The CISSP is ideal for information security professionals interested in proving their knowledge, practical experience and implementation of network security strategies. It demonstrates that you have advanced knowledge and skills to design, develop, and manage an organization’s overall security posture. By the end of 31st May, 2019, there were only 2,538 CISSP members in China. The Certification is extremely valuable.
Advanced Training CISSP
5-days Course October 20th – 24th Early Bird Price USD 1,205 / Per Person (On-site Price USD 1,720 / Per Person) Includes two Keynotes & Tracks Passes
2-days Course October 20th – 21st Early Bird Price USD 770 / Per Person (On-site Price USD 1,100 / Per Person) Enjoy the benefits of Keynotes & Tracks
Notice:
Early Bird Price will be closed at (UTC+8) 23:59 16th October 2019.
The online registration will be closed at (UTC+8) 16:00 October 18th, please register before the deadline or you’ll have to register on-site.
If less than 10 people sign up for the training, the program will be stopped and a full refund will be given.
More than 3 people (including) in the same company registered can enjoy a group discount of 10%.
After completing this course, you will be able to:
● Understand and apply the concepts of risk assessment, risk analysis, data classification and safety awareness.
● Implement risk management and the principles used to support it:
● Risk avoidance
● Risk acceptance
● Risk reduction
● Risk transfer
● Engage in business continuity planning and disaster recovery planning in order to establish enterprise business continuity programs. Understand the links between information security and business continuity, as well as other risk management areas within the overall business continuity risk management framework, such as physical security, records management, supplier management, internal audit, financial risk management, operational risk management, and regulatory compliance (legal and regulatory risk).
●Understand and apply the concepts of confidentiality, integrity, and usability
● Apply security governance principles
● Compliance
● Understand legal and regulatory issues that pertain to information security in a global context
● Understand the professional ethics
● Develop and implement documented security policies, standards, procedures, and guidelines
● Understand Business Continuity (BC) requirements
● Facilitate personnel security policies
● Understand and apply risk management concepts
● Understand and apply threat modeling
● Apply risk-based management concepts to the supply chain
● Establish and manage safety education, training, and awareness
《Asset Security》
Course objectives
Course modules
After completing this course, you will be able to:
● Apply a comprehensive and rigorous approach to describe existing or future organizational security processes, information security systems, and talent structure and behavior, and ensure that these practices and processes are aligned with organizational goals and strategic directions.
● Master the framework, policies, concepts, principles, structures and standards of asset security, establish a benchmark to protect information assets and evaluate the effectiveness of measures.
● Classification of information and supporting assets (e.g., sensitivity and criticality)
● Determine and maintain asset owners (e.g., data owners, system owners, business/mission owners)
● Privacy protection
● Ensure proper asset retention
● Determine data security controls (e.g., stored data, transmitted data)
● Establish information and asset handling requirements (e.g., marking, storage, distribution of sensitive information)
《Security Engineering》
Course objectives
Course modules
After completing this course, you will be able to:
● Applying a comprehensive and rigorous approach to present the current and/or future structure of agency security processes, information security systems, personnel and agency subordinate units in order to keep these practices and processes consistent with the core objectives and strategic direction of the agency.
● Discuss the principles, means and methods of applying mathematical algorithms and data transformation to information to ensure the integrity, confidentiality and authenticity of information.
● Focus on threats, vulnerabilities, and countermeasures that can be used to physically protect enterprise resources and sensitive information.
●Implement and manage engineering processes using secure design principles
● Understand the fundamental concepts of security models (e.g., confidentiality, integrity, and multi-tier models)
● Select controls and countermeasures based on system security evaluation model
● Understand security capabilities of information systems
● Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
● Assess and mitigate vulnerabilities in web-based (e.g., XML、OWASP) systems
● Assess and mitigate vulnerabilities in mobile systems
● Assess and mitigate vulnerabilities of embedded devices and network physical systems (e.g., the Internet of things )
● Apply cryptography
● Apply security principles to site and facility design
● Design and implement physical security
《Communications and Network Security》
Course objectives
Course modules
After completing this course, you will be able to:
● Understand the structure, transmission methods, transmission formats, and security measures used to protect confidentiality, integrity, and availability of information in private and public communication networks.
● Use quantitative analysis and qualitative analysis for risk identification to support the growth of business activities and promote enterprises to actively deal with security risks.
● Implement secure design principles in network architectures
● Secure network components
● Implement secure communication channels according to design
● Protect or slow down network attack communication and network security
《Identity and Access Management》
Course objectives
Course modules
After completing this course, you will be able to:
● Prevent unauthorized or improper access, giving organizations greater confidence in data and system integrity.
● Provide greater visibility to determine who can enter and who can change data or system information in order to protect the integrity of assets.
● Match an entity, such as a person or a computer system, to understand the entity’s behavior towards valuable assets so that the enterprise can better understand the security of the asset.
● Control physical and logical access to assets
● Manage identification and authentication of people, devices, and services
● Integrate identity as a service (e.g., cloud identity)
● Integrate identity as a third-party service
●Implement and manage authorization mechanisms
● Protect or slow down access control attacks
● Manage the identity and access provisioning lifecycle
《Security Assessment and Testing》
Course objectives
Course modules
After completing this course, you will be able to:
● Planning technology development including risk
● According to the mission requirements, evaluation system design
● Identify where competitive prototyping and other evaluation techniques apply to the process
● Design and validate assessment and test strategies
● Conduct security control testing
● Collect security process data (e.g., management and operation control )
● Analyze test output and generate report (e.g., automatic and manual means)
● Implement internal and third-party audits
《Security Operations》
Course objectives
Course modules
After completing this course, you will be able to:
● Protect and control assets that process information in a centralized, distributed environment.
● Perform and maintain the daily tasks required by the efficient and reliable operation of security services.
● Understand and support investigations
● Understand requirements for investigation types
● Conduct logging and monitoring activities
● Securely provisioning resources
● Understand and apply foundational security operations concepts
● Apply resource protection techniques
● Conduct incident management
● Operate and maintain detective and preventative measures
● Implement and support patch and vulnerability management
●Understand and participate in change management processes
● Implement recovery strategies
● Implement Disaster Recovery (DR) processes
● Test Disaster Recovery Plans (DRP)
●Participate in Business Continuity (BC) planning and exercises
● Implement and manage physical security
● Address personnel safety and security concerns
《Software Development Security》
Course objectives
Course modules
After completing this course, you will be able to:
●Understand the software development lifecycle (SDLC) and how to apply security to it
● Identify which security controls apply to the development environment
●Evaluate the effectiveness of software security
● Understand and integrate security in the Software Development Life Cycle (SDLC)
● Identify and apply security controls in development environments
● Assess the effectiveness of software security
● Assess security impact of acquired software
(ISC)² Introduction
International Union for Information system Security Certification
Set up in 1989 – an international nonprofit membership association for information security leaders.
A global leader in providing certification and education to information security professionals throughout their careers.
Global standards for information security – (ISC)² CBK – a collection of topics relevant to cybersecurity professionals around the world
Board of directors — made up of the world’s top information security leaders.
More than 140,000 certified professionals in more than 170 countries.
