Certified Chief Information Security Officer (CCISO)

1 - DOMAIN 1 – GOVERNANCE (POLICY, LEGAL, AND COMPLIANCE)

• Information Security Management Program
• Defining an Information Security Governance Program
• Regulatory and Legal Compliance
• Risk Management

2 - IS MANAGEMENT CONTROLS AND AUDITING MANAGEMENT

• Designing, deploying, and managing security controls
• Understanding security controls types and objectives
• Implementing control assurance frameworks
• Understanding the audit management process

3 - DOMAIN 3 OF THE C|CISO PROGRAM COVERS THE DAY-TO-DAY RESPONSIBILITIES OF A CISO, INCLUDING

• The role of the CISO
• Information Security Projects
• Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)

4 - DOMAIN 4 OF THE CCISO PROGRAM COVERS, FROM AN EXECUTIVE PERSPECTIVE, THE TECHNICAL ASPECTS OF THE CISO JOB INCLUDING:

• Access Controls
• Physical Security
• Disaster Recovery and Business Continuity Planning
• Network Security
• Threat and Vulnerability Management
• Application Security
• System Security
• Encryption
• Vulnerability Assessments and Penetration Testing
• Computer Forensics and Incident Response

5 - DOMAIN 5 OF THE CCISO PROGRAM IS CONCERNED WITH THE AREA WITH WHICH MANY MORE TECHNICALLY INCLINED PROFESSIONALS MAY HAVE THE LEAST EXPERIENCE, INCLUDING:

• Security Strategic Planning
• Alignment with business goals and risk tolerance
• Security emerging trends
• Key Performance Indicators (KPI)
• Financial Planning
• Development of business cases for security
• Analyzing, forecasting, and developing a capital expense budget
• Analyzing, forecasting, and developing an operating expense budget
• Return on Investment (ROI) and cost-benefit analysis
• Vendor management
• Integrating security requirements into the contractual agreement and procurement process
• Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.