CISSP  Training Course Training 課程
  Facebook: CISSP  Training Course Training 課程
 
CISSP  Training Course Training 課程
CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程 CISSP  Training Course Training 課程  
CISSP  Training Course Training 課程 CISSP  Training Course Training 課程

想定期知道最新課程及優惠嗎?
免費訂閱本中心的課程通訊!

課堂錄影隨時睇 10 大優點之免費重睇:您可於享用時期內於報讀地點不限次數地重看課堂錄影,從而可反覆重溫整個課程!

CISSP 國際認可證書課程 (Premier Cybersecurity Certification)
課程簡稱:CISSP Training Course

  • 課程時間
  • 課程簡介
  • 課程特點
  • 考試須知
  • 課程內容
  • 報章訪問

課程內容覆蓋現有 Syllabus 和新 Syllabus (2021-05)。


傳統服務:課程上堂時間表 (地點:旺角   總費用:$3,980)
學員使用電話或本網頁報名,待本中心確認已為學員留位後,即可使用 轉數快 繳付學費,過程簡便!
編號 日期 (dd/mm) 星期 時間 費用 導師  
PS1113CM  17/11 - 20/12
17/11, 22/11, 24/11, 29/11, 1/12, 6/12, 8/12, 13/12, 15/12, 20/12
 下載詳細上課日期
一、三 7:00pm - 10:00pm $3,980 Franco 按此報名:CISSP  Training Course Training 課程
* 各政府部門可使用 P Card 付款  

*** 質素保證: 免費於任何地點試睇首 3 小時課堂錄影,從而可預先了解導師及教材的質素,才報讀課程來上堂。***
請致電與本中心職員預約。 查看各地點電話
旺角 2332-6544
觀塘 3563-8425
北角 3580-1893
沙田 2151-9360
屯門 3523-1560

免費補堂: 學員可於任何地點補看課堂錄影,從而可銜接往後的課堂!
免費重讀: 學員可於課程結束後三個月內於任何地點不限次數地重看課堂錄影,從而可反覆重溫整個課程!
課時: 30 小時
課堂導師: Franco (任教課程清單)

傳統服務的免費補堂或免費重讀,若選擇旺角或觀塘的閒日星期一至四,便需於 6:30p.m. 或之前完成觀看課堂錄影。


推介服務:課堂錄影隨時睇 (在家觀看 = 0%,在校觀看 = 100%)
學員使用電話或本網頁報名,待本中心確認已為學員留位後,即可使用 轉數快 繳付學費,過程簡便!
編號 地點 可預約星期及時間 學費低至 85 折  
PS2109MV 旺角 一至五:14:30 - 22:15   六:13:45 - 21:30   日:10:15 - 18:00  (公眾假期休息) 95 折後只需 $3,781 按此報名:CISSP  Training Course Training 課程
PS2109OV 觀塘 一至五:13:30 - 22:00   六及日:12:30 - 21:00   (星期三及公眾假期休息) 9 折後只需 $3,582 按此報名:CISSP  Training Course Training 課程
PS2109PV 北角 一至五:13:30 - 22:00   六及日:12:30 - 21:00   (星期三及公眾假期休息) 9 折後只需 $3,582 按此報名:CISSP  Training Course Training 課程
PS2109SV 沙田 一至五:13:30 - 22:00   六及日:12:30 - 21:00   (星期三及公眾假期休息) 85 折後只需 $3,383 按此報名:CISSP  Training Course Training 課程
PS2109YV 屯門 一至五:13:30 - 22:00   六及日:12:30 - 21:00   (星期三及公眾假期休息) 85 折後只需 $3,383 按此報名:CISSP  Training Course Training 課程
* 各政府部門可使用 P Card 付款  
在校免費試睇: 首 3 小時,請致電與本中心職員預約。 查看各地點電話
旺角 2332-6544
觀塘 3563-8425
北角 3580-1893
沙田 2151-9360
屯門 3523-1560
在校免費重睇: 學員可於享用時期內於報讀地點不限次數地重看課堂錄影,從而可反覆重溫整個課程!
導師解答: 學員可於觀看某一課堂錄影後提出課堂直接相關的問題,課程導師會樂意為學員以單對單的形式解答!
課時: 30 小時
享用時期: 10 星期 (可於報讀日至 4 星期內觀看整個課程,另加 6 星期備用時期)。進度由您控制,可快可慢。
課堂錄影導師: Franco (任教課程清單)
在校觀看: 詳情及示範片段


