search3
    How to become a CCISO?
    Latest Tech news Right in

    YOUR INBOX!

    Receive News Alerts, Special Info and other offers!
    We Respect your Privacy. Your Information will not be shared.

    How to become a CCISO?

    380
    Samarth Garg | Dec 08, 2021 | 1806 Views | 0 Comments
    How to become a CCISO?

    A Certified Chief Information Security Officer is addressed as CCISO. This is one of the many Cyber security certifications accredited by EC-Council.


    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security certifications body, operating in 145 countries globally Owners and developers of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), Licensed Penetration Testing (Practical) programs, among other Information security certifications. They’ve trained and certified over 200,000 information security professionals globally.


    Data is the new and the oil of the future. Just like oil is stored in tankers, data is stored in servers. And manning those tankers are Certified Chief Information Security Officer.


    As cyberspace started to expand, and machines became more complex, the risk of data getting stolen, manipulated, and misused started increasing. An international attempt at hacking one of the world’s biggest companies and an individual’s 6-month interview process gave birth to the legend of Steve Katz, perhaps the world’s first Chief Information Security Officer for more than 27 years on a CCISO’s job description. Below are points from the pioneer and his descendants.


    • Security operations: Company’s firewalls, entry points, databases, and other internal online environments are managed by them, real-time. In times of a problem, it is expected that they classify the risk, diagnose, and ultimately solve it as soon as possible while ensuring the loss is minimal.
    • Cyber Risk and cyber intelligence: A CCISO is expected to be aware of new threats and other developments in cyberspace before anyone else in the organization and share them with colleagues and management as soon as possible.
    • Data loss and fraud prevention: We live in a world where hiring, resigning, and firing have become routine and continue simultaneously. CCISOs and their subordinates are a company"s virtual vigilance departments. They also must watch for employees and ex-employees leaking out sensitive and false information.
    • Security architecture: Segmenting networks, use of firewalls, penetration testers, ethical hackers, and their volume and place are decided by CCISOs.
    • Identity and access management: Giving employees usernames and passwords, determining who gets access to which tools, and how quickly those are withdrawn when their employment ceases to exist are determined by CCISOs.
    • Program management: Some security professionals don’t have reputed Information security certifications, but their security management skills are better than those with them. Measuring risks, gathering intelligence, and knowing data direction, building, and managing new cybersecurity projects and systems, like patching systems are also what CCISOs and their team do.
    • Investigations and forensics: As shared above, CCISOs are the unofficial vigilance officers of their company. If and when the situation arises, they are expected to work with outside law enforcement agencies, consulting firms, government agencies to conduct forensic investigations and make employees understand the risk of being on the wrong side of company policies and law in this domain.
    • Governance: Last but not least and related to the above point. Cybersecurity too costs money. There are products as per various budgets in the market. Not all members in boardrooms understand, say the risk from phishing attacks and how to deal with them individually sometimes. Regulatory frameworks too, keep evolving. CCISOs help here as well.

    • Now that we’ve read about the job’s responsibilities, let’s now see what’s needed to CISO certification:


      • Preferably a master’s or higher degree in security or computer science.
      • Be a technical expert
      • At Least 10 years of experience in managing information security and technology within a company.
      • Minimum 5 years in each of the 5 domains of CCISO shared below.
      • Great interpersonal, verbal, and written communication skills
      • Understanding of an electronic and site security environment.
      • Solid understanding of the organization’s business needs
      • Have leadership skills, especially the vocabulary and conduct to deal with boardrooms.

      Waivers under different domains of CCISO certification:


      1. Governance, [Policy, Legal and Compliance]

      Professional Certification Waivers- CGEIT, CRISC, HISP

      Other qualifications- Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years

      1. IS Management Controls and Auditing Management

      Professional Certification Waivers- CISA, CISM, HISP

      Other qualifications- Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years

      1. Security Program Management and Operations

      Professional Certification Waivers- PMP, ITIL, PM in IT Security, HISP

      CISSP, LPT, E|DRP, CIPP, MBCP – 2 years

      Other qualifications- Ph.D. Information Security – 3 years, MS Information Security or MS Project Management – 2 years, BS Information Security – 2 years

      1. Information Security Core Concepts

      Professional Certification Waivers- CISSP, LPT, E|DRP, CIPP, MBCP – 2 years

      Other qualifications- Ph.D. Information Security – 3 years, MS Information Security – 2 years, BS Information Security – 2 years

      1. Strategic Planning Finance and Vendor Management

      Professional- None

      Other qualifications- CPA, MBA, M. Fin. – 3 years


      CCISO Certification Training Exam Syllabus:


      Topic 1- Governance, Risk, Compliance

      • Governance
      • Risk Management
      • Compliance

      Topic 2- Information Security Controls and Audit Management

      • Information Security Management Controls
      • Audit Management

      Topic 3- Security Program Management & Operations

      • Security Program Management
      • Security Program Operations

      Topic 4- Information Security Core Competencies

      • Access Control
      • Social Engineering, Phishing Attacks, Identity Theft
      • Physical Security
      • Disaster Recovery and Business Continuity Planning
      • Firewall, IDS/IPS, and Network Defense Systems
      • Wireless Security
      • Encryption Technologies
      • OS Hardening
      • Vulnerability Assessment and Penetration Testing
      • Develop a plan to identify a potential security violation and take appropriate action to report the incident
      • Threat Management
      • Incident Response and Computer Forensics
      • Secure Coding, Best Practices and Securing Web Applications
      • Virus, Trojans, Malware, and other Malicious Code Threats

      Topic 5- Strategic Planning, Finance, Procurement, and Third-Party Management

      • Finance
      • Third-Party Management
      • Strategic Planning

      Even CISO certification has a Credential Renewal Policy:


      • License is valid for 3 years
      • 120 EC- Council Continuing Education Credits must be earned within a 3-years period
      • An annual renewal fee of $100 must be submitted.
      • Credits can be earned in many ways like writing research papers, attending seminars and conferences,
      • Failure to meet the certification within the 3-years period shall result in the suspension of it for 1 year.
      • If the certification maintenance requirements are not met within the suspension period, CCISO period will become invalid.

      A good place to get this accreditation is Mercury Solutions Limited. Reasons:


      • More than 10 years of experience possessed by trainers
      • Facility to view classes recorded
      • More than 10, 60, 000 hours of sessions delivered
      • 40,000+ professionals’ trust
      • New Jersey, Dubai, Bengaluru, Pune, Gurugram- some of our locations.

      CCISO-certification

    Possible areas in which courses can be done post CCISO Training:

    • Master of Science in Computer Security
    • Digital Forensics
    • Digital Security

    Enroll yourself in this course to be the digital chief of your company’s security.


    This content is brought to you by Mercury Solutions Limited, one of the best IT Training Company in India. Mehar Ahluwalia, the founder, with a vision of making the professionals’ career more fulfilling, is dedicated to delivering world-class IT Training programs and Certifications to the global participants.
    Tags : cciso certification training, certified chief information security officer training, ciso training
     

    Mercury Solutions Ltd. https://bit.ly/2H3ANjF is rated 4.6 stars by www.facebook.com/mercurysol based on 18 reviews.