Certified Chief Information Security Officer – CCISO course online

Attain CCISO and advance your career in the field of cyber security by taking the leader ship role in cyber security for a business. 

The reasons are clear. The CCISO MastersClass course prepares you to gain knowledge to lead as an executive in cyber security role for a business. We don’t stop here. The CCISO MastersClass includes Risk and Project Management classes via online learning. This enables you to learn Risk and Project Management at your own pace. At the end you’ll have combined technical expertise in cyber security along with risk and project management skills to drive business objectives and goals forward.

Certified Chief Information Security Officer CCISO

The CCISO MasterClass has been developed by industry experience professionals to help you learn the skills you need to lead as an executive in cyber-security.

CCISO Masters class also include on-demand Risk and Project Management videos learning

CCISO (4-day live instructor online course) + Risk Management (via video learning) + Project Management (via video learning)

Get prepared to take on cyber security executive role for the business

› 5 cyber security domains covered:

Domain 1: Governance and Risk Management

Domain 2: Information Security Controls, Compliance, and Audit Management

Domain 3: Security Program Management & Operations

Domain 4: Information Security Core Competencies

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

Course is designed for individual wanting to take on leadership roles in cyber security for a business

Combined with Risk and Project Management skills, CCISO is well positioned with skills to deliver cyber security for a business while keeping inline the business drivers

Experienced cyber security professionals can advance their careers and learning.


The student is required to have 5 years of multi disciplinary cybersecurity experience.  This presests a well round experience to be applied to 5 core domains

The course is taught online via live instructor virtual classroom.

e-Course material (1 year) and labs (6 months) are available to students after the boot camp is completed for continued learning.

The course is taught by ECCOUNCIL Certified Instructors.

Instructor BIO is available upon request.

Come learn from our industry experienced instructors!

Course date:

Feb 21 – 25, 2022

April 25 – 29, 2022

June 13 – 17, 2022

TIME: Mon – Fri, 10am – 6pm EST

Learning Method: Live online + Self paced

Details below

iLearn – Self paced online course – $3490usd

iClass – Live instructor online course – $3499usd

Achieving the CCISO Certification Credential

Number of Questions: 150
Test Duration: 2.5 Hours
Test Format: Multiple Choice
Test Delivery: ECC EXAM, VUE
Exam Prefix: Contact us to register for exam
Passing Score: Please refer to https://cert.eccouncil.org/faq.html

CCISO MasterClass Executive Management Program – Key Features

› Virtual class: 4 day live instructor boot camp course

› Course material: e-courseware for 1 year

› Exam Pass Guarantee:  You’ll pass, but just incase,  1 retake free!

› Remote protector exam voucher: Take the exam remotely

› Risk Management: iLearn self paced course included

› Project Management: iLearn self paced course included

› EC-Council ATC: Accredited Training Centre of EC-Council

Watch CCISO Executive Management Program  videos:

