EC-Council raises the bar again for information security leadership training and certification programs with the Certified Chief Information Security Officer (CCISO) v3 program, bringing in experience and innovation to train future cybersecurity leaders. In order to meet the rising demands of the industry across the world, the program now includes sections on GDPR, an enhanced focus on risk management frameworks including NIST, TARA, OCTAVE, FAIR, COBIT, and ITIL, an emphasis on vendor management and contract management, step-by-step instructions on building and maturing a security program, and a CISO-level view of transformative technologies like artificial intelligence, augmented reality, autonomous SOCs, dynamic deception, and more!
The CCISO Body of Knowledge focuses on five domains required for a C-Level position — governance and risk management, information security controls, compliance, and audit management, security program management and operations, information security core concepts, and strategic planning, finance, procurement, and vendor management. However, the new CCISO v3 program would be incomplete without an interactive aspect.
What’s New in CCISO v3
- New sections covering GDPR
CISOs serve as the establishers, enablers, and enforcers of a comprehensive GDPR program in collaboration with CIO. The program is backed by robust technical controls. The latest version of CCISO is equipped with independent modules on GDPR that would enable qualified CISOs to align security policies with GDPR and other regulatory norms.
- More emphasis on Vendor Management
CISOs asses the security risk information of the vendors who have been shortlisted by the management. The vendor management section gives an elaborative approach on effective vendor selection process, which would give a clear understanding of the kind of information to be exchanged between the management and the vendor.
- Deep dive into Contract Management
The new version of CCISO gives insightful learning on contract management. Contract management creates, executes, and maximize the operational and financial performance of the organization and it turns out to be the responsibility of a CISO in assessing and covering the risks involved.
- Step-by-step instructions on building and maturing a Security Program
Making a security plan from the beginning and leading it till maturity, involves many steps that every CISO should be aware of. The new version of CCISO guides aspiring CISOs on the step-by-step process that a CISO shall ensure to implement for successful completion of the security program.
- A CISO-level view of transformative technologies like Artificial Intelligence, Augmented Reality, Autonomous SOCs, Dynamic Deception, and more
Transformative technologies are a more new-term reality that is dynamically emerging in the global market of manufacturing. Technologies like Artificial Intelligence, Autonomous SOCs, Augmented Reality, etc. are challenging information security norms and a CISO’s perspective would enable exploiting them to the highest benefit of the businesses.
- Strategic planning deep dives
The updated version of CCISO concentrates on strategic security planning in alignment with business objectives. CISOs are bound to assess the various strategic plans in terms of risk management framework before the actual plan is developed. Their assessment shifts the organization from the current state of security to the future state of security.
- Introducing War Games
The CCISO v3 live-classes will now be interactive sessions where the instructor will lead “war games,” which mimic what happens during a breach. This scenario-based learning will encapsulate all the aspects of what the candidate had learned, reinforcing the content.
CCISO in the Market
In early 2019, CCISO was added to the DoD 8140 (formerly 8570) Directive as a recognized certification for DoD IAM Level II , IAM Level III , and CSSP Manager . This represents hundreds of thousands of potential government clients.
The CCISO is also a recognized qualifying certification for three occupation titles representing 20 master-level job roles in the U.S. Navy, four occupation titles representing 9 job roles in the U.S. Marine Corps, and four occupation titles representing four job roles in the U.S. Army.
The five CCISO domains have been mapped in alignment to the NICE Cybersecurity Workforce Framework (NCWF), a national resource that categorizes and describes cybersecurity work, listing common sets of duties and skills needed to perform specific tasks.
The CCISO program is an American National Standards Institute (ANSI) accredited program and a GCHQ Certified Training (GCT) that has helped train top security professionals from IBM, Homeland Security, First Federal Bank, U.S. Army, G.E., Mitsubishi , Dell, TCS, KFC, Mastercard, Reliance, Ocean Bank, Deutsche Bank, and many more in the past.
Marco Galli, Founder and Owner, Cyberwhat called the program
“the pinnacle of any information security professional.”