CERTIFIED ETHICAL HACKER (CEH), BLUEPRINT CHANGE ANNOUNCEMENT
Effective Nov 1st, 2018, EC-Council will be introducing a new version of the CEH exam blueprint.
An exam blueprint is a framework that helps break down the sections of the test making it easier for the test taker to focus his/ her study as they prepare for the exam. It dictates how many questions in various areas of practice should go on an exam.
As a reputed certification body, we always strive to keep updated of the latest technological advancements in the field of ethical hacking and information system security audits. Our new exam blueprint is an outcome of the same effort.
For those who are scheduled to take the CEH exam on or after Nov 1st, 2018 here are the major changes you can expect to see:
- New segmentation of topics among exam domains
- Removal and addition of some key topics
Summary of the updated blueprint:
|Portion of Total Test||Total Number Items Per Domain||Sub-Domains||Total Number Items Per Sub-Domain|
|Tools / Systems / Programs||28.91%||36||
|Procedures / Methodology||8.77%||11||
|Regulation / Policy||1.90%||2||
You can find the existing exam blueprint HERE; the current blueprint is valid till October 31st 2018.
Note: This announcement is limited to the CEH multiple choice exam and there are no changes to any other aspect of the exam such as the eligibility criteria, exam duration or exam availability.
Should you have any further questions you can write to [email protected]
Powerful and Practical- EC-Council’s New Learning Track Launched Globally
March 14, Albuquerque, New Mexico City, USA
EC Council, the world’s leading provider of certifications and training in the information security domain, today announced the release of five core programs and certifications to create an all-new learning track. These programs and their ensuing qualifications will prepare quality, skills attested, respected, capable cyber-manpower that is in demand by the global workforce. It is a big step forward towards EC-Council’s commitment in Bringing Workforce Development Training and Certification Programs that Measure Industry Readiness.
In today’s world, hackers are using sophisticated malware techniques to inflict intellectual and financial losses to their target, while organizations depend heavily on information technology to protect their vital information. The ability to harness new technology to bring value to an organization is critical to any organization’s growth matched with the ability to deploy these safely without over burdening the organizations risks posture.
In response to the growing threats, EC-Council has addressed the root of the problem – the lack of cybersecurity professionals skilled in ethical hacking, security analysis, and penetration testing.
Biggest Leap Since the Original
EC-Council raises the bar again for ethical hacking training and certification programs through the Certified Ethical Hacker (CEH) v10 program, which is in compliance with the NICE framework’s Protect and Defend specialty area. In order to meet the rising demands of employers across the world, the program now includes IoT hacking, vulnerability analysis, static and dynamic malware analysis, and emerging attack vectors on cloud, artificial intelligence, and machine learning.
CEH is used as a hiring standard and is a core sought after certification by many organizations, governments, cybersecurity practices, and is a cyber staple in many of the top universities around the globe.
“The biggest issue for CISO’s is the need to differentiate candidates that have the knowledge and candidates that actually have the skills and abilities to do the job. Abilities that represent true technical and security challenges faced at the workplace today and every day. Many Fortune 500 companies developed creative ways to find and hire those that could actually do the job…They spent millions of dollars and countless amount of time and management to achieve that annually. Today, we offer a solution to this problem,” said Jay Bavisi, CEO of EC-Council Group and Chairman of the Board, EC-Council University.
Ethical hackers from around the world will now be able validate their skills in a new exam format launched by EC-Council.
The all-new C|EH (Practical) certification exam will be delivered as a secure, remotely-proctored, hands-on, live certification test that can be taken anytime, anywhere. The exam is a six hour practical exam built by subject matter experts in the ethical hacking field, that will test the candidate against 20 real-life scenarios.
The combined benefit of a practical exam, proctored anywhere in the world will allow organizations to quickly train, test, and deploy their cyber-ready workforce.