Meet the CCISO instructor

What students are saying

CCISO - meet your instructor

CCISO - What students are saying

CCISO course topics – 5 domains covered

Domain 1: Governance and Risk Management

1. Define, Implement, Manage, and Maintain an Information Security Governance Program

1.1. Form of Business Organization

1.2. Industry

1.3. Organizational Maturity

2. Information Security Drivers

3. Establishing an information security management structure

3.1. Organizational Structure

3.2. Where does the CISO fit within the organizational structure

3.3. The Executive CISO

3.4. Nonexecutive CISO

4. Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures

5. Managing an enterprise information security compliance program

5.1. Security Policy

5.1.1. Necessity of a Security Policy

5.1.2. Security Policy Challenges

5.2. Policy Content

5.2.1. Types of Policies

5.2.2. Policy Implementation

5.3. Reporting Structure

5.4. Standards and best practices

5.5. Leadership and Ethics

5.6. EC-Council Code of Ethics

6. Introduction to Risk Management

6.1. Organizational Structure

6.2. Where does the CISO fit within the organizational structure

6.3. The Executive CISO

6.4. Nonexecutive CISO

Domain 2: Information Security Controls, Compliance, and Audit Management

1. Information Security Controls

1.1. Identifying the Organization’s Information Security Needs

1.1.1. Identifying the Optimum Information Security Framework

1.1.2. Designing Security Controls

1.1.3. Control Lifecycle Management

1.1.4. Control Classification

1.1.5. Control Selection and Implementation

1.1.6. Control Catalog

1.1.7. Control Maturity

1.1.8. Monitoring Security Controls

1.1.9. Remediating Control Deficiencies

1.1.10. Maintaining Security Controls

1.1.11. Reporting Controls

1.1.12. Information Security Service Catalog

2. Compliance Management

2.1. Acts, Laws, and Statutes

2.1.1. FISMA

2.2. Regulations

2.2.1. GDPR

2.3. Standards

2.3.1. ASD—Information Security Manual

2.3.2. Basel III

2.3.3. FFIEC

2.3.4. ISO 00 Family of Standards

2.3.5. NERC-CIP

2.3.6. PCI DSS

2.3.7. NIST Special Publications

2.3.8. Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

3. Guidelines, Good and Best Practices

3.1. CIS

3.1.1. OWASP

4. Audit Management

4.1. Audit Expectations and Outcomes

4.2. IS Audit Practices

4.2.1. ISO/IEC Audit Guidance

4.2.2. Internal versus External Audits

4.2.3. Partnering with the Audit Organization

4.2.4. Audit Process

4.2.5. General Audit Standards

4.2.6. Compliance-Based Audits

4.2.7. Risk-Based Audits

4.2.8. Managing and Protecting Audit Documentation

4.2.9. Performing an Audit

4.2.10. Evaluating Audit Results and Report

4.2.11. Remediating Audit Findings

4.2.12. Leverage GRC Software to Support Audits

Domain 3: Security Program Management & Operations

1. Program Management

1.1. Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies

1.1.1. Security Program Charter

1.1.2. Security Program Objectives

1.1.3. Security Program Requirements

1.1.4. Security Program Stakeholders

1.1.5. Security Program Strategy Development

1.2. Executing an Information Security Program

1.3. Defining and Developing, Managing and Monitoring the Information Security Program

1.3.1. Defining an Information Security Program Budget

1.3.2. Developing an Information Security Program Budget

1.3.3. Managing an Information Security Program Budget

1.3.4. Monitoring an Information Security Program Budget

1.4. Defining and Developing Information Security Program Staffing Requirements

1.5. Managing the People of a Security Program

1.5.1. Resolving Personnel and Teamwork Issues

1.5.2. Managing Training and Certification of Security Team Members

1.5.3. Clearly Defined Career Path

1.5.4. Designing and Implementing a User Awareness Program

1.6. Managing the Architecture and Roadmap of the Security Program

1.6.1. Information Security Program Architecture

1.6.2. Information Security Program Roadmap

1.7. Program Management and Governance

1.7.1. Understanding Project Management Practices

1.7.2. Identifying and Managing Project Stakeholders

1.7.3. Measuring the Effectives of Projects

1.8. Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)

1.9. Data Backup and Recovery

1.10. Backup Strategy

1.11. ISO BCM Standards

1.11.1. Business Continuity Management (BCM)

1.11.2. Disaster Recovery Planning (DRP)

1.12. Continuity of Security Operations

1.12.1. Integrating the Confidentiality, Integrity and Availability (CIA) Model

1.13. BCM Plan Testing

1.14. DRP Testing

1.15. Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)