地區 地址 電話 教育局註冊編號
旺角 九龍旺角亞皆老街 109 號,皆旺商業大廈 18 樓 1802 - 1807 室 2332-6544 533459
觀塘 九龍觀塘成業街 7 號寧晉中心 12 樓 G2 室 3563-8425 588571
北角 香港北角馬寶道 41-47 號華寶商業大廈 3 樓 01-02 號舖 3580-1893 591262
沙田 新界沙田石門安群街 3 號京瑞廣場 1 期 10 樓 M 室 2151-9360 604488
屯門 新界屯門屯喜路 2 號屯門柏麗廣場 17 樓 1708 室 3523-1560 592552
注意! 客戶必須查問報讀學校的教育局註冊編號,以確認該校為註冊學校,以免蒙受不必要的損失!



近年系統和網絡技術發展一日千里,大家開發解決方案 ( Solution ) 或處理電子資訊時除需要考慮功能外,更須注意資訊保安。一旦出現資訊安全事故 ( 例如客戶資料外洩 ),商譽或金錢上的損失均無法想像。故此資訊保安已成為 I.T. 界的 "必修科",僱主聘用 I.T. 同事時亦要求具備資訊保安知識及相關認證,例如 CISSP (Certified Information Systems Security Professional) 。

CISSP 證書制度是由 International Information Systems Security Certification Consortium ( 簡稱 ISC2 ) 建立,CISSP 是一張中立 ( Vendor Neutral) 的認證,當中所涉及的知識不限制於個別器材軟件生產商 (Vendor)。故此 CISSP 的知識應用層面十分廣泛。CISSP 的考試內容主要圍繞下列 8 個 CBK (Common Body of Knowledge)

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security



CISSP

若要考取 CISSP,同學須要

  1. 具備 5 年資訊保安相關的工作經驗
  2. 通過 CISSP 考試 (我們備有大量練習令學員更易通過考試)
  3. 通過 Endorsement 過程
    (本中心的 CISSP 學員可向本中心免費申請 Endorsement 的協助,而本中心會按照 ISC2 指引來免費提供 Endorsement 服務。)
  4. 通過 ISC2 的審核

備註:申請者如未具有足夠的工作經驗,依然可以參加 CISSP,考試後成為 Associate of ISC2,當累積足夠的工作經驗時,便可以申請成為 CISSP。



課程名稱: CISSP 國際認可證書課程 (Premier Cybersecurity Certification)
- 簡稱:CISSP Training Course
課程時數: 合共 30 小時 (共 10 堂)
適合人士: 對資訊保安有興趣的人士
授課語言: 以廣東話為主,輔以英語
課程筆記: 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。

1. Franco Tsang 親自教授: 本課程由擁有 CISSP, CCIE, RHCE, MCITP 實力經驗俱備的 Franco Tsang 親自教授。
2. Franco 親自編寫筆記: Franco 親自編寫筆記,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。
3. 理論與實習並重: Franco 會在課堂上作出大量示範,務求令同學理解抽象的資訊保安概念,以及如何將 CISSP 的知識應用在日常工作上。我們亦有大量練習令學員更易通過考試。
4. 免費重讀: 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。

導師會在課堂內講解考試程序。

考試合格後,下一步便是通過 Endorsement。考生須得到另一名 ISC2 Certified 的人士推薦,並為考生簽署 Endorsement Form。

本中心的 CISSP 學員可向本中心免費申請 Endorsement 的協助,而本中心會按照 ISC2 指引來免費提供 Endorsement 服務。

最後,ISC2 會隨機抽樣為考生所提供的文件進行 Audit. 通過 Audit 後便可成為 CISSP。

Recently, the following Systematic CISSP course students applied for our help and we endorsed them successfully:

  • A. Chan
  • A. Chung
  • A. Yao
  • A. Yiu
  • A.Wong
  • Alan Cheung
  • Alan Choi
  • Alan Kwong
  • Alan Lee
  • Albert To
  • Alfred S.Y. Chan
  • Alfred Y.H. Chan
  • Andy Lau
  • Anthony Wu
  • Antony Chan
  • B. Ho
  • B. Kwok
  • B. Lau
  • B. Yiu
  • Ben Chan
  • Ben Wong
  • Billy Chan
  • C. Chan
  • C. Choi
  • C. Chung
  • C. Lee
  • C. Li
  • C. Ma
  • C. Tse
  • C.F. Cho
  • C.F. Ko
  • C.I. Choi
  • C.M. Yip
  • C.N. Yue
  • Chan C. C
  • Charlaes Ho
  • Charles Wong
  • Chris Ng
  • Chris Ngai
  • Cody Wong
  • Colin Yeung
  • David Lau
  • David Leung
  • Derek Au
  • Derek Yeung
  • E. Mok
  • Eddie Ho
  • Edmond Chan
  • Edward Tam
  • Edwin Tang
  • Eric Wong
  • Eric Wu
  • Ernest Chan
  • F. Mok
  • F. Tong
  • F. Tse
  • Frankie Ng
  • G. Cheung
  • G. Kan
  • G. Tang
  • Gavin Lo
  • H. S. Lam
  • H. Seto
  • H. Y. Lin
  • Henry Pang
  • Howard Lee
  • I. Lai
  • Ivan Chow
  • Ivan Mong
  • J. Chan
  • J. Chow
  • J. Kwok
  • J. Lai
  • J. Lau
  • J. Mak
  • J. Ng
  • J. Ting
  • J. Yue
  • Jason Li
  • Jason Luk
  • Jeff Ho
  • Joe Chan
  • Joey Ho
  • Johnny Lam
  • Joseph Kwong
  • Joseph Lau
  • Justin Mok
  • K. Chan
  • K. F. Lau
  • K. Fung
  • K. Kwan
  • K. Li
  • K. S. Li
  • K. Tsui
  • K.F. Fung
  • K.F. Tang
  • K.F. Wong
  • K.W. Chung
  • K.W. Tse
  • Kelvin Tang
  • Kelvin Tse
  • Kene Lai
  • Kenneth Cheung
  • Kenneth Keung
  • Kenneth Shum
  • L. Chung
  • L. Ng
  • L. T. Kwok
  • Lawrence Chan
  • Lawrence Tang
  • M. Chan
  • M. Hui
  • M. Leung
  • M. Ng
  • M.C. Chan
  • M.H. Yip
  • Matthew Chan
  • Maverick Wong
  • N. C
  • O. Yun
  • P. Lam
  • P. Yau
  • Paul Wong
  • R. Chan
  • R. Yu
  • Ray Lam
  • Ray Tsang
  • Raymond Cheung
  • Raymond Law
  • Raymond Lo
  • Rex Lee
  • Richard Mon
  • Roy Fong
  • Roy Lam
  • Roy Yiu
  • S. F. Choy
  • S. H. Wang
  • S. Lam
  • S. Leung
  • S. Mak
  • S. Sin
  • S. Wu
  • S. Y. Chu
  • S.H. So
  • S.M. Ho
  • S.W. Lu
  • Sam Lo
  • Sammy Leung
  • Samson Tai
  • Simon Leung
  • Simon Yu
  • Stanley Lam
  • Stephanie Chan
  • Steve Wong
  • Steven Tsoi
  • T. Leung
  • T. W. Cheng
  • T.S. Chan
  • T.Y. Li
  • Terence Mak
  • Terry Ng
  • Terry Yau
  • Tony Lo
  • Tony Wong
  • Tony Yeung
  • U. Cheung
  • V. Tang
  • Vincent Chan
  • W. C. Fung
  • W. H. Ma
  • W. Hon
  • W. Hung
  • W. L. Lee
  • W. Lau
  • W. T. Tai
  • W.C.D. Fung
  • W.S Lai
  • W.S. Chu
  • W.T. Chiu
  • Willy Poon
  • X. Yao
  • Y. C. Choi
  • Y. Chang
  • Y. K. Kong
  • Y.C. Chow
  • Y.L. Cheng
  • Y.T. Tang
  • Zero Ho
  • 更多...未能盡錄

Congratulations to them!!






課程名稱:CISSP 國際認可證書課程 (Premier Cybersecurity Certification)
- 簡稱:CISSP Training Course