A Progression From the Former
Continuing where the CEH program left off, is the enhanced ECSA v10 program that includes a new comprehensive step-by-step penetration testing methodology that improves upon the best from ISO 27001, OSSTMM, and NIST Standards. This program is 100% compliant to the new NICE 2.0 framework and CREST framework, bringing real tangible benefits to employers including helping them assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, help their cyber workforce explore tasks and work roles, and assist with understanding the KSAs that are recognized by employers for in-demand cybersecurity roles.
The program includes a new comprehensive social engineering penetration testing methodology and has increased its focus on methodology for perimeter devices (IDS/Firewall), database, wireless, and cloud penetration testing, using both manual and automated penetration testing approaches, along with many other major improvements.
Application of Methodology
After a successful completion of the ECSA v10 credential, certified members can now attempt the brand-new ECSA (Practical) certification exam — a 12 hour practical, fully proctored, live online exam, built on EC-Council’s cyber-range, simulating real-life environments. The exam will test the candidate on their application of penetration testing methodologies to perform a comprehensive security audit of an organization.
The ECSA (Practical) will test your ability to perform threat and exploit research, understand exploits in the wild, write exploits, customize payloads, and make critical decisions at different phases of a penetration testing engagement. The candidate will also be required to create a professional pen testing report with essential elements and guidance for the organization in the scenario to act on.
An ECSA Practical credential will provide the assurance that the candidate possesses the skills required while on the field and will stand as a testimony to their ability to undergo the rigor of the profession.
100% Practicality into Training Sessions
The all-new EC-Council learning track would not be complete without a penetration testing program.
Following the launch of the LPT (Master) program at the Hacker Halted Conference 2017, came a flood of requests for an advanced penetration testing course, in order to help professionals be better prepared for the LPT (Master) test. Since then, EC-Council began working on a course that could resolve the problems faced by cybersecurity professionals and hiring managers, alike, bringing forth EC-Council’s Advanced Penetration Testing program
The Advanced Penetration Testing Course was created as the next level progression after the ECSA to prepare you for the challenges that the LPT (Master) examination presents. This program is designed to demonstrate the advanced concepts of penetration testing, bringing 100% practicality into the training sessions to provide professional skills that demonstrate how professional pen testers will determine the attack surface of targets within a required time frame to gain access to the machines and escalate privileges.
The course is designed to show the advanced concepts of scanning against defenses, pivoting between networks, deploying proxy chains, and using web shells. The last module of the course includes an SOW for each of the various networks we have created for the course. This, combined with the composition of various ranges, mimics a professional penetration test.
Upon completion of the Advanced Penetration Testing program, candidates will challenge the LPT (Master) exam, the world’s first fully online, remotely-proctored LPT practical exam, that offers a challenge like no other by simulating a complex network of a multinational organization in real time. The candidates will also have to demonstrate an advanced understanding of testing modern infrastructures by completing a professional penetration test report to be evaluated by EC-Council experts for completeness and professionalism.
For more information on these courses, visit www.eccouncil.org
EC-Council's C|CISO Program officially accredited by ANSI
EC-Council is proud to announce that the Certified CISO Program has officially been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its C|CISO certification!
The American National Standards Institute (ANSI) is a private non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. ANSI is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC). ANSI is also a member of the International Accreditation Forum (IAF).
To award the accreditation, ANSI conducted a verification process to ensure that EC-Council is impartial and objective as a certification body. It also confirmed that EC-Council’s certification process is conducted in a consistent, comparable, and reliable manner. This process required rigorous quality reviews of EC-Council and the Certified CISO (C|CISO) program.
All CCISOs who took the version of the exam that was certified by ANSI will now have the ANSI logo on their electronic certification. If you have any questions about this program, please contact [email protected].
EC-Council Announces the World’s First Fully Online, Remotely Proctored Hands-On Penetration Testing Exam
EC-Council today announced the release of the new, fully-proctored Licensed Penetration Tester (LPT) certification, which will be launched at Hacker Halted, 2017. The new LPT (Master) certification exam is the first globally accepted, hands-on penetration testing certification exam administered in a fully proctored environment.
