Chat with us, powered by LiveChat


The CCISO V2 Blueprint Update is Here!

Mar. 29, 2021

The CCISO V2 Blueprint Update is Here!

Passing an exam can be daunting, especially when it involves your career. Vendors like EC Council create blueprints to ensure that you are equipped with full knowledge of each certification they offer to pass these exams.

May 1st, 2021, EC Council will release an updated blueprint for the CCISO v2 Exam. A blueprint is essentially a study guide; a framework that breaks down each section in detail to help the candidate focus on what material needs to be memorized for that section of the exam. The blueprint also dictates how many questions in several areas of practice should go on an exam.

What About the Blueprint is Changing?

The eligibility criteria, exam duration, and exam availability remain the same for this exam, this announcement is referring to the CCISO multiple-choice section.

Three key components will be changing on the CCISO blueprint:

  1. Domain name changes.
  2. Removal and addition to key topics.
  3. New segmentation of topics among exam domains.

EC-Council Exams are provided in multiple forms. To ensure each form has equal assessment standards, cut scores are set on a "per exam form" basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

Each domain for the CCISO blueprint is now categorized in new sub-domain topics and the number of the domains remains five. The following domain name, sub-domains and weight percentages will be changed:

Domain 1: Name will change from Governance (Policy, Legal & Compliance) to Governance, Risk, Compliance and will increase in weight from 16% to 21%

  • Governance:
  • Risk Management
  • Compliance

Domain 2: Name will change from IS Management Controls and Auditing Management (Projects, Technology & Operations) to Information Security Controls and Audit Management and will increase in weight from 18% to 20%

  • Information Security Management Controls
  • Audit Management
  • Disaster Recovery and Business Continuity Planning
  • Firewall, IDS/IPS, and Network Defense Systems

Domain 3: Name will change from Management – Projects and Operations to Security Program Management & Operations and will decrease in weight from 22% to 21%

  • Security Program Management
  • Security Program Operations

Domain 4: Information Security Core Competencies stays the same the weight will decrease from 25% to 19%

  • Access Control
  • Social Engineering, Phishing Attacks, Identity Theft
  • Physical Security
  • Wireless Security
  • Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools.
  • Virus, Trojans and Malware, and Other Malicious Code Threats
  • Secure Coding Best Practices and Securing Web Applications
  • OS Hardening
  • Encryption Technologies
  • Vulnerability Assessment and Penetration Testing
  • Threat Management
  • Incident Response and Computer Forensics

Domain 5: Name will change from Strategic Planning and Finance to Strategic Planning, Finance, Procurement, and Third-Party Management and weight will stay at 19%

  • Strategic Planning
  • Finance
  • Third-Party Management

SecureNinja is an award-winning training and certification school, and SecureNinja has a proven track record of assisting Fortune 100, Government, and Military organizations. For more information on how SecureNinja can benefit you or your organization fill out the form to the right of this post or visit

For more information, please go ahead and visit the links down below!