CCISO – Chief Information Security Officer

CCISO Certified Chief Information Security Officer Course prepares professionals for the CCISO® exam from EC-Council, through an executive and practical review of the 5 domains of the programme. The training strengthens leadership, management and decision-making to direct security programmes aligned with business objectives.

Register
Companies: request a proposal

Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and models· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration

Upcoming dates

Public dates on the website.
Synchronous, live training. Interaction with the trainer and the group.

25 May 2026
Live Online • next edition
7 September
Live Online • base price
Duration: 5 days / 40h
Language: available in Portuguese or English
Training: leadership and management of security programmes
Exam: 2h30 (150 questions) • exam included
EXCELLENCE and LEADERSHIP Level — technical authority and leadership in governance.

Why this course exists

To accelerate the transition from technical and middle-management roles to executive responsibilities in security, with language, method and decisions aligned with the business.

In many organisations, security “exists”, but fails when it reaches the executive level: incoherent governance, prioritisation without criteria, control and audit with insufficient evidence, programme management without metrics and sponsorship, and strategic planning disconnected from budget, procurement and third parties.

The CCISO course was designed to reduce this gap: transforming technical knowledge into executive capability to lead security in a strategic, measurable and defensible way.

What this course enables you to do

Structure governance and compliance

Define and maintain a security governance programme aligned with organisational objectives, policies and legal/regulatory requirements.

Design controls and manage audit

Implement and monitor controls, metrics and evidence, supporting audits and continuous improvement based on risk.

Manage programme and operations

Plan and execute a security programme (scope, team, budget, reporting), with stakeholder and performance management.

Decide with strategy, finance and third parties

Translate security into priorities, investment and procurement, integrating supplier/third-party management and associated risk.

Frameworks, models and structures addressed throughout the course

GRC — Governance, Risk & Compliance
Control and evidence for audit
Security programme management
Security metrics and KPIs
Stakeholder management and executive reporting
Strategic security planning
Finance, budgeting and ROI in security
Procurement and third-party management
Preparation for CCISO®

Value for the organisation

  • More consistent decision-making: prioritisation and governance with clear criteria and executive language.
  • Better ability to defend investment (metrics, ROI and risk framing).
  • Greater maturity of controls and evidence for audit and compliance.
  • Improved effectiveness in programme management (team, suppliers, execution and reporting).

Introduction

The CCISO course is a professional training course oriented towards executive leadership in cybersecurity, intended for professionals who wish to take the CCISO® exam from EC-Council.

The programme was designed for professionals who need to think and act as a CISO: govern, prioritise, measure, justify and communicate security in terms of risk, costs, impact and business objectives.

The curriculum covers the 5 CCISO domains: Governance, Risk, Compliance; Information Security Controls and Audit Management; Security Program Management and Operations; Information Security Core Competencies; and Strategic Planning, Finance, Procurement, and Third-Party Management.

This Training Plan and all associated documents are protected by Copyright and registered by EC-COUNCIL®.

General Objectives

At the end of the course, trainees should be able to:

  • Define and maintain a security governance programme aligned with organisational objectives, structures and policies.
  • Design, implement and monitor controls with supported metrics and evidence, including support for audits.
  • Plan and manage a security programme with scope, budget, resources, reporting and stakeholder management.
  • Apply core security competencies to support decisions and guide technical and non-technical teams.
  • Build strategic planning, manage finance, procurement and third parties, integrating risk and business priorities.

Target Audience

  • Current CISOs and professionals transitioning to executive security roles.
  • Information Security Officers, Managers and leaders of security teams.
  • Managers from related areas: IT/Networks, Risk, Audit, Compliance and Governance.
  • Professionals with consolidated technical experience who need to strengthen executive capability (management, metrics, budget and decision-making).

Prerequisites

A minimum of 5 years of experience or exposure to information security, governance, risk management, compliance and IT operations contexts is recommended, including familiarity with ISMS concepts and with the structure of ISO standards.

In addition, other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please consult the proposal).

