付款。推介服務:課堂錄影隨時睇
(在家觀看 = 0%,在校觀看 = 100%)
(在家觀看 = 0%,在校觀看 = 100%)
100% 在校觀看日期及時間:
自由選擇,點選以下地區觀看辦公時間及位置
旺角: 95折 $2,831 報名 phone
電話:2332-6544
觀塘: 9折 $2,682 報名 phone
電話:3563-8425
北角: 9折 $2,682 報名 phone
電話:3580-1893
沙田: 85折 $2,533 報名 phone
電話:2151-9360
屯門: 85折 $2,533 報名 phone
電話:3523-1560
課時: 18 小時
享用時期: 6 星期 (可於報讀日至 4 星期內觀看整個課程,另加 2 星期備用時期)。進度由您控制,可快可慢。
課堂錄影導師:Franco
在校免費試睇:首 1 小時,請致電以上地點與本中心職員預約。
本課程提供在校免費重睇及導師解答服務。
ISACA® 成立於1969 年,多年來不斷參與各項系統確認性與安全、企業資訊治理及資訊風險的活動,口碑載譽。
ISACA® 會員遍佈逾 160 個國家,總數超過 86,000 人。其頒授的全球認可國際資訊隱私防護師認證 (CDPSE, Certified Data Privacy Solutions Engineer) 資格,更是各位管理人員必考的證書。取得 CDPSE 資格標誌著該專業人員具備管理隱私的知識,以及構建和實施全面數據隱私措施所需的技術,以降低風險並提高效率。
本中心的 CDPSE 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。
| 課程名稱: |
CDPSE 國際認可證書課程 - 簡稱:CDPSE Training Course |
| 課程時數: | 合共 18 小時 (共 6 堂) |
| 適合人士: | 具備 3 年或以上的資料隱私治理、隱私架構及/或資料生命週期領域工作經驗 |
| 授課語言: | 以廣東話為主,輔以英語 |
| 課程筆記: | 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。 |
| 1. Franco Tsang (CCIE #19772) 親自教授: | 本課程由擁有 CISA, CISM, CRISC, CDPSE, CISSP, ITILv3 Expert, ITIL 4 Managing Professional, ITIL 4 Strategic Leader, PMP 等專業認證的 Franco Tsang 親自教授。 |
| 2. Franco Tsang 親自編寫筆記: | Franco 親自編寫筆記,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。 |
| 3. 提供模擬考試題目: | 本中心為學員提供充足的模擬考試題目,每條考試題目均附有標準答案。而較難理解的題目,均會附有 Franco 的解釋。 |
| 4. 深入淺出: | Franco 會在課堂上深入淺出地講解相關概念,務求令同學理解抽象的概念。 |
| 5. 免費重讀: | 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。 |
本中心為 PSI 指定的 CDPSE 考試試場,導師會在課堂上講解考試程序。考試費用如下:
通過考試後,同學需要
完成上述要求後,便能成為 CDPSE。 |
| 課程名稱:CDPSE 國際認可證書課程 - 簡稱:CDPSE Training Course |
DOMAIN 1: PRIVACY GOVERNANCE (GOVERNANCE, MANAGEMENT & RISK MANAGEMENT)
- Identify the internal and external privacy requirements specific to the organization's governance and risk management programs and practices.
- Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and/or industry best practices.
- Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments.
- Participate in the development of procedures that align with privacy policies and business needs.
- Implement procedures that align with privacy policies.
- Participate in the management and evaluation of contracts, service levels and practices of vendors and other external parties.
- Participate in the privacy incident management process.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Develop and/or implement a prioritization process for privacy practices.
- Develop, monitor and/or report performance metrics and trends related to privacy practices.
- Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
- Participate in privacy training and promote awareness of privacy practices.
- Identify issues requiring remediation and opportunities for process improvement.
DOMAIN 2: PRIVACY ARCHITECTURE
- Coordinate and/or perform privacy impact assessment (PIA) and other privacy-focused assessments to identify appropriate tracking technologies and technical privacy controls.
- Participate in the development of privacy control procedures that align with privacy policies and business needs.
- Implement procedures related to privacy architecture that align with privacy policies.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and considerations.
- Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
- Identify, validate and/or implement appropriate privacy and security controls according to data classification procedures.
DOMAIN 3: DATA LIFECYCLE
- Identify the internal and external privacy requirements relating to the organization's data lifecycle practices.
- Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments relating to the organization’s data lifecycle practices.
- Participate in the development of data lifecycle procedures that align with privacy policies and business needs.
