甲子園電腦教育中心 - {ISC}2 CISSP 證書課程

課程簡介

資訊技術在人們生活中的應用越來越廣泛，隨之而來的資訊系統安全問題也被受關注。加上科技的發展和商業競爭日益激烈，許多公司越來越意識到資訊系統保安的重要性，還聘請專業的系統保安分析員來訂立規則來保護公司商業機密和用戶資料。

CISSP (Certified Information System Security Professional) 是由(ISC)2 國際資訊系統保安認證協會所頒發的專業認可證書，(ISC)2 於 1989 年成立，總部設立在美國，為一個獨立且非牟利的組織，其目標是發展及管理一套完善的資訊系統保安架構及訂立一系列的專業保安認證。

從 1992 年起，(ISC)2 推出 CISSP 認證考試，其認證很快得到社會各大企業及國際的認可。成功考取到 CISSP 證書就意味著你已經掌握了控制資訊系統安全的方法，能夠為企業制定一系列的安全方案，對於現今企業對資訊系統保安的需求，CISSP 可以說是現今 I.T. 專才必考之證書。

適合人仕:

有志投身 I.T. 資訊保安領域的人仕

系統工程師，網絡管理員，網絡保安人員

已考取 Check Point CCSA 或 CCSE 證書的同學

修讀條件:

對 Windows Server / Linux 系統有基本認識

對網絡保安系統擁有基本概念

對互聯網及 TCP/IP 有一定程度的認識

擁有 3 - 4 年有關網絡保安工作經驗

課程包括:

導師精心編製 CISSP 課程筆記

QUE Press: CISSP Training Guide 電子書課本

課程實習 CD-ROM 一隻

全新 7 月份更新的模擬試題連參考答案 (模擬試題 "一年" 免費更新保證，考試更有彈性)

由擁有 CISSP / CISA / CISM / PMP 及多年豐富網絡保安工作經驗之導師任教

課程電腦設備:

我們採用全新 DELL 原廠電腦，配以 Intel Core 2 或 AMD Athlon 64 X2 高速處理器、
2GB DDR2 記憶體、500GB SATA II Hard Disk 及 17" LCD Display，加上每部電腦均連接上 100/1000 Mbps Fast Ethernet 高速網絡，在學習過程中保證 "暢通無阻"。

授課語言:

以廣東話授課為主，亦會以英語輔助

課程全長:

6 堂 / 21 小時 (每堂 3.5 小時)

開課日期:

CISSP0828 08 月 28 日 (逢星期六， 7 - 10:30 p.m)

課程費用:

$ 2,480

匯豐信用卡可享 12 個月免息分期優惠 (每月只須 $ 207)

舊生或舊生介紹可享 95 折 優惠 (請預早致電留位時登記作實)

舊生在報名表上獲導師簽名推薦更可享 9 折 優惠 (有關詳情請向您的導師查詢)

完成本課程後可參加的相關考試:

CISSP 之考試由 (ISC)2 國際資訊系統安全認證協會統籌，每月或每季在香港指定地點舉行 (如城市大學)。CISSP 的考試費用為 599 美元。如果在考試前16天報名及繳款，可以Early Bird Price 549 美元參加考試，

考試時間長 6 小時，考生必須在指定時間內完成 250 條多項選擇題，考試 1000 分滿，合格分數為 700 分。考試後 4-6 星期 ISC2 會以電郵通知考試成績。

試題數量: 250 題
考試時間: 360 分鐘
合格分數: 70 %

模擬試題參考

成功通過考試後獲得的國際認可證書及資格:

Certified Information System Security Professional (CISSP)

CISSP 課程內容 :

Module 1: Information Security Overview

Core Information Security Principles (CIA)
Security Planning
Security Policies, Procedures, Standards, Guidelines and Baseline
Best Practices in Information Security
Reporting Model
Secure Awareness Training
Overview of Ethics
Common Computer Ethic Fallacies
lSC2 Code of Ethic
Identify and understand the relationship between Vulnerabilities, Threat, Likelihood
Risk Assessment – Qualitative Risk Assessments