Programme

CCISO domains (structured review)
  1. Domain 1: Governance, Risk, Compliance
  2. Domain 2: Information Security Controls and Audit Management
  3. Domain 3: Security Program Management and Operations
  4. Domain 4: Information Security Core Competencies
  5. Domain 5: Strategic Planning, Finance, Procurement, and Third-Party Management
Executive integration (application and decision-making)
  • Translation of risk and controls into metrics, reporting and executive decision-making
  • Integration of budget, procurement and third parties into the governance cycle
  • Preparation oriented to the format and logic of the CCISO® exam

Exam(s) and Certification

Exam “CCISO®”

Format: Multiple Choice.
Number of questions: 150.
Duration: 2 hours and 30 minutes.
Pass mark: 72% (according to the course reference).
Scheduling: typically up to 11 months after the training (according to the programme conditions).
Mode: online proctored (according to the exam conditions).
Issuing entity: EC-Council

Certification (requirements)

To obtain the CCISO® certification, the candidate must pass the exam and meet the formal requirements of the programme, including experience validation (where applicable) under EC-Council terms.

Other Information

General Information
  • Training in Portuguese or English.
  • Training materials in English, with online access for 1 year, as indicated by EC-COUNCIL.
  • Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits.
  • EC-COUNCIL digital Training Certificate.
  • CCISO® online exam. Voucher valid for 11 months.
Trainer(s)
Trainers certified by EC-Council, with experience in leadership and management roles in cybersecurity, and with a practical framework oriented to executive decision-making.

Benefits

View benefits
  • Strengthening of executive competencies to lead security programmes (governance, metrics, reporting and decision-making).
  • Capability to design and manage controls with supported evidence and alignment with audit and compliance.
  • Improvement in the articulation between security, budget, procurement and third-party management.
  • Solid preparation for the CCISO® exam with domain structure and assessment logic.
  • Focus on communicating security in business language (risk, cost, impact and priorities).

Logistics

Useful information
  • Live Online (business hours): 09:15–17:30 (Lisbon, Portugal time, UTC+0), with lunch break and short breaks.
  • Live Online (after hours): 18:15–21:45 (Lisbon, Portugal time, UTC+0), with a short break.
  • 35 hours of synchronous training, distributed across 5 consecutive days
  • Estimated 5 hours of guided autonomous work, intended for content consolidation, carried out flexibly and outside the synchronous sessions
  • Requirements: computer with stable internet, browser, PDF reader, audio/video.
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to the most common questions about the CCISO course and its professional framework.

Is this CCISO course more executive than technical? What does that mean in practice?
Yes. The training focuses on governance, management and decision-making: how to structure a security programme, define risk-based priorities, establish metrics and reporting, support audit and controls, and align security with budget, procurement and third parties. Technical concepts exist as a foundation, but the objective is to strengthen executive capability.
Is it suitable for professionals coming from technical roles who want to move into leadership?
Yes. It is especially useful for professionals with a technical background who need to consolidate the transition to leadership responsibilities: programme management, governance, communication with management and decision-making based on risk, impact and viability criteria.
Which roles/profiles benefit most from this course?
Leadership and management profiles in security and adjacent areas: CISO (current or in transition), Information Security Officer/Manager, GRC and Compliance, Risk Management, Audit and Control, leaders of security operations and IT managers with responsibility for security-related decision-making and prioritisation.
Which should I choose first: the CCISO course or CISSP®/CISM®?
It depends on the objective. If the priority is to strengthen a broad cybersecurity foundation and terminology, CISSP® may be a first step. If the priority is to assume (or accelerate) executive responsibilities, governance, programme management, metrics, budget, procurement and third parties, then CCISO® is the more direct path. CISM® tends to position itself between management and governance; CCISO® is more focused on the executive role.
Can I attend the course if I do not yet have 5 years of experience?
Yes. There are no mandatory formal prerequisites to attend the training. Experience or exposure to information security, governance, risk, compliance and IT operations contexts is recommended, in order to maximise learning and accelerate preparation for the included exam. However, for the exam/certification, eligibility depends on the formal requirements of the programme. Where applicable, there may be an Associate option for candidates without the full experience, allowing transition to full certification after meeting the requirements.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.

Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.

Request Proposal