CGRC Training Course Training 課程
  Facebook: CGRC Training Course Training 課程
 
CGRC Training Course Training 課程
CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程 CGRC Training Course Training 課程  
CGRC Training Course Training 課程 CGRC Training Course Training 課程

想定期知道最新課程及優惠嗎?
免費訂閱本中心的課程通訊!

【基礎普通話拼音課程】費用全免!

Certified in Governance, Risk and Compliance (CGRC) 國際認可證書課程
課程簡稱:CGRC Training Course

  • 課程時間
  • 課程簡介
  • 課程特點
  • 考試須知
  • 課程內容

課程優惠!現凡同時報讀以下兩個課程:
即減 $750!

傳統服務:課程上堂時間表 (地點:旺角   總費用:$4,480)
學員使用電話或本網頁報名,待本中心確認已為學員留位後,即可使用 轉數快 繳付學費,過程簡便!

超震撼: 凡於 2024年 7月 19日 (五) 或之前報讀本課程,
原價 $5,600,現只需
$4,480!

編號 日期 (dd/mm) 星期 時間 費用 導師  
OU0913CM  11/09 - 09/10
11/9, 16/9, 23/9, 25/9, 30/9, 2/10, 7/10, 9/10
 下載詳細上課日期
一、三 7:00pm - 10:00pm $4,480 Franco 按此報名:CGRC Training Course Training 課程
* 各政府部門可使用 P Card 付款  
如使用 P Card 繳付考試費,考試費需另加 1.3% 附加費  

*** 質素保證: 免費於任何地點試睇首 3 小時課堂錄影,從而可預先了解導師及教材的質素,才報讀課程來上堂。***
請致電與本中心職員預約。 查看各地點電話
旺角 2332-6544
觀塘 3563-8425
北角 3580-1893
沙田 2151-9360
屯門 3523-1560

免費補堂: 學員可於任何地點補看課堂錄影,從而可銜接往後的課堂!
免費重讀: 學員可於課程結束後三個月內於任何地點不限次數地重看課堂錄影,從而可反覆重溫整個課程!
課時: 24 小時
課堂導師: Franco (任教課程清單)

傳統服務的免費補堂或免費重讀,若選擇旺角或觀塘的閒日星期一至四,便需於 6:30p.m. 或之前完成觀看課堂錄影。

地區 地址 電話 教育局註冊編號
旺角 九龍旺角亞皆老街 109 號,皆旺商業大廈 18 樓 1802 - 1807 室 2332-6544 533459
觀塘 九龍觀塘成業街 7 號寧晉中心 12 樓 G2 室 3563-8425 588571
北角 香港北角馬寶道 41-47 號華寶商業大廈 3 樓 01-02 號舖 3580-1893 591262
沙田 新界沙田石門安群街 3 號京瑞廣場 1 期 10 樓 M 室 2151-9360 604488
屯門 新界屯門屯喜路 2 號屯門柏麗廣場 17 樓 1708 室 3523-1560 592552
注意! 客戶必須查問報讀學校的教育局註冊編號,以確認該校為註冊學校,以免蒙受不必要的損失!


在當今日益複雜的商業環境中,適當的治理、風險管理和合規性(Governance, Risk, and Compliance, GRC)策略對於維護企業的可持續發展和法律遵從性至關重要。面對越來越嚴峻的規範要求和潛在的安全威脅,專業的 GRC 知識不僅能夠幫助企業有效管理風險,還能保障企業的商業利益和客戶資料的安全。

為此,我們特別推出了 Certified in Governance, Risk and Compliance (CGRC) 國際認可證書課程,旨在為欲深化在企業治理、風險管理及合規領域專業知識的人士提供全面且系統的培訓。本課程由具有豐富經驗的專家精心設計,全面涵蓋了 CGRC 認證考試的大綱,從組織治理結構的建立、風險識別與評估到合規性策略的制定及執行等關鍵領域,均有深入的剖析。

中心的 Certified in Governance, Risk and Compliance (CGRC) 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。

若要考取 CGRC,同學須要具備 2 年治理、風險管理及合規領域的工作經驗及通過考試。


課程名稱: Certified in Governance, Risk and Compliance (CGRC) 國際認可證書課程
- 簡稱:CGRC Training Course
課程時數: 合共 24 小時 (共 8 堂)
適合人士: 任何人士,無須經驗。
授課語言: 以廣東話為主,輔以英語。
課程筆記: 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。

