Information Security Management Program
Defining an Information Security Governance Program
Regulatory and Legal Compliance
Risk Management
Designing, deploying, and managing security controls
Understanding security controls types and objectives
Implementing control assurance frameworks
Understanding the audit management process
The role of the CISO
Information Security Projects
Integration of security requirements into other operational processes (change management, version control, disaster recovery, etc.)
Access Controls
Physical Security
Disaster Recovery and Business Continuity Planning
Network Security
Threat and Vulnerability Management
Application Security
System Security
Encryption
Vulnerability Assessments and Penetration Testing
Computer Forensics and Incident Response
Security Strategic Planning
Alignment with business goals and risk tolerance
Security emerging trends
Key Performance Indicators (KPI)
Financial Planning
Development of business cases for security
Analyzing, forecasting and developing a capital expense budget
Analyzing, forecasting, and developing an operating expense budget
Return on Investment and cost-benefit analysis
Vendor Management
Integrating security requirements into the contractual agreement and procurement process

In order to sit for the CCISO exam and earn the certification, candidates must meet the basic CCISO requirements. Candidates who do not yet meet the CCISO requirements but are interested in information security management can pursue theEC-Council Information Security Management (EISM) certification.
Candidates who do not yet have 5 years of information security experience in at least 3 of the 5 CCISO Domains can still pursue a management certification to help propel their careers and put them on fast track toward obtaining the CCISO. EISM students must attend training – the same CCISO training that upper level executives attend – before attempting the EISM exam. There are no experience requirements for this exam. The courseware and training programs are exactly the same as those of the CCISO program. Imagine being able to push your new information security career forward using the same resources as seasoned professionals. That’s what the EISM program does. The EISM exam is a light version of the CCISO exam and tests the fundamentals of information security management.
The EISM Exam is based on the same bank of questions as the CCISO exam – questions written by CISOs for current and aspiring CISOs. The difference is, there are scenario-based questions that require years of on the job experience to answer on the CCISO exam. These are omitted from the EISM exam and only the basic information security management questions remain.
150 questions
2 hour time limit
Multiple choice
70% is the minimum passing score