Certified Information Systems Security Officer
Description
In a landscape where attacks are growing more
sophisticated, regulatory obligations are tightening, and dependence on digital
systems is total, the shortage of information-security skills has become a strategic risk.
The CISSO – Certified Information Systems Security
Officer addresses this need head-on. Designed to
demystify information security (too often seen as “for technicians only”),
CISSO is a job-entry
certification that enables any organization to design and implement an effective information
security program. Aligned with international best practices—most
notably ISO/IEC 27001—the
curriculum covers the seven essential
domains required to protect information assets: governance and strategy, people and culture, physical security of facilities, technical controls and cybersecurity, incident management, business continuity and disaster recovery,
and emerging technologies.
Organizations now, more than ever, need competent professionals who can understand evolving threats, contribute to an effective Information Security Management System (ISMS), and align security with business priorities by fostering a shared security culture. That’s where CISSO comes in.
Why Choose CISSO?
Upon completion, you earn a globally verifiable GECB certification that signals your commitment to excellence and proven expertise in information security.
CISSO accelerates your path. Fast-track into higher-responsibility roles and increase your earning potential: organizations prioritize certified professionals for critical security functions.
Stay current on trends, threats, and best practices (ISO/IEC 27001 alignment, risk management, DevSecOps, cloud, AI, etc.) to maintain a lasting competitive edge.
Strengthen your ability to design and implement effective security strategies, protect critical assets, and safeguard reputation, while embedding a measurable security culture (KPIs/KRIs, audits, continuous improvement).
What You Will Learn
The program is designed to enable candidates to master the essential components of an information systems security program aligned with best practices.
ISMS Governance, Strategy & Steering
People Security & Organizational Culture
Facilities, Equipment & Environmental Security
Technical Controls & Cybersecurity Solutions
Incident Management & Crisis Response
IT Continuity & Disaster Recovery
Emerging Technologies & Security
Why Getting Certified?
In today’s highly competitive professional environment, earning a recognized certification is no longer a luxury—it is a strategic career move. Getting certified means
Officially validating your skills
Boosting your employability
Standing out in a crowded market
Strengthening your professional credibility
Supporting career advancement
Investing in personal growth
Adding value to your organization
Eligibility Criteria
To ensure the level and value of the credential, CISSO – Certified Information Systems Security Officer is open only to candidates who meet the following requirements:
- Education: hold at least a Bachelor’s degree (or equivalent) in IT, cybersecurity, information systems, networking/telecom, engineering, IS management, or a related field.
- Professional Experience: have a minimum of 2 years of cumulative professional experience in an IT/InfoSec–related role (risk/audit/compliance, IT operations, digital project management, etc.).
Commitment to GECB Principles: adhere to the GECB Code of Ethics, fully comply with exam rules, and commit to continuing professional education (CPE) in line with GECB policies.
Program Overview
Equip future CISSO holders to design, deploy, and operate an ISMS aligned with international standards.
- Fundamentals of Information Security and business implications
- ISO 27001 and the ISMS: reference framework and PDCA approach
- Governance and leadership roles in information security
- Development and dissemination of the information security policy
- Context analysis, stakeholders, and legal/regulatory requirements
- Information Security risk management (ISO 27005, methods and tools)
- Performance indicators and ISMS performance management
- Internal audit, control, and continual improvement of the ISMS
Embed the human dimension into the ISMS and build a lasting security culture.
- Security across the employee lifecycle (hiring, mobility, offboarding)
- Contractual clauses and InfoSec responsibilities
- Awareness, training, and security culture development
- Countering social engineering and managing insider threats
- Confidentiality, professional ethics, and code of conduct
- Access rights governance and user accountability
Ensure physical protection of premises, infrastructure, and tangible assets.
- Physical access controls and protection of sensitive areas
- Security of datacenters, server rooms, and critical environments
- Protection against environmental threats (fire, flood, power outages)
- Hardware lifecycle: deployment, maintenance, decommissioning, and secure destruction
- Physical media and mobility security (documents, removable media, etc.)
Master defensive technologies and control mechanisms.
- Identity and Access Management (IAM, MFA, PAM)
- Cryptographic security and key management
- Network and communications security (firewalls, IDS/IPS, VPN, Wi-Fi)
- Security of operating systems and virtualized/cloud environments
- Application security and DevSecOps
- Protection against malware, ransomware, and APTs
- Logging, monitoring, and SIEM
- Vulnerability management and patch management
Prepare and coordinate an effective response to security incidents and crises.
- End-to-end incident process (detection, analysis, response)
- CERT/CSIRT organization and operating model
- Digital forensics and evidence collection
- Crisis communications (internal and external)
- Post-incident review and continual improvement
Build organizational resilience against major disruptions and disasters.
- Business continuity concepts and organizational resilience
- Development of the Business Continuity Plan (BCP)
- Development of the Disaster Recovery Plan (DRP)
- Continuity exercises and tests (simulations, red/blue team)
- Alignment with ISO 22301 and integration with the ISMS
Anticipate new risks and integrate innovation into security strategy.
- Cybersecurity and Artificial Intelligence
- Blockchain, tokenization, and transaction security
- Internet of Things (IoT) and 5G: opportunities and threats
- Cloud and edge computing: risks and security solutions
- Geopolitics and modern cyber threats (APT, cybercrime, cyber warfare)
Certification Toolkit
499 USD
With your enrollment in CISSO – Certified Information Systems Security Officer, you gain access to a comprehensive set of learning and professional tools designed by GECB to ensure your success:
- CISSO Reference Manual: a structured guide to design, deploy, and operate an effective information systems security program.
- CISSO MCQ Practice Bank: unlimited access to an exclusive bank of 1,500+ professional-grade questions aligned with the program’s 7 modules, to test your knowledge and build mastery.
- Online Learning Tools: study at your own pace on the GECB practice platform with progress tracking, regular updates, and 24/7 access.
- Final Online Exam: take your remotely proctored CISSO exam online, securely, from the location of your choice (available 24/7).
- Instant Results & Digital Certificate: upon passing, receive an official, verifiable digital certificate, instantly shareable on LinkedIn, your résumé, and with employers.
- 3-Year Certification Validity: CISSO is valid for three (3) years, with unlimited renewal based on continuing education and active membership in the GECB certified community.
What They Say About Us