1. Franco Tsang (CCIE #19772) 親自教授: 本課程由擁有 Triple CCIE, CISA, CISM, CRISC, CDPSE, CISSP, ITILv3 Expert, ITIL 4 Managing Professional, ITIL 4 Strategic Leader, PMP 等專業認證的 Franco Tsang 親自教授。
2. Franco Tsang 親自編寫筆記: Franco 親自編寫筆記,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。
3. 提供模擬考試題目: 本中心為學員提供充足的模擬考試題目,每條考試題目均附有標準答案。而較難理解的題目,均會附有 Franco 的解釋。
4. 深入淺出: Franco 會在課堂上深入淺出地講解相關概念,務求令同學理解抽象的管理概念。
5. 免費重讀: 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。

首先自行前往 ISC2 網站建立 ISC2 Account 並以該 ISC2 Account 登入,登入後依從該網站指示完善您的個人資料 (如姓名、電話號碼及電郵地址等等)。

重要:您必須按照在考試中心出示的身份證上的資料來填寫您的信息。如果不完全匹配,您將無法參加考試,且不會獲退還任何費用。

提交 ISC2 的網上電子表格後,您將被重定向到 Pearson VUE 網站,在那堭z將能夠安排在本中心考試及繳付 USD$599 之考試費。

考試當日到達本中心時必須出示下列兩項有效之身份證明文件,否則考生不可進行考試,而已繳付之考試費亦不會退回:

  1. 香港身份證 及
  2. 附有考生姓名及簽名的證件 (如信用咭、香港特區護照、BNO等)

考試題目由澳洲考試中心傳送到你要應考的電腦,考試時以電腦作答。所有考試題目均為英文,而考試題目格式為 125 條多項選擇題。合格分數為 700 out of 1000 points。




課程名稱:Certified in Governance, Risk and Compliance (CGRC) 國際認可證書課程
- 簡稱:CGRC Training Course

Domain 1 Security and Privacy Governance, Risk Management, and Compliance Program

1.1 Demonstrate knowledge in security and privacy governance, risk management, and compliance program
1.1.1 Principles of governance, risk management, and compliance
1.1.2 Risk management and compliance frameworks using national and international standards and guidelines for security and privacy requirements (e.g., National Institute of Standards and Technology (NIST), cybersecurity framework, Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC))
1.1.3 System Development Life Cycle (SDLC) (e.g., requirements gathering, design, development, testing, and operations/maintenance/disposal)
1.1.4 Information lifecycle for each data type processed, stored, or transmitted (e.g., retaining, disposal/destruction, data flow, marking)
1.1.5 Confidentiality, integrity, availability, non-repudiation, and privacy concepts
1.1.6 System assets and boundary descriptions
1.1.7 Security and privacy controls and requirements
1.1.8 Roles and responsibilities for compliance activities and associated frameworks
1.2 Demonstrate knowledge in security and privacy governance, risk management and compliance program processes
1.2.1 Establishment of compliance program for the applicable framework
1.3 Demonstrate knowledge of compliance frameworks, regulations, privacy, and security requirements
1.3.1 Familiarity with compliance frameworks (e.g., International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), Federal Risk and Authorization Management Program (FedRAMP), Payment Card Industry Data Security Standard (PCI-DSS), Cybersecurity Maturity Model Certification)
1.3.2 Familiarity with other national and international laws and requirements for security and privacy (e.g., Federal Information Security Modernization Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), executive orders, General Data Protection Regulation (GDPR))


Domain 2 Scope of the System


2.1 Describe the system
2.1.1 System name and scope documented
2.1.2 System purpose and functionality
2.2 Determine security compliance required
2.2.1 Information types processed, stored, or transmitted
2.2.2 Security objectives outlined for each information type based on national and international security and privacy compliance requirements (e.g., Federal Information Processing Standards (FIPS), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), data protection impact assessment)
2.2.3 Risk impact level determined for system based on the selected framework


Domain 3 Selection and Approval of Framework, Security, and Privacy Controls


3.1 Identify and document baseline and inherited controls
3.2 Select and tailor controls
3.2.1 Determination of applicable baseline and/or inherited controls
3.2.2 Determination of appropriate control enhancements (e.g., security practices, overlays, mitigating controls)
3.2.3 Specific data handling/marking requirements identified
3.2.4 Control selection documentation
3.2.5 Continued compliance strategy (e.g., continuous monitoring, vulnerability management)
3.2.6 Control allocation and stakeholder agreement


Domain 4 Implementation of Security and Privacy Controls


4.1 Develop implementation strategy (e.g., resourcing, funding, timeline, effectiveness)
4.1.1 Control implementation aligned with organizational expectations, national or international requirements, and compliance for security and privacy controls
4.1.2 Identification of control types (e.g., management, technical, common, operational control)
4.1.3 Frequency established for compliance documentation reviews and training
4.2 Implement selected controls
4.2.1 Control implementation consistent with compliance requirements
4.2.2 Compensating or alternate security controls implemented
4.3 Document control implementation
4.3.1 Residual security risk or planned implementations documented (e.g., Plan of Action and Milestones (POA&M), risk register)
4.3.2 Implemented controls documented consistent with the organization's purpose, scope, and risk profile (e.g., policies, procedures, plans)