1 Introduction
1.1 Steps to get the CISSP certification

2 Domain 1: Security and Risk Management
2.1 Understand, adhere to, and promote professional ethics
2.1.1 (ISC)2 Code of Professional Ethics
2.2 Understand and apply security concepts
2.2.1 Confidentiality
2.2.2 Integrity
2.2.3 Availability
2.2.4 Authenticity
2.2.5 Nonrepudiation
2.3 Evaluate and apply security governance principles
2.3.1 Security governance
2.3.2 Align security functions to organization goals, missions and objectives
2.3.2.1 Business case
2.3.2.2 Budget
2.3.2.3 Resources
2.3.3 Organizational processes (e.g., acquisitions, divestitures, governance committees)
2.3.3.1 Acquisitions and Mergers
2.3.3.2 Divestitures and Spinoffs
2.3.3.3 Governance Committees
2.3.4 Organizational roles and responsibilities
2.3.4.1 Information security officer / Chief information security officer (CISO)
2.3.4.2 Oversight committee representation / Security Council
2.3.4.3 End-users
2.3.4.4 Executive Management
2.3.4.5 Information systems security professionals
2.3.4.6 Data owners, information owners, business owners
2.3.4.7 Data custodians, information custodians, stewards
2.3.4.8 Auditors
2.3.4.9 Business continuity planers
2.3.4.10 Information technologies professionals
2.3.4.11 Security administrators
2.3.4.12 System administrators
2.3.4.13 Network administrators
2.3.4.14 Physical security administrators
2.3.4.15 Administrative assistants / Receptionists
2.3.4.16 Service desk
2.3.5 Security control frameworks
2.3.6 Due care/due diligence
2.3.6.1 Due Care
2.3.6.2 Due Diligence
2.4 Determine compliance and other requirements
2.4.1 Contractual, legal, industry standards, and regulatory requirements (GLBA, SOX, HIPAA, PCI-DSS, DMCA, FISMA, GISRA, FERPA, SOC, HITECH, etc.)
2.4.2 Privacy requirements
2.5 Understand legal and regulatory issues that pertain to information security in a holistic context
2.5.1 Cybercrimes and data breaches
2.5.1.1 Crypto Locker / Reveton / Citadel
2.5.1.2 Rogue Anti-Virus software
2.5.1.3 Data breaches
2.5.2 Licensing
2.5.3 Intellectual Property (IP) requirements
2.5.3.1 Patent
2.5.3.2 Trademark
2.5.3.3 Copyright
2.5.3.4 Trade Secret
2.5.4 Import / export controls
2.5.4.1 International Traffic in Arms Regulations (ITAR)
2.5.4.2 Export Administration Regulations (EAR)
2.5.5 Transborder data flow
2.5.6 Privacy
2.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
2.6.1 Civil law
2.6.2 Common law
2.6.2.1 Criminal law
2.6.2.2 Administrative / regulatory law
2.6.3 eDiscovery
2.6.4 Industry standards
2.7 Develop, document, and implement security policy, standards, procedures, and guidelines
2.7.1 Security Policy
2.7.2 Standards
2.7.3 Procedures
2.7.4 Guidelines
2.7.5 Baselines
2.7.6 An integrated example of security policy, standards, procedures, and guidelines
2.7.6.1 Security policy
2.7.6.2 Standard
2.7.6.3 Procedure
2.7.6.4 Guideline
2.7.6.5 Baseline
2.8 Identify, analyze, and prioritize Business Continuity (BC) requirements
2.8.1 Project initiation
2.8.2 Develop and document project scope and plan
2.8.3 Business impact analysis (BIA)
2.8.3.1 Maximum tolerable downtime (MTD)
2.8.3.2 Recovery point objective (RPO)
2.8.3.3 Recovery time objective (RTO)
2.9 Contribute to and enforce personnel security policies and procedures
2.9.1 Before the employment, Candidate screening and hiring, employment agreement and policy
2.9.2 During the employment, onboarding / transfer processes
2.9.2.1 Separation of Duties / Segregation of Duties (SoD)
2.9.2.2 Need-to-know / Least privilege
2.9.2.3 Job rotation
2.9.2.4 Mandatory vacations
2.9.3 Termination processes
2.9.4 Vendor, consultant, and contractor agreements and controls
2.9.5 Compliance and privacy policy requirements
2.10 Understand and apply risk management concepts
2.10.1 Identify threats and vulnerabilities
2.10.1.1 Threats
2.10.1.2 Vulnerabilities
2.10.2 Risk assessment / analysis
2.10.2.1 Qualitative risk assessment / analysis
2.10.2.2 Quantitative risk assessment / analysis
2.10.2.2.1 Asset identification and valuation
2.10.2.2.2 Calculate Exposure factor (EF) and Single-loss expectancy (SLE)
2.10.2.2.3 Assess Annualized Rate of Occurrence (ARO), LAFE and SAFE
2.10.2.2.4 Calculate Annualized loss expectancy (ALE) and countermeