Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Certified CISO
The C|CISO Program
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Introducing C|CISO
• CISO = Chief Information Security Officer
• C|CISO is NOT an entry-level program – it is intended for professionals with at least 5 years of specific industry experience
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
5 Domains
Governance (Policy, Legal, and Compliance)
IS Management Controls and Auditing Management
Management – Projects and Operations (Projects, Technology, and Operations)
Information Security Core Competencies
Strategic Planning and Finance
Introducing C|CISO
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Currently the only people who carry the CCISO designation are top level executives with titles like:
C|CISO in the Market
• AVP - Information Security
• CEO
• Chief Architect & Sr. Director Security
• CIO
• CSO
• CISO
• Department Head – IT
• Director Information Security
• Director of Information Assurance
• Director of Risk Management
• Head of Infrastructure Security
• ISO
• IT Security Officer
• Vice President, IT Governance, Risk, and Compliance
• VP, Information Security Officer
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
A Sample of Companies with CCISOs
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
C|CISO in the Market Already known as a prestigious certification in the industry:
http://www.infosecisland.com
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
The InfoSec Landscape
• The penalties for breaches are increasing and are increasingly public relation nightmares for companies.
• Regulations are growing across industries, keeping in step with the importance of data to companies’ futures.
http://www.beechermadden.co.uk
This all means that the demand for senior, business-
focused Infosec professionals is growing.
Managers need training to take on this burden.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
The Executive
Leadership Gap
There is a lack of IS professionals who have both the technical and the management expertise to do the job effectively.
http://www.csoonline.com
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
The Executive Leadership Gap
A certification that is tied to the title of
CISO helps boost the visibility of the role,
which helps the industry.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Why C|CISO?
The CCISO Program teaches aligning technical knowledge with the overall vision of a business and make information security an enhancement rather than a detriment to an organization.
Most managers in Information Security rise through the technical ranks and
must learn executive-level management, strategy, and organization skills on the job.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Why C|CISO?
HR Management
Budget Planning
Vendor Management
ROI
Audit Management
Aligning Security to the Business Goals
Working with other C-Levels
The CCISO fills these gaps by introducing concepts such as:
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Why CCISO is Unique Other programs focus on the technical aspects of information security management – CCISO assumes a high level of technical expertise and focuses on technical issues from an executive perspective.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Anyone with a CISSP is a good candidate for CCISO as there are experience requirements for CISSP as well.
CISSP used to be a distinguisher – now it’s ubiquitous so professionals are looking for a way to stand out to clients and potential employers.
Why CCISO is Unique
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Qualifying for the C|CISO Exam
In order to sit for the CCISO exam after
training, candidates must have five years of experience in at least three of the five domains (as verified by exam eligibility application sent to ECC)
Candidates who do not have the required experience or who do not fill out the application will be given a voucher for the EC-Council Information Security Manager (EISM) exam.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
The C|CISO Exam
250 Multiple Choice Questions
Available on ECC Exam Centre
4 hour time limit
Remotely available
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
→ Qualifying for the C|CISO
Exam
Candidates must fill out and return to [email protected] the Exam Eligibility application (found on ciso.eccouncil.org) to determine their eligibility
The application processing fee is waived for anyone signed up for an AUTHORISED TRAINING through one of EC-Council’s accredited training channels
This application should be submitted to EC-Council at [email protected] BEFORE sitting for training and EC-Council will distribute the vouchers directly to students to ensure each student receives the correct exam
Processing time for the eligibility application varies depending on how quickly verifiers respond. Applications from ATCs are prioritized and expedited and can take as little as one day to process.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
The C|CISO Exam
Written by practicing CISOs and based on their day-to-day challenges
Tests candidates’ knowledge of the 5 domains via extensive scenario-based questions
This forces an application of knowledge instead of a regurgitation of facts
Real-world experience is required to sit for the exam
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Information Security Manager
Candidates who pass the EISM exam earn the EISM certification
Once EISMs have accrued the required experience (5 years in 3 out of 5 domains), they can submit a new eligibility application and buy a CCISO voucher at a discount
The EISM program uses the SAME training and the SAME book as CCISO – only the exam is different
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
The EISM Exam
150 Multiple Choice Questions
Available on ECC Exam Centre
Remotely available
2 hour time limit
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
EC-Council Information Security
Manager
Benefits of EISM
CCISO training can be sold to anyone who is interested in taking it.
A voucher is included with training – just like other ECC programs
EISMs have a clear path to earning the CCISO
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
→ The C|CISO Class
• 5 days long
• Testing can be done on the
last day of class
• Can be condensed into 4 days
if necessary
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
→ The C|CISO Exam Process
Does the client have at
least five years of
experience in at least
three of the five
domains?
Yes
Submit CCISO Eligibility
Application to
at least 7 days before
testing
Take CCISO training .No
eligibility application
necessary No
Voucher will be
issued by EC-Council
to student after
training is complete
Proceed with EISM Exam
Voucher will be
issued by EC-Council
to student after
training is complete
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Who is the Client? • Information Security Managers
• Chief Information Security Officers
• Middle managers who are looking to move to the executive ranks are eager to the letters CISO next to their name – this signals to the market that they are intent on moving up and understand the challenges involved in doing so.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Who is the Client?
Average Annual Leadership Salary (CISO) : $177,024
http://www1.salary.com
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
• A HUGE potential market for CCISO:
• Information Security Consultants
• Target the large consulting firms: FishNet, Dell SecureWorks, IBM, Deloitte, PWC
• Small firms or independent consultants are hungry for ways to distinguish themselves from the pack and beat the larger companies.
Who is the Client?
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Who is the Client?
This means that most CISOs have a very good idea of the job market and are always
looking to stand out.
The average CISO changes jobs every 18 months as security breaches are inevitable and they are often the ones blamed after a catastrophe.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Who is the Client?
• Chief Information Security Officers (CISOs) or
Chief Security Officers (CSOs) are the highest ranking information security professionals at a company.
• These are coveted positions, with an 8.1%
increase in the average salary of a C(I)SO in the
last 2 years, now up to a range of $119,750 - $179,250.
http://www.itcareerfinder.com
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Additional Benefits of CCISO
This program can help you forge relationships with the decision-makers
at large companies leading to new business opportunities for the
staff of CCISOs.
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Adding CCISO to an ATC
• Instructors must:
➢ Fill out and turn in the exam eligibility application to [email protected] and be found eligible.
➢ Take CCISO Online Training (discounted for ATCs to provide to instructors)
➢ Pass the CCISO Exam (discounted vouchers for ATCs to provide to instructors)
➢ Be a CEI
➢ ECC can help match up training centers to qualified CCISOs!
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Online Training
ATCs can also resell ECC online training if qualified instructors are not available.