- Implement procedures related to data lifecycle that align with privacy policies.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and data lifecycle considerations.
- Identify, validate and/or implement appropriate privacy and security controls according to data classification procedures.
- Design, implement and/or monitor processes and procedures to keep the inventory and dataflow records current.
1 Privacy governance (governance, management & risk management)
1.1 Governance
1.1.1 Personal Data and Information
1.1.1.1 Defining Personal Data and Personal Information
1.1.1.1.1 Personal data
1.1.1.1.2 Personal information
1.1.1.1.3 Personal datum
1.1.1.1.4 Data subject
1.1.1.1.5 Sensitive personal data or sensitive data
1.1.1.1.6 Personally identifiable information (PII)
1.1.2 Privacy Laws and Standards Across Jurisdictions
1.1.2.1 Privacy Protection Legal Models
1.1.2.1.1 Comprehensive model
1.1.2.1.2 Sectoral model
1.1.2.1.3 Co-regulatory model
1.1.2.1.4 Self-regulatory model
1.1.2.2 Privacy Laws and Regulations
1.1.2.3 Privacy Standards
1.1.2.4 Privacy Principles and Frameworks
1.1.2.5 Privacy Self-Regulation Standards
1.1.3 Privacy Documentation
1.1.3.1 Types of Documentation
1.1.3.1.1 Privacy Notice
1.1.3.1.2 Consent Form
1.1.3.1.3 Privacy Policies
1.1.3.1.4 Privacy Procedures
1.1.3.1.5 Corrective Action Plan (CAP)
1.1.3.1.6 System of Record Notice (SORN)
1.1.3.1.7 Personal Information Inventory
1.1.4 Legal Purpose, Consent and Legitimate Interest
1.1.4.1 Legal Purpose
1.1.4.2 Consent
1.1.4.3 Legitimate Interest
1.1.5 Data Subject Rights (with Control-P and Communicate-P)
1.2 Management
1.2.1 Roles and Responsibilities Related to Data
1.2.2 Privacy Training and Awareness
1.2.2.1 Content and Delivery
1.2.2.2 Training Frequency
1.2.2.3 Measuring Training and Awareness
1.2.3 Vendor and Third-Party Management
1.2.3.1 Legal Requirements
1.2.3.2 Management Procedures
1.2.4 Audit Process
1.2.5 Privacy Incident Management
1.3 Risk Management
1.3.1 Risk Management Process
1.3.2 Problematic Data Actions Affecting Privacy
1.3.2.1 Vulnerabilities
1.3.2.2 Problematic Data Actions
1.3.2.3 Privacy Harms and Problems
1.3.3 Privacy Impact Assessment (PIA)
1.3.3.1 Established PIA Methodologies
1.4 Conclusion of this chapter
2 Privacy architecture
2.1 Infrastructure
2.1.1 Self-managed and cloud-based Infrastructure
2.1.1.1 Non-Cloud Alternatives to On-premises Centers
2.1.1.2 Key Privacy Concerns
2.1.2 Cloud Computing
2.1.2.1 Cloud Data Centers / Cloud Types
2.1.2.2 Five Essential Characteristics of Cloud Computing
2.1.2.3 Cloud Service Models
2.1.2.5 Advantages of Cloud Computing
2.1.2.6 Limitation/concerns of Cloud Computing
2.1.3 Endpoints
2.1.3.1 Approaches to Endpoint Security
2.1.4 Remote Access
2.1.4.1 Virtual Private Networks (VPN)
2.1.4.1.1 Issues
2.1.4.1.2 Risks
2.1.4.2 Desktop Sharing
2.1.4.2.1 Issues and Risks
2.1.4.3 Privileged Access Management (PAM)
2.1.5 System Hardening
2.2 Applications and Software
2.2.1 Secure Development Life Cycle
2.2.1.1 Privacy and the Phases of the Secure Development Life Cycle
2.2.1.2 Privacy By Design
2.2.2 Application and Software Hardening
2.2.2.1 Best Practices for Hardening
2.2.3 APIs and Services
2.2.3.1 APIs
2.2.3.2 Web Service
2.2.4 Tracking Technologies
2.2.4.1 Types of Tracking Technologies
2.2.4.1.1 Cookies
2.2.4.2 Tracking Pixels
2.2.4.3 Digital Fingerprinting/Browser Fingerprinting