Penetration testing professionals around the world will be able validate their skills in this new exam format launched by EC-Council. The new LPT (Master) certification exam will be delivered as a secure, fully-proctored, live certification test that can be taken anytime, anywhere by busy professionals.
Jay Bavisi, the president and CEO of EC-Council, commented "With the increase in the sophistication of cyber-attacks and with ever growing security needs, today's digital enterprises are looking for experts that have proven abilities to function as competent penetration testers in order to secure their operations. The fully proctored, hands-on LPT (Master) certification exam combines effectiveness with convenience to deliver a highest standard of exam that enables the candidates to demonstrate expertise in applying their skills in a hands-on environment."
The exam provides a level playing field where candidates are challenged to prove their skills as expert-level penetration testers. Bavisi added "In the real world, penetration testers go through a strenuous, arduous and laborious process to keep their clients and organizations secure. This exam is meant to mimic the real-world environment and is meant to stress, burden and ardently push the candidates to their limits to test their actual abilities in penetration testing."
The new LPT (Master) certification is the crown jewel of the EC-Council penetration testing track. It challenges candidates through a grueling 18 hours of hands-on exam categorized into three practical tests for six hour intervals, each of which provide a multidisciplinary approach for targeting and compromising high security environments. Upon completion of the exam, candidates will have to demonstrate an advanced understanding of testing modern infrastructures by completing a professional penetration test report to be evaluated by EC-Council experts for completeness and professionalism.
EC-Council announces the official launch of IIB Council (formerly known as Institute of iBusiness) and Certified Digital Marketer Certification (C|DM).
-From the pioneer in Information Security Certified Training and the creator of Ethical Hacking Program, EC-Council introduces IIB Council, the Business Technology division and creator of Corporate Growth Hacking Trainings-
The brainchild of EC-Council, the Institute of iBusiness Council (IIB Council) is formed with the aspiration to create groundbreaking certification and training programs in the business technology sector. The programs teach students the fundamentals of accelerating corporate growth and fostering sustainable development across organizations. To transform organizations into smart, adaptive, digital enterprises, IIB Council programs focus on aligning industry requirements and business goals with the latest technology trends
Welcoming the first
Business Technology Programs
for Corporate Growth Hacking
The IIB programs invite aspiring or current business professionals to get one step ahead of competition by utilizing brand-new technologies and smart digital practices to achieve goals and better results. The training material enriches digital skills that are congruent with the principles of Business Analytics, Intelligence, Automation and Optimization. Students will be furnished with real-world scenarios and case studies and 100% hands-on lab challenges that exploit the latest, best available tools and teach relevant, contemporary, directly implementable and practical skills.
Certified Digital Marketer is the 1st Certification Course of Business Technology Certification line to be introduced by IIB Council (former Institute of iBusiness) on June 5th 2017. Current EC-Council partners may register for the Global Launch Webinar here:https://www.dropbox.com/sh/uomf2n1s0w5ckid/AACpzY1P2wRCI6EbG5OnZZ74a?dl=0
Certified Digital Marketer (C|DM) (formerly known as CIMP - Certified Internet Marketing Practitioner) is re-launched under a revised approach to address the increasing demand for Growth Hackers; the skillful marketers that possess both the technical skills and the creative skills to drive profitable marketing campaigns.
C|DM is a Certification Program in Digital Marketing aimed at current or aspiring Digital Marketing Managers. IIB Certified Digital Marketers have extensive hands-on experience in the disciplines of Integrated Digital Marketing with a strategic focus on multi-channel marketing and cross-medium communications. A C|DM certified is able to demonstrate mastery in analytical skills and critical thinking using a combination of diachronic/old-time classic marketing principles and the latest digital concepts to obtain extremely accurate market insights and in-depth knowledge of their target audience key-drives.
