CISA/ CISSP

CISSP 資訊系統保安及審計證書課程詳述您的服務

現今資訊科技發展迅速, 幾乎各行各業都倚靠電腦, 網絡, 雲端技術, 以及最近興起的BYOD模式, 支援其營運, 這些電腦系統的數據庫亦載有大量的個人資料及商業秘密.  這些資料往往成為黑客的竊取目標.  以下兩宗網絡安全事故就是著明的例子:

• 2011年4月, Sony被黑客入侵其PlayStation遊戲網絡, 盜取了7700萬客戶個人資料, 當中可能包括了1230萬客戶信用卡資料, 估計損失超過10億美元

• 2011年8月, 港交所的披露易網站遭黑客政擊, 導致網絡癱瘓, 七家公司, 超過四百隻投資產品被迫停牌半日, 帳面損失逾2000萬港元.因此,  怎樣碓保對風險的監控, 以及這些資料的保護是足夠及有效率尤其重要. 在2000年開始, 因為各大機構開始對資訊科技的保安意識增加,  對資訊系統審計師的需求越來越多. CISA及CISSP這兩個國際認可度最高的電腦保安與審計證書, 除了是投身資訊系統的一個門檻外,  亦可提昇對電腦系統安全保護的認識. 這課程專除了供審計師, 電腦保安專家獲取國際認可的資格外, 電腦部門主管, 公司董事, 亦可以透過CISA及CISSP的課程, 對自己的公司及運作的風險多加了解, 並實施相關的監控措施去保護公司的利益.根據在2015年的數據,  現時全球約有78000 個CISA及98000個CISSP, 當中香港各佔千多人, 而各企業對此兩證書越來越看重.  根據2017年7月7日於JobsDB之數據, 各有大約200份工作都要求持有CISA或CISSP之證書, 而這數據更有上升之趨勢. 


課程內容包括:


  • Access Control Management
  • Audit Process
  • Business Continuity Plan and Disaster Recovery
  • Communication and Network Security
  • Cryptographic
  • IT Governance & Management
  • IT Service Delivery Security and Audit
  • Information Asset Protection
  • Legal, Regulations, Compliance
  • Physical and Environmental Security
  • Risk and Control Management
  • Security Operations
  • Software Application Development Security and Audit

CISSP Course fee: HK$8,800

  • 課程包括
    • 24 小時課程
    • MOCK exam

CISSP Prep Exam Course- 20190107KC
Duration:24 Hours (8 Classes)
​Date:  7/1, 9/1, 14/1, 16/1, 21/1, 23/1, 28/1, 30/1

Time: 19:00-22:00

4-day CISA fast-tracked exam preparation for CISSP holder

Objective:

  

This is a 4-days fast-track CISA exam preparation course provided for the student who already CISSP certified. The training will only focus on the audit technique and auditor concerns. All the technical details and content covered by CISSP will be skipped, and the trainee should self-study all the materials.

Schedule:

  

Day 1:  Focus on Domain 1 to understand the Audit process and techniques

Day 2: Focus on Domain 2 and Domain 3, brief discuss the auditor concern on IT Governance, Project Management, and Software Development / Acquisition

Day 3: Focus on Domain 4 and Domain 5, brief discuss the auditor concern on Day-to-day operation and information asset protection

Day 4: After finish all the MCs (homework) form Domain 1 to Domain 5, a training session to discuss some of the MC questions and answers.
 

Pre-requisition:

- The candidate should have strong knowledge on technical background covered in the CISSP

CISA Contents

Domain 1: The process of Auditing Information Systems- Information Security Audit 


  • Information Security Management Framework
  • COBIT5 / ISO 19011:2011
  • Planning, Code of Ethics, 
  • Audit Classification
  • Audit Program
  • Audit Methodology
  • ISO 27001:2013 / PCI DSS
  • Risk-based Audit
  • Audit Testing
  • Audit Sampling
  • Audit Evidence
  • Computer-assisted Audit Techniques
  • Audit Result
  • Audit Documentation
  • Control Self-Assessment
  • Continuous Auditing
    - Self Study:
  • Security Principles and definition
  • Risk Management
  • Information System Control
  • Vulnerability Assessment


Domain 2: Governance and Management of IT- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes


  • IT Security Governance
  • IT Steering Committee
  • Enterprise Architecture
  • Strategic Planning
  • Policies
  • Legal, Regulator, Compliance
  • Privacy
  • Human Resource Management
  • Outsourcing / Supplier Management
  • Cloud Computing
  • Organization Structure / Roles and Responsibly 



Domain 3: IS Acquisition, Development & Implementation

- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes


  • Project Management
  • Software Development
  • Business Application Systems
  • Software Vulnerabilities
  • Software Controls
  • Change Management Process
  • Configuration Management Process
  • Business Process Re-engineering
  • OWASP Top-10


Domain 4: IS Operation, Maintenance & Support

- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes


  • Information System Operations
  • Information System Hardware
  • IS Architecture and software
  • IS Network Infrastructure
  • Monitoring, Measurement, Analysis, Evaluation
  • Database management system
  • BCP and DRP
  • Backup Management


Domain 5: Protection of Information Assets

- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes


  • Asset Management
  • Access Control
  • Physical and Environmental Security
  • Privacy
  • Computer Crime
  • Encryption

Date: 15/5, 17/5, 24/5, 7/6
Time: 19:00-22:00

Course fee: HKD3,500