2.2.4.4 GPS Tracking
2.2.4.5 Radio Frequency Identification (RFID)
2.3 Technical Privacy Controls
2.3.1 Communication and Transport Protocols
2.3.2 Types of Communication Protocols
2.3.2.1 Types of Communication Protocols
2.3.2.2 Local Area Network (LAN)
2.3.2.2.1 LAN Topologies and Protocols
2.3.2.2.2 LAN Components
2.3.2.3 TCP/IP Internet World Wide Web Services
2.3.2.3.1 Port number
2.3.2.3.2 DNS and DNS poisoning (DNS Spoofing)
2.3.2.3.3 Sender Policy Framework (SPF)
2.3.2.3.4 Wireless Local Area Networks
2.3.2.4 Transport Layer Security
2.3.2.5 Secure Shell (SSH)
2.3.3 Encryption, Hashing and De-identification
2.3.3.1 Encryption
2.3.3.1.1 Symmetric Algorithms
2.3.3.1.2 Asymmetric Algorithms
2.3.3.1.2.1 Asymmetric encryption algorithm in SSH
2.3.3.1.3 Quantum Cryptography
2.3.3.2 De-identification (Pseudonymization, k-anonymization)
2.3.3.3 Hashing
2.3.3.3.1 Message Integrity and Hashing Algorithms
2.3.3.3.2 Digital Signatures and nonrepudiation
2.3.3.3.3 Digital Envelope
2.3.3.4 Applications of Cryptographic Systems
2.3.3.4.1 IP Security (IPSec)
2.3.3.4.2 Secure Multipurpose Internet Mail Extensions (S/MIME)
2.3.4 Key Management
2.3.4.1 Certificates
2.3.4.2 Public Key Infrastructure (PKI)
2.3.5 Monitoring and Logging
2.3.5.1 Monitoring
2.3.5.2 Logging
2.3.5.3 Privacy and Security Logging
2.3.6 Identity and Access Management
2.3.6.1 System Access Permission
2.3.6.2 Mandatory and Discretionary Access Controls (MAC and DAC)
2.3.6.3 Information Security and External Parties
2.3.6.3.1 Identification of Risk Related to External Parties
2.3.6.4 Human Resources Security and Third Parties
2.3.6.4.1 Screening
2.3.6.4.2 Removal of Access Rights
2.4 Conclusion of this chapter
3 Data lifecycle
3.1 Data Purpose and Data Management Maturity Model
3.1.1 Data Inventory and Classification
3.1.1.1 Data Inventory
3.1.1.1.1 Creating a Data Inventory
3.1.1.1.1.1 Plan
3.1.1.1.1.2 Decide
3.1.1.1.1.3 Populate
3.1.1.1.1.4 Publish
3.1.1.2 Data Classification
3.1.2 Data Quality
3.1.2.1 Data Quality Dimensions
3.1.3 Data Flow and Usage Diagrams
3.1.3.1 Data Flow Diagram
3.1.3.2 Usage Diagrams/Activity diagram
3.1.3.2.1 Introduction
3.1.3.2.2 Key features
3.1.3.2.3 Benefits of Usage or Activity Diagrams
3.1.3.2.4 Common symbol and nodes
3.1.3.2.5 Integrated example of Usage or activity diagrams
3.1.3.3 Data Flow Diagram vs Usage Diagrams
3.1.3.4 Data Lineage
3.1.4 Data Use Limitation
3.1.5 Data Analytics
3.1.5.1 User Behavior Analytics (UBA), SQL injection
3.2 Data Persistence and data modeling
3.2.1 Data Persistence and Data Retention
3.2.2 Data modeling
3.2.3 Data Minimization
3.2.4 Data Migration
3.2.4.1 Data Conversion
3.2.4.2 Refining the Migration Scenario
3.2.4.2.1 Fallback (Rollback) Scenario
3.2.4.3 Post-Data Migration
3.2.5 Data Storage and Tokenization
3.2.6 Data Warehousing
3.2.6.1 Extract, Transform, Load (ETL)
3.2.6.1.1 Staging Layer
3.2.6.1.2 Presentation Layer
3.2.6.2 Additional Considerations
3.2.7 Data Retention and Archiving
3.2.8 Data Destruction
3.2.8.1 Data Anonymization
3.2.8.2 Deletion
3.2.8.3 Crypt-shredding
3.2.8.4 Degaussing
3.2.8.5 Destruction
3.3 Conclusion of this chapter
4 Further readings
4.1 Key points of GDPR
4.2 ISO/IEC 27000 series standards
4.3 Data normalization
4.4 Development, test, staging, and production environments (DTSP)
4.5 Federated Identity Management (FIM)
4.6 OWASP Top Ten
4.7 CSRF (Cross-Site Request Forgery)