Certification Education About

Certified Information Security Officer – Financial Services

Learn, understand, collaborate, and test your information security knowledge of financial institution regulations, standards, and guidance by becoming a Certified Information Security Officer – Financial Services (CISO-FS)

Earn a CISO-FS certification from the CNX Institute and show your knowledge, experience and skills. A CISO-FS certification will allow you to:

  • Validate your knowledge and understanding of information security regulations, guidance, and standards as they apply to financial institutions, such as banks, credit unions, trust companies, and savings associations.
  • Demonstrate competence to be a financial institution Information Security Officer.
  • Access training webinars and resources to help you understand regulations that are appropriate for your industry.
  • Gain the confidence necessary to implement and/or support your organiziation’s information security measures.

What content does the certification exam cover?

The CISO-FS Certification Exam is 100 multiple-choice questions organized by domain. Results of the exam are presented as an overall score, as well as scores broken out by domain. The intent of the scoring criteria is to help candidates know which domains might need improvement.

Domain and knowledge areas coverage:

Financial Institution Regulatory Structure

Knowledge areas:

  • Regulatory Oversight
  • U.S. Laws, Regulations, and Guidance
  • Other Standards and Guidance

Governance & Risk Management

Knowledge areas:

  • Roles and Responsibilities
  • Governance
  • Risk Management
  • Information Security Program
  • Development and Acquisition
  • Cybersecurity

Business Continuity, Resilience & Incident Management

Knowledge areas:

  • Roles and Responsibilities
  • Planning
  • Risk Management
  • Business Impact Analysis (BIA)
  • Facilities and Technology
  • Testing and Training
  • Incident Response

Third Party Oversight

Knowledge areas:

  • Roles and Responsibilities
  • Vendor Management Planning
  • Risk Management
  • Third Party Selection
  • Contracts
  • Ongoing Monitoring

Data & Physical Security

Knowledge areas:

  • Asset Management
  • Data Management
  • Physical Controls
  • Logical Controls
  • Technology Design
  • Monitoring
  • Cybersecurity

Assurance & Testing

Knowledge areas:

  • Roles and Responsibilities
  • Planning
  • Risk-Based Auditing
  • Types of Testing
  • Independence
  • Reporting

Terminology and Definitions

  • Information Security Terms and Definitions