ITF- CISSP : CISSP


หลักสูตร : อบรมการหลักสูตร CISSP
by admin
Free
30 hours
0 Lessons
0 Students

cissp

หลักสูตร : อบรมการหลักสูตร CISSP

วัตถุประสงค์ของหลักสูตร

CISSP certification is beneficial to IT consultants, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.

ความรู้พื้นฐานของผู้เข้าอบรม

ก่อนเข้าอบรม ผู้เข้าอบรมควรมีพื้นฐานทางด้าน

  • การใช้งานคอมพิวเตอร์เบื้องต้น

รายละเอียดหลักสูตร

1. Introduction

  • Students & Trainer Introduction
  • Who Should Take This Course?
  • About (ISC)2
  • CISSP Certification
  • CISSP Examination
  • CBK Review, Domain and Function Areas

2. Security & Risk Management

  • Confidentiality, Integrity & Availability
  • Security Governance – Alignment of security function to strategy, goals, mission and objectives; organizational processes; security roles and responsibilities; due care and due diligence
  • Compliance – Legislative and regulatory; privacy requirements compliance
  • Legal & Regulatory Issues Pertaining to Information Security in Global Context – Computer Crimes; Licensing and intellectual property; import/export controls; trans-border data flow; privacy; data breaches
  • Professional Ethics
  • Documented Security Policy, Standards, Procedures & Guidelines
  • Business Continuity Requirements
  • Personnel Security Policies
  • Risk Management Concepts
  • Threat Modeling – identifying; determining and diagramming potential attacks; reduction analysis; technologies and processes to remediate threats
  • Security Risk Considerations Integrated into Acquisition Strategy & Practice – hardware, software and services; third-party assessment and monitoring; minimum security requirements and service-level requirements
  • Information Security Education, Training & Awareness

3. Asset Security

  • Classify Information and Supporting Assets
  • Determine & Maintain Ownership
  • Data Privacy
  • Retention
  • Data Security Controls
  • Handling Requirements

4. Security Engineering

  • Engineering Processes Using Secure Design Principles
  • Concepts of Security Models
  • Controls & Countermeasures
  • Security Capabilities of Information Systems
  • Assess & Mitigate Vulnerabilities of Security Architectures, Designs & Solution Elements – client-based; server-based; database security; large-scale parallel systems; distributed systems; cryptographic systems; industrial control systems
  • Assess & Mitigate Vulnerabilities in Web-based Systems
  • Assess & Mitigate Vulnerabilities in Mobile Systems
  • Assess & Mitigate Vulnerabilities in in Embedded Devices & Cyber-Physical Systems
  • Apply Cryptography – life cycle; types; PKI; key management practices; digital signatures; digital rights management; non-repudiation; integrity; methods of cryptanalytic attacks
  • Secure Principles: Site and Facility Design
  • Design & Implement Physical Security

5. Communication & Network Security

  • Secure Design Principles Applied to Network Architecture – OSI and TCP/IP models; IP networking; implications of multilayer protocols; converged protocols; software-defined networks; wireless networks; cryptography used to maintain communication security
  • Secure Network Components – operation of hardware; transmission media; network access control devices; endpoint security; content-distribution networks; physical devices
  • Secure Communication Channels – voice; multimedia collaboration; remotes access; data communications; virtualized networks
  • Prevent or Mitigate Network Attacks

6. Identity & Access Management

  • Control Physical & Logical Access to Assets
  • Manage Identification & Authentication of People and Devices
  • Identity as a Service
  • Third-Party identity Services
  • Implement & Manage Authorization Mechanisms
  • Prevent or Mitigate Access Controls Attacks
  • Manage Identity & Access Provisioning Lifecycle

7. Security Assessment & Testing

  • Design & Validate Assessment & Test Strategies
  • Conduct Security Control Testing
  • Collect Security Process Data
  • Analyze & Report Test Outputs
  • Conduct or Facilitate Internal & Third Party Audits

8. Security Operations

  • Investigations – evidence collection and handling; reporting and documenting; investigative techniques; digital forensics
  • Requirements for Investigation Types – operations; criminal; civil; regulatory; eDiscovery
  • Logging & Monitoring Activities
  • Sure Provisioning of Resources
  • Foundational Security Operations Concepts
  • Resource protection Techniques
  • Incident Management
  • Operate & Maintain Preventative Measures
  • Patch & Vulnerability Management
  • Change Management Processes
  • Recovery Stages – backup storage strategies; recovery site strategies; multiple processing sites; system resilience, high availability, quality of service and fault tolerance
  • Disaster Recovery Processes
  • Test Disaster Recovery Plans
  • Business Continuity Planning & Exercises
  • Implement & Manage Physical Security
  • Address Personal Safety Concerns

9. Software Development Security

  • Security in the Software Development Lifecycle
  • Security Controls in Development Environments
  • Assess Effectiveness of Software Security
  • Assess Security Impact of Acquired Software

ระยะเวลา :

5วัน (6 ชัวโมงต่อวัน)

สถานที่อบรม :

บริษัทลูกค้า

Facebook Comments

สอบถามรายละเอียด

  • Tel. 02-375-8664
  • info@ITFastLearning.com
  • www.ITFastLearning.com