1.16. Computer Incident Response

1.16.1. Incident Response Tools

1.16.2. Incident Response Management

1.16.3. Incident Response Communications

1.16.4. Post-Incident Analysis

1.16.5. Testing Incident Response Procedures

1.17. Digital Forensics

1.17.1. Crisis Management

1.17.2. Digital Forensics Life Cycle

2. Operations Management

2.1. Establishing and Operating a Security Operations (SecOps) Capability

2.2. Security Monitoring and Security Information and Event Management (SIEM)

2.3. Event Management

2.4. Incident Response Model

2.4.1. Developing Specific Incident Response Scenarios

2.5. Threat Management

2.6. Threat Intelligence

2.6.1. Information Sharing and Analysis Centers (ISAC)

2.7. Vulnerability Management

2.7.1. Vulnerability Assessments

2.7.2. Vulnerability Management in Practice

2.7.3. Penetration Testing

2.7.4. Security Testing Teams

2.7.5. Remediation

2.8. Threat Hunting

Domain 4: Information Security Core Competencies

1. Access Control

1.1. Authentication, Authorization, and Auditing

1.2. Authentication

1.3. Authorization

1.4. Auditing

1.5. User Access Control Restrictions

1.6. User Access Behavior Management

1.7. Types of Access Control Models

1.8. Designing an Access Control Plan

1.9. Access Administration

2. Physical Security

2.1. Designing, Implementing, and Managing Physical Security Program

2.1.1. Physical Risk Assessment

2.2. Physical Location Considerations

2.3. Obstacles and Prevention

2.4. Secure Facility Design

2.4.1. Security Operations Center

2.4.2. Sensitive Compartmented Information Facility

2.4.3. Digital Forensics Lab

2.4.4. Datacenter

2.5. Preparing for Physical Security Audits

3. Network Security

3.1. Network Security Assessments and Planning

3.2. Network Security Architecture Challenges

3.3. Network Security Design

3.4. Network Standards, Protocols, and Controls

3.4.1. Network Security Standards

3.4.2. Protocols

4. Certified Chief

4.1.1. Network Security Controls

4.2. Wireless (Wi-Fi) Security

4.2.1. Wireless Risks

4.2.2. Wireless Controls

4.3. Voice over IP Security

5. Endpoint Protection

5.1. Endpoint Threats

5.2. Endpoint Vulnerabilities

5.3. End User Security Awareness

5.4. Endpoint Device Hardening

5.5. Endpoint Device Logging

5.6. Mobile Device Security

5.6.1. Mobile Device Risks

5.6.2. Mobile Device Security Controls

5.7. Internet of Things Security (IoT)

5.7.1. Protecting IoT Devices

6. Application Security

6.1. Secure SDLC Model

6.2. Separation of Development, Test, and Production Environments

6.3. Application Security Testing Approaches

6.4. DevSecOps

6.5. Waterfall Methodology and Security

6.6. Agile Methodology and Security

6.7. Other Application Development Approaches

6.8. Application Hardening

6.9. Application Security Technologies

6.10. Version Control and Patch Management

6.11. Database Security

6.12. Database Hardening

6.13. Secure Coding Practices

7. Encryption Technologies

7.1. Encryption and Decryption

7.2. Cryptosystems

7.2.1. Blockchain

7.2.2. Digital Signatures and Certificates

7.2.3. PKI

7.2.4. Key Management

7.3. Hashing

7.4. Encryption Algorithms

7.5. Encryption Strategy Development

7.5.1. Determining Critical Data Location and Type

7.5.2. Deciding What to Encrypt

7.5.3. Determining Encryption Requirements

7.5.4. Selecting, Integrating, and Managing Encryption Technologies

8. Virtualization Security

8.1. Virtualization Overview

8.2. Virtualization Risks

8.3. Virtualization Security Concerns

8.4. Virtualization Security Controls

8.5. Virtualization Security Reference Model

9. Cloud Computing Security

9.1. Overview of Cloud Computing

9.2. Security and Resiliency Cloud Services

9.3. Cloud Security Concerns

9.4. Cloud Security Controls

9.5. Cloud Computing Protection Considerations

10. Transformative Technologies

10.1. Artificial Intelligence

10.2. Augmented Reality

10.3. Autonomous SOC

10.4. Dynamic Deception

10.5. Software-Defined Cybersecurity

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