The Certified Digital Marketer (C|DM) Program is developed in line with the latest industry trends to help current and aspiring Digital Marketers to achieve their marketing objectives and business goals through integrated marketing strategies including digital and physical platforms
Contrary to CIMP, C|DM covers the modules of Programmatic Marketing and Marketing Automation as well as the revolutionized approach of Video & Mobile Marketing. In the advent of Augmented Virtual Reality and Live Streaming, below-the-line marketing (point of purchase marketing) re-emerges from the ashes of 2000s to use real-time personalized communications and become one of the most sales-effective and influential techniques ever known.
The course that teaches students how to enable marketing activities, achieve profitable acquisitions and customer retentions through a well-thought automated buying process and customer lifecycle is now available worldwide through EC-Council iClass (online training) or live at any of our 700 partners.
CIMP is set of Retirement on Dec 31st, 2017
AIPs can exchange CIMP kits for FREE till 31st of July 2017, post that exchange requests will be not processed.
More information at www.iibcouncil.org
EC-Council is pleased to announce the launch of the all new EC-Council Disaster Recovery Professional v3 program.
The EDRPv3 program is a completely redesigned program combining Business Continuity (BC) and Disaster Recovery (DR) domains into a unified and fluent program aimed at providing end to end BC/DR solutions to enterprises and professionals.
EDRP provides critical templates and step by step instructions that bring practicality and skills orientation to students enabling them to tackle their BC/DR challenges quickly and effectively. This is an industry first!
EC-Council Announces Release of version 9 of its leading forensics certification, CHFI
EC-Council's leading digital forensics certification program, Computer Hacking Forensic Investigator (CHFI), has been updated to meet the new challenges faced by information security professionals that specialize in cyber forensics. CHFIv9 builds on the outstanding success of previous versions and adds coverage of the latest digital forensics techniques, digital forensics laws and standards updates, as well as immersive lab exercises to help students learn to defeat anti-forensics techniques, conducting database forensics, cloud forensics investigations, and malware forensics. These updates are necessary to keep pace with a rapidly changing industry. The latest operating systems are covered in the new material via 39 updated lab modules intended to challenge students to apply their knowledge and reinforce skills.
To ensure this latest version is in line with the real-world requirements of working digital forensic professionals, EC-Council assembled various subject matter experts and professionals from law enforcement, criminal investigation, defense, and highly technical security professionals to contribute to the new content. Developed by a panel of subject matter experts and industry specialists, the updated certification sets the global standards for computer forensics best practices.
Cyber forensics is a very important and in-demand subset of the larger information security industry. Digital forensics has evolved over the past 10 years to encompass a variety of critical roles well beyond cyber incidents. Digital forensics has become a key role in many demanding IT departments providing reliable, evidence based validation of enterprise systems. Per the market research report published by IndustryARC, by 2020, the digital forensics market will reach 4.8 billion USD. The major drivers for this growth are the increase in threats from cybercrime and terrorist attacks. Only 22% of companies are even fully prepared to deal with cyber security incidents and forensics plays a huge role in incident response.
"With this growth, the industry is struggling to find quality digital forensics recourses, creating a rise in demand within the already underserved job markets. As a result, there is a market need for a certification based on a single, universal body of knowledge," said EC-Council President, Jay Bavisi.
The CHFIv9 training program enables information security professionals to meet the challenges of digital forensics as well as potentially add a specialty to their skillset that could bolster their careers tremendously. Foote Partners, which tracks information technology jobs across all skill levels, projects the global demand for cybersecurity talent to rise to six million positions by 2019 with an expected shortfall of 1.5 million professionals.
Professionals with CHFIv9 on their resumes will be well-suited to meet this demand not only because they have demonstrated their mastery of the subject matter by passing the certification exam, but because of the hours of work requiring hands-on, real world application of the skills in the lab environment created to accompany the course. The labs are an immersive environment where students practice applying their skills and reinforcing their learning. The labs also help students adapt very quickly to unfamiliar environments as they learn digital forensics skills not just in theory, but in practice.
