Certified Chief Information Security Officer (CCISO) program update
EC-Council has major changes to the Certified Chief Information Security Officer (CCISO) program. As many of you know, professionals of all levels of experience and backgrounds are welcome to take the CCISO course. However, candidates that wish to attempt the CCISO certification exam specifically are required to complete the formal application process to prove their industry experience meets the CCISO qualification requirements.
- In order to qualify to sit for the CCISO Exam without taking any training, candidates must have five years of experience in each of the 5 CCISO domains verified via the Exam Eligibility Application.
- To sit for the exam after taking training, candidates must have five years of experience in three of the five CCISO Domains verified via the Exam Eligibility Application.
There are three paths to attaining the CCISO designation:
- This option is available to individuals who possess the requisite Information Security Management experience. Self study candidates must submit the Exam Eligibility Application proving they have at least five years of experience in each of the five CCISO domains. After a candidate’s application has been approved, they may purchase an exam voucher in order to take the CCISO Exam. Credit toward experience is granted in certain domains in the case of industry-accepted, professional certifications and higher degrees in information security as shown below. Between certification and training waivers, applicants can only waive 3 years of experience for each domain.
|1. Governance and Risk Management||Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years|
|2. Information Security Controls, Compliance, and Audit Management||Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years|
|3. Security Program Management & Operations||Ph.D. Information Security – 3 years, MS Information Security or MS Project Management – 2 years, BS Information Security – 2 years|
|4. Information Security Core Competencies||Ph.D. Information Security – 3 years, MS Information Security – 2 years, BS Information Security – 2 years|
|5. Strategic Planning, Finance, Procurement, and Vendor Management||CPA, MBA, M. Fin. – 3 years|
- This option is open to anyone interested in taking CCISO training. Official CCISO Training is required for applicants who do not meet the requirement for self-study (above). Once training has been completed, applicants who would like to sit for the CCISO Exam will be required to fill out and return the Exam Eligibility Application proving that in addition to the the training, they also have 5 years of IS management experience in 3 of the 5 CCISO Domains. Once that application has been approved, instructions for purchasing a Pearson VUE voucher will be issued. Applicants who do not meet these requirements have the option of sitting for the EC-Council Information Security Manager (E|ISM) exam as part of the Associate CCISO Program.
The Associate CISO Program
- This option is available to candidates who do not yet possess the required years of experience for either the self-study or training options. Associate CCISOs may sit for official CCISO training and then take and pass the EC-Council Information Security Manager (EISM) exam to enter the program at the associate level. Once the requisite years of experience have been completed, Associate CCISOs may take the full CCISO exam and earn the full certification at a discounted price.
The major change to the CCISO program, effective immediately, is that EC-Council will no longer accept certifications in lieu of experience to qualify to take the CCISO exam. However, waivers for three years per domain may still be submitted and accepted for B.S., M.S., and Ph. D. degrees in various information security areas for Domains 1-4. MBAs, M.S. degrees in finance, or CPAs may also be submitted and accepted for Domain 5. Candidates that submit their CCISO exam eligibility applications must use the current form. Older forms will no longer be accepted.
This new change was recommended by the EC-Council CCISO Advisory Board, recognizing the growing success and accomplishments of the CCISO program and network since its inception in 2011. The Board unanimously agreed that it is in the best interest of the CCISO certification credential to no longer allow qualification based on certifications without the full experience required.