CISSP 國際認可證書課程
Certified Information Systems Security Professional
資訊科技在我們生活中的應用越來越廣泛,伴隨而來的資訊安全問題也日益嚴重。隨著科技的發展和商業競爭日益激烈,許多公司越來越認識到系統安全的重要性,聘請專業的系統安全分析員來訂立規則,保護公司商業機密和用戶資料。
而近年系統和網絡技術發展一日千里,大家開發解決方案 ( Solution ) 或處理電子資訊時除需要考慮功能外,更須注意資訊保安。一旦出現資訊安全事故 ( 例如客戶資料外洩 ),商譽或金錢上的損失均無法想像。故此資訊保安已成為I.T.界的”必修科”,僱主聘用I.T.同事時亦要求具備資訊保安知識及相關認證,例如CISSP (Certified Information Systems Security Professional) 。
最近的一份報告預計,電腦罪案將激增 100 倍,不能有效保護數據和系統的企業將遭受重大損失。掌握解決資訊系統安全問題的能力,已經成為了未來網路人的必修課,這方面的認證考試也就成為了熱門中的熱門。 |
CISSP
|
| Certified Information Systems Security Professional (CISSP) 考試科目 |
| Certified Information Systems Security Professional Exam |
CISSP 是國際資訊系統安全認證協會承認的一種國際性資訊系統安全認證,它的全名為 Certification for Information System Security Professional。由 International Information Systems Security Certification Consortium ( 簡稱 ISC2 ) 國際資訊系統安全認證協會所頒發。 ISC2 於 1989 年中期成立,總部設立在北美。作為一個獨立的、非牟利的組織,其目標為發展與管理一個資訊安全管理人員認證管理組織。從 1992 年起,ISC2 進行 CISSP 認證考試,其認證很快得到國際的認可。拿到 CISSP,就意味著你已經掌握了控制資訊系統安全的方法,對於這方面的從業人員來說,CISSP 可以說是現今 I.T. 專才必考證書。
CISSP 之考試由 ISC2 國際資訊系統安全認證協會統籌,每月或每季在香港指定地點舉行 (如城市大學)。通常每兩個月舉行一次。
ISC2 會定期在香港舉行 CISSP 考試,
如要報名參加考試,可到ISC2 的網站註冊帳戶並以信用卡繳付考試費。CISSP 的考試費用為599美元。如果在考試前16天報名及繳款,可以 Early Bird Price 549美元參加考試。
CISSP 考試共有250條多項選擇題,當中有25條題目用作研究,不會計分,考生不能分辨題目是否用作研究,故此所有題目須全力作答。考試1000分滿,合格分數為700分。考試後4-6星期ISC2 會以電郵通知考試成績。
考試合格後,下一步便是通過 Endorsement。考生須得到另一名ISC2 Certified的人士推薦,並為考生簽署 Endorsement Form。若考生未能尋得推薦人,可以向 ISC2 申請讓 ISC2 成為考生的推薦人。
我們會為本中心的CISSP學員提供Endorsement的協助。
最後,ISC2 會隨機抽樣為考生所提供的文件進行Audit. 通過Audit後便可成為CISSP。
課程內容:
Domain 1: Information Security and Risk Management
Part 1: Information Security Overview
- Core Information Security Principles (CIA)
- Security Planning
- Security Policies, Procedures, Standards, Guidelines and Baseline
- Best Practices in Information Security
- Reporting Model
- Secure Awareness Training
- Overview of Ethics
- Common Computer Ethic Fallacies
- ISC2 Code of Ethic
Part 2: Risk Management
- Identify and understand the relationship between Vulnerabilities, Threat, Likelihood and Impact
- Risk Assessment – Qualitative Risk Assessments
- Risk Assessment – Quantitative Risk Assessments
- Risk Management Concepts
- Who own the Risk?