Invitation to apply for the celebrated Certified Network Defense Architect program
Maintaining the integrity and authenticity of the network in an organisation is critical to the organisation's health. The criticality increases all the more with Defence and government organisations. EC-Council understands the importance that networks and network defenders play in these coveted organisations and respect their responsibility.
It is with this perspective that EC-Council is inviting its CEH member group who also serve the Government organisations to apply for the coveted Certified Network Defense Architect program to get certified on the same.
If this invitation interests you and if you meet the requirements then write to us at [email protected]
EC-Council is excited to announce the launch of the all-new certification Certified Network Defender (CND), which was launched globally on September 14th, 2016.
The new certification is designed to be a game changer in the network defence domain.The past few years had seen the disastrous consequences of cyber-crime, which made cyber security one of the key aspects of agenda in the Board Room discussions. Studies point out that, professionals handling the Organisation's networks are not amply equipped to protect their networks from evolving cyber threats like Advanced Persistent Threats (APTs), sophisticated botnet C&C, Insiders to mention a few. Cyber criminals see this as an opportunity to hack the system compromising on important information. The R&D teams at EC-Council have extensively conducted technology surveys, community engagements, market analysis and SME consultations to develop the CND skillset that will enable networking professionals to protect, detect and respond to cyber security threats.
A thorough job task analysis along with research, market analysis, surveys, community engagement activities, consultation and advice from Subject Matter Experts, has ensured that the CND design is based on cyber security frameworks such as NICE and is in sync with the current markets trends. CND is designed in a manner that it imparts the necessary skillset to the Network Administrator on the nuances of Network Security whether it is designing the Organisation's network security controls, firewall systems, IDS/IPS systems, policies and procedures, DLP and etc. It also ensures that the personnel handling the network can detect network security breaches at an early stage, and also respond to the same. A deeper analysis of the situation brings to the fore, the larger goals of the organisation being met. Ensuring that information, the key component of the organisation is safe will ensure business continuity, better ROIs on security investment and lesser impact on incidents on Information System Resources. What makes CND different from the other programmes is that CND covers network defence from a Defence perspective going beyond the traditional security solutions and appliances. Also, the CND programme includes operational security aspects such as designing and deploying security policies, network monitoring, vulnerability management, incident handling and response and etc.
EC-Council recommends that companies facing a shortage of qualified security practitioners or companies that cannot afford to hire specialized information security professionals consider adding information security duties to their existing system and network administrator job roles. The fastest way to accomplish this would be to send their employees to the only program on the market designed to teach network and system administrator information security skills: CND.
For further information, please visit https://www.eccouncil.org/programs/certified-network-defender-cnd/
Dear Certified Members and Partners,
Dear EC-Council Partners, Members, and Friends
EC-Council is pleased to announce the formal introduction of Digital Badges for all of its active members, without any additional fee whatsoever. A digital badge is a validated indicator of achievement to highlight a skill or quality. EC-Council will now offer digital badges post successful completion of our modules, courses, and certification exams. These visual tokens of achievement will now allow students to showcase their efforts and success across the world!
How Do Digital Badges Work?
Upon registering for a course, students can access EC-Council course content via the ASPEN portal. They will now be rewarded with digital badges upon completion of each module, or upon successfully passing an EC-Council certification exam. These digital badges can be collected and shared with colleagues, added to resumes, social media outlets, and other avenues, serving as skills validators. Digital Badges will be available to download from the ASPEN portal.
As we continue to face a growing threat landscape and a Cybersecurity industry, hungry for qualified candidates, digital badges will become paramount to enhancing the exposure of EC-Council certified members.
As we continue our digital journey, commencing January 1st, 2019, EC-Council will no longer ship out physical certificates. EC-Council certified members can continue to download their e-Certificates from the ASPEN portal. Certified members who still wish to receive a physical certificate may request a physical certificate via [email protected]. Printed certificate requests in the US will cost $50 per copy and outside the US, the service fee shall be $75. All such certificates will be shipped to the address of their choice.
We thank you for your on-going support. For more information on our digital badges and supporting processes, please contact: [email protected].Thank you!