification has impacted their careers.
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields
"*" indicates required fields