Certified Chief Information Security Officer (C CISO)

• Principles of information security management and governance
• Advanced business acumen for cybersecurity leaders
• Cross-functional technical expertise across IT environments
• Strategic security portfolio management and policy planning
• Financial oversight and budgeting within cybersecurity initiatives

• Domain 1: Governance and Risk Management
• Domain 2: Information Security Controls, Compliance and Audit Management
• Domain 3: Security Program Management & Operations
• Domain 4: Information Security Core Competencies
• Domain 5: Strategic Planning, Finance, Procurement, and Third-Party Management

C|CISO Eligibility Criteria

• Must have 5 years of experience in each of the 5 C|CISO domains to take the exam without training.
• Candidates who complete the official C|CISO training need 5 years of experience in any 3 of the 5 domains to qualify for the exam.

Associate C|CISO Eligibility Criteria

• Suitable for professionals with 2+ years of experience in at least 1 C|CISO domain.
• Also open to those who hold CISSP, CISM, or CISA certifications.
• OR, academic students enrolled with an EC-Council Academia Partner, who have:
  • Completed 30+ post-secondary credit hours, and
  • Taken an official C|CISO Academia Series course.

To earn the Certified Chief Information Security Officer (C|CISO) certification, candidates must successfully pass a rigorous exam that assesses their expertise across all five C|CISO domains—regardless of prior experience in any specific area.

• 📌 Format: 150 multiple-choice questions
• ⏱️ Duration: 2.5 hours (150 minutes)

The exam is designed to evaluate your readiness to perform as a top-tier information security executive. It assesses knowledge at three advanced cognitive levels:

Level 1 – Knowledge
Focuses on the recall of information such as definitions, frameworks, and standards.

• Tests basic conceptual understanding
• Often used for straightforward fact-based questions
• Lowest cognitive level, typically used sparingly in advanced certifications

Level 2 – Application
Measures the ability to apply knowledge to real-world situations.

• Tests how well candidates can implement concepts, not just recognize them
• Often includes scenario-based questions requiring proper context understanding
• A core focus of executive-level decision-making

Level 3 – Analysis
Evaluates high-level problem-solving and analytical thinking.

• Test the ability to evaluate scenarios, weigh options, and recommend solutions
• Goes beyond applying a concept—asks how it can be adapted under specific constraints
• Most reflective of CISO-level responsibilities