Module 2: Access Control

Definitions of key terms
6 Categories of Access Control Controls
3 Types of Access Controls
Threats of Access Controls
System Access
Data / Information Access
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
Penetration Test
Assurance of Access Controls

Module 3: Cryptography

Definitions of key terms
History of Cryptography
2 Cryptography Methods
Encryption System – Substitution Ciphers
Encryption System – Asymmetric Algorithms
Features of Encryptions System other than encryption / decryption
Message Integrity Control Overview
Message Integrity Control – Hash Functions
Message Integrity Control – Message Authentication Code (MAC)
Digital Signatures
Cryptanalysis and Attacks

Module 4: Physical (Environmental) Security

Threats and Vulnerabilities in the Physical Environment
Site Location
Site fabric and infrastructure topics
Layered Defense Model
Infrastructure Support System

Module 5: Security Architecture and Design

Concepts in Computer Hardware
Concepts in Computer Software
Trusted Computer Base (TCB)
Reference Monitor
Security Models and Architecture Theories Overview
Security Models and Architecture Theories – Lattice Model
Security Models and Architecture Theories – Noninterference Model
Security Models and Architecture Theories – Information Flow Model
Security Models and Architecture Theories – Bell-LaPadula Confidentiality Model
Security Models and Architecture Theories – Biba Integrity Model
Security Models and Architecture Theories – Clark–Wilson Integrity Model
Security Models and Architecture Theories – Chinese Wall (Brewer - Nash) Model
Security Product Evaluation Methods and Criteria Overview
Security Product Evaluation Methods and Criteria – TCSEC
Security Product Evaluation Methods and Criteria - ITSEC
Security Product Evaluation Methods and Criteria - Common Criteria
Certification and Accreditation

Module 6: Business Continuity and Disaster Recovery Planning

Definition of Disaster
Definition of Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Understanding Business Continuity Management (BCM)
BCP Scope
Stages of BCM
BCP Phase 1: Project Management and Initiation
BCP Phase 2: Business Impact Assessment (BIA)
BCP Phase 3: Recovery strategy
BCP Phase 4: Plan design and development
BCP Phase 5: Testing, Maintenance, Awareness and Training
Steps in developing recovery strategies
Alternate Sites Overview
Alternate Sites – Mirror Site
Alternate Sites – Hot Site
Alternate Sites – Warn Site
Alternate Sites – Cold Site
Alternate Sites – Mobile Site
Reciprocal agreement

Module 7: Telecommunications and Network Security

Core Data Network Key Terms and Technologies
OSI Reference Model
Basic Telephony
Remote Access Security and Technologies
Network Vulnerabilities, Network Attack and Countermeasures
Network Access Controls (AAA and Firewalls)
Network Availabilities Controls
Internet Security Protocols
Multimedia Security
Network Audit

Module 8: Application Security

Basic Programming Procedures: Coding and Compiling
Threats in Software Environment
Application Development Security Protections and Controls
Software Protection Mechanisms
Malware – Trojans
Malware – Hoaxes
Malware – Virus
Malware – Worms
Other Malware
Malware Protections
DBMS Architecture
Data Warehouse
Database Interface Language - ODBC
Database Interface Language - OLEDB
XML
Database Vulnerabilities, Threats and Protection
Web Application Vulnerabilities, Threats and Protection

Module 9: Operation Security

Roles of System Administrators
Roles of Security Administrators
Operation Security Threats
7 types of Operation Security Controls
Operation Security Control Methods
Continuity of Operations
Change Management
Patch Management

Module 10: Legal, Regulations, Compliance and Investigations

Major Legal System Overview
Major Legal System - Common Law
Major Legal System - Civil Law
Major Legal System – Religious Law
Major Legal System – Mixed Law
Intellectual Properties Laws
Incident Response
Digital / Electronic Evidence
Computer Forensics