1. Strategic Planning

1.1. Understanding the Organization

1.1.1. Understanding the Business Structure

1.1.2. Determining and Aligning Business and Information Security Goals

1.1.3. Identifying Key Sponsors, Stakeholders, and Influencers

1.1.4. Understanding Organizational Financials

1.2. Creating an Information Security Strategic Plan

1.2.1. Strategic Planning Basics

1.2.2. Alignment to Organizational Strategy and Goals

1.2.3. Defining Tactical Short, Medium, and Long-Term Information Security Goals

1.2.4. Information Security Strategy Communication

1.2.5. Creating a Culture of Security

2. Designing, Developing, and Maintaining an Enterprise Information Security Program

2.1. Ensuring a Sound Program Foundation

2.2. Architectural Views

2.3. Creating Measurements and Metrics

2.4. Balanced Scorecard

2.5. Continuous Monitoring and Reporting Outcomes

2.6. Continuous Improvement

2.7. Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)

3. Understanding the Enterprise Architecture (EA)

3.1. EA Types

3.1.1. The Zachman Framework

3.1.2. The Open Group Architecture Framework (TOGAF)

3.1.3. Sherwood Applied Business Security Architecture (SABSA)

3.1.4. Federal Enterprise Architecture Framework (FEAF)

4. Finance

4.1. Understanding Security Program Funding

4.2. Analyzing, Forecasting, and Developing a Security Budget

4.2.1. Resource Requirements

4.2.2. Define Financial Metrics

4.2.3. Technology Refresh

4.2.4. New Project Funding

4.2.5. Contingency Funding

4.3. Managing the information Security Budget

4.3.1. Obtain Financial Resources

4.3.2. Allocate Financial Resources

4.3.3. Monitor and Oversight of Information Security Budget

4.3.4. Report Metrics to Sponsors and Stakeholders

4.3.5. Balancing the Information Security Budget

5. Procurement

5.1. Procurement Program Terms and Concepts

5.1.1. Statement of Objectives (SOO)

5.1.2. Statement of Work (SOW)

5.1.3. Total Cost of Ownership (TCO)

5.1.4. Request for Information (RFI)

5.1.5. Request for Proposal (RFP)

5.1.6. Master Service Agreement (MSA)

5.1.7. Service Level Agreement (SLA)

5.1.8. Terms and Conditions (T&C)

5.2. Understanding the Organization’s Procurement Program

5.2.1. Internal Policies, Processes, and Requirements

5.2.2. External or Regulatory Requirements

5.2.3. Local Versus Global Requirements

5.3. Procurement Risk Management

5.3.1. Standard Contract Language

6. Vendor Management

6.1. Understanding the Organization’s Acquisition Policies and Procedures

6.1.1. Procurement Life cycle

6.2. Applying Cost-Benefit Analysis (CBA) During the Procurement Process5

6.3. Vendor Management Policies

6.4. Contract Administration Policies

6.4.1. Service and Contract Delivery Metrics

6.4.2. Contract Delivery Reporting

6.4.3. Change Requests

6.4.4. Contract Renewal

6.4.5. Contract Closure

6.5. Delivery Assurance

6.5.1. Validation of Meeting Contractual Requirements

6.5.2. Formal Delivery Audits

6.5.3. Periodic Random Delivery Audits

6.5.4. Third-Party Attestation Services (TPRM)

Corporate or Individual Enrollment

Course date: Anytime 

Learning Method: Self paced online

USD $3490 per seat

Corporate or Individual Enrollment

Course dates:

Feb 21 – 25,

April 25 – 29,

June 13 – 17

TIME: Mon – Fri, 10am – 6pm EST

Learning Method: Live online + Self paced

USD $3499 per seat

Where do you from here?

After you’ve completed your CCISO certification, you’re at the top of the food chain!

Where do you go from here?

As a CCISO you have all the tools necessary to take on CISO roles in businesses.


  • AT&T
  • Citibank
  • Ebay
  • Ford
  • Hewlett Packard Enterprise
  • Microsoft
  • Principal
  • PWC
  • Verizon
  • Xerox


  • US Air Force
  • US Army
  • US Navy
  • MSC
  • GI Bill
  • NICF
  • DoD
  • Committee on National Security
  • ANSI

EC-Council Accredited Training Centre

We specialize in providing cyber security services, solution, awareness and skills development. Cyber security is our mission. 

nuformat ec-council atc