Domain 5 Assessment/Audit of Security and Privacy Controls


5.1 Prepare for assessment/audit
5.1.1 Stakeholder roles and responsibilities established
5.1.2 Objectives, scope, resources, schedule, deliverables, and logistics outlined
5.1.3 Assets, methods, and level of effort scoped
5.1.4 Evidence for demonstration of compliance audited (e.g., previous assessments/audits, system documentation, policies)
5.1.5 Assessment/audit plan finalized
5.2 Conduct assessment/audit
5.2.1 Compliance capabilities verified using appropriate assessment methods: interview, examine, test (e.g., penetration, control, vulnerability scanning)
5.2.2 Evidence verified and validated
5.3 Prepare the initial assessment/audit report
5.3.1 Risks identified during the assessment/audit provided
5.3.2 Risk mitigation summaries outlined
5.3.3 Preliminary findings recorded
5.4 Review initial assessment/audit report and plan risk response actions
5.4.1 Risk response assigned (e.g., avoid, accept, share, mitigate, transfer) based on identified vulnerabilities or deficiencies
5.4.2 Risk response collaborated with stakeholders
5.4.3 Non-compliant findings with newly applied corrective actions reassessed and validated
5.5 Develop final assessment/audit report
5.5.1 Final compliance documented (e.g., compliant, non-compliant, not applicable)
5.5.2 Recommendations documented when appropriate
5.5.3 Assessment report finalized
5.6 Develop risk response plan
5.6.1 Residual risks and deficiencies identified
5.6.2 Risk prioritized
5.6.3 Required resources identified (e.g., financial, personnel, and technical) to determine time required to mitigate risk


Domain 6 System Compliance


6.1 Review and submit security/privacy documents
6.1.1 Security and privacy documentation required to support a compliance decision by the appropriate party (e.g., authorizing official, third-party assessment organizations, agency) compiled, reviewed, and submitted
6.2 Determine system risk posture
6.2.1 System risk acceptance criteria
6.2.2 Residual risk determination
6.2.3 Stakeholder concurrence for risk treatment options
6.2.4 Residual risks defined in formal documentation
6.3 Document system compliance
6.3.1 Formal notification of compliance decision
6.3.2 Formal notification shared with stakeholders


Domain 7 Compliance Maintenance


7.1 Perform system change management
7.1.1 Changes weigh the impact to organizational risk, operations, and/or compliance requirements (e.g., revisions to baselines)
7.1.2 Proposed changes documented and approved by authorized personnel (e.g., Change Control Board (CCB), technical review board)
7.1.3 Deploy to the environment (e.g., test, development, production) with rollback plan
7.1.4 Changes to the system tracked and compliance enforced
7.2 Perform ongoing compliance activities based on requirements
7.2.1 Frequency established for ongoing compliance activities review with stakeholders
7.2.2 System and assets monitored (e.g., physical and logical assets, personnel, change control)
7.2.3 Incident response and contingency activities performed
7.2.4 Security updates performed and risks remediated/tracked
7.2.5 Evidence collected, testing performed, documentation updated (e.g., service level agreements, third party contracts, policies, procedures), and submission/communication to stakeholders when applicable
7.2.6 Awareness and training performed, documented, and retained (e.g., contingency, incident response, annual security and privacy)
7.2.7 Revising monitoring strategies based on updates to legal, regulatory, supplier, security and privacy requirements
7.3 Engage in audits activities based on compliance requirements
7.3.1 Required testing and vulnerability scanning performed
7.3.2 Personnel interviews conducted
7.3.3 Documentation reviewed and updated
7.4 Decommission system when applicable
7.4.1 Requirements for system decommissioning reviewed with stakeholders
7.4.2 System removed from operations and decommissioned
7.4.3 Documentation of the decommissioned system retained and shared with stakeholders

The course content above may change at any time without notice in order to better reflect the content of the examination.

 

更多綜合課程
  攝影課程
  • 攝影初級
  • 攝影中級 (風景專題)
  英文課程
  • IPA 拼音:級別 1 2 3 4
  普通話課程
  • 基礎普通話拼音 (免費)
  • 進階普通話拼音
  • 普通話會話:級別 1 2 3
  西班牙語文課程
  • 級別 1 2 3
  中醫課程
  • 濕疹與皮膚敏感病
  • 暗瘡與色斑 | 鼻敏感與感冒
  • 脫髮與白髮 | 從五官看健康
  風水命理課程
  • 紫微斗數:級別 1 2 3
  • 子平八字:級別 1 2 3
  • 八字風水:級別 1 2 3
  • 奇門遁甲:級別 1 2 3