Domain 2: Access Control:
- Definitions of key terms
- 6 Categories of Access Control Controls
- 3 Types of Access Controls
- Threats of Access Controls
- System Access
- Data / Information Access
- Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
- Penetration Test
- Assurance of Access Controls
Domain 3: Cryptography
- Definitions of key terms
- History of Cryptography
- 2 Cryptography Methods
- Encryption System – Substitution Ciphers
- Encryption System – Asymmetric Algorithms
- Features of Encryptions System other than encryption / decryption
- Message Integrity Control Overview
- Message Integrity Control – Hash Functions
- Message Integrity Control – Message Authentication Code (MAC)
- Digital Signatures
- Cryptanalysis and Attacks
Domain 4: Physical (Environmental) Security
- Threats and Vulnerabilities in the Physical Environment
- Site Location
- Site fabric and infrastructure topics
- Layered Defense Model
- Infrastructure Support System
Domain 5: Security Architecture and Design
- Concepts in Computer Hardware
- Concepts in Computer Software
- Trusted Computer Base (TCB)
- Reference Monitor
- Security Models and Architecture Theories Overview
- Security Models and Architecture Theories – Lattice Model
- Security Models and Architecture Theories – Noninterference Model
- Security Models and Architecture Theories – Information Flow Model
- Security Models and Architecture Theories – Bell-LaPadula Confidentiality Model
- Security Models and Architecture Theories – Biba Integrity Model
- Security Models and Architecture Theories – Clark–Wilson Integrity Model
- Security Models and Architecture Theories – Chinese Wall (Brewer - Nash) Model
- Security Product Evalutation Methods and Criteria Overview
- Security Product Evalutation Methods and Criteria – TCSEC
- Security Product Evalutation Methods and Criteria - ITSEC
- Security Product Evalutation Methods and Criteria - TCSEC
- Security Product Evalutation Methods and Criteria – Common Criteria
- Certification and Accreditation
Domain 6: Business Continuity and Disaster Recovery Planning
- Definition of Disaster
- Definition of Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
- Understanding Business Continuity Management (BCM)
- BCP Scope
- Stages of BCM
- BCP Phase 1: Project Management and Initiation
- BCP Phase 2: Business Impact Assessment (BIA)
- BCP Phase 3: Recovery strategy
- BCP Phase 4: Plan design and development
- BCP Phase 5: Testing, Maintenance, Awareness and Training
- Steps in developing recovery strategies
- Alternate Sites Overview
- Alternate Sites – Mirror Site
- Alternate Sites – Hot Site
- Alternate Sites – Warn Site
- Alternate Sites – Cold Site
- Alternate Sites – Mobile Site
- Reciprocal agreement
Domain 7: Telecommunications and Network Security
- Core Data Network Key Terms and Technologies
- OSI Reference Model
- Basic Telephony
- Remote Access Security and Technologies
- Network Vulnerabilities, Network Attack and Countermeasures
- Network Access Controls (AAA and Firewalls)
- Network Availabilities Controls
- Internet Security Protocols
- Multimedia Security
- Network Audit
Domain 8: Application Security
Part1: Application Division
- Basic Programming Procedures: Coding and Compiling
- Threats in Software Environment
- Application Development Security Protections and Controls
- Software Protection Mechanisms
- Malware – Trojans
- Malware – Hoaxes
- Malware – Virus
- Malware – Worms
- Other Malware
- Malware Protections
Part2: Database Division
- DBMS Architecture
- Data Warehouse
- Database Interface Language - ODBC
- Database Interface Language - OLEDB
- XML
- Database Vulnerabilities, Threats and Protection
- Web Application Vulnerabilities, Threats and Protection
Domain 9: Operation Security
- Roles of System Administrators
- Roles of Security Administrators
- Operation Security Threats
- 7 types of Operation Security Controls
- Operation Security Control Methods
- Continuity of Operations
- Change Management
- Patch Management
Domain 10: Legal, Regulations, Compliance and Investigations
- Major Legal System Overview
- Major Legal System - Common Law
- Major Legal System - Civil Law
- Major Legal System – Religious Law
- Major Legal System – Mixed Law
- Intellectual Properties Laws
- Incident Response
- Digital / Electronic Evidence
- Computer Forensics
適合人仕 :
有志投身 I.T. 資訊保安領域的人仕,
系統保安工程師,I.T. 部門主管,網絡管理人員。。
修讀條件 :
對 Windows / UNIX / Linux 系統有基本認識
對互聯網及 TCP/IP 有基本認識
對網絡保安系統擁有基本概念
擁有 3 - 4 年有關網絡保安工作經驗
|
|
課程包括 :
- 導師精心編排的考試精讀筆記一套及多本 McGraw-Hill Osborne: CISSP Certification All-in-One Exam Guide, 4th Ed. 電子書課本
- CISSP 模擬試題連參考答案 800 多條
- 由擁有 CISSP 證書和十年以上網絡保安工作經驗之導師任教
- 免費提供高清視像影片作補堂或重溫之用 (不用等侯,即時補堂)
|
授課語言 : 以廣東話授課為主,亦會以英語輔助。
課程全長 : 18 小時 / 共 6 堂
開課日期 :
|
CISSP 國際認可證書課程
單科課程 HK$2380 |
|
|
| Class/Course |
Date Start |
| CISSP001 |
2009年 5 月 16 日 至 2009年7月30日 爆滿!
(逢星期六 2:30p.m~9:30p.m) 6hrs/lesson |
| CISSP002 |
2009年 12 月 9 日 至 2009年 12月28日 爆滿!
(逢星期一、三 6:45p.m~9:45p.m) 3hrs/lesson |
教學質素保證:
- 提供最Update題目 ,令你最有效率通過考試
- 保証一人一機!
- 免費提供高清視像影片作補堂或重溫之用 (不用等侯,即時補堂)
- 彈性上課/補堂時間!詳情請電 3426-8614 查詢
課程費用 :
CISSP 國際認可證書課程
|
18 Hr |
特價 $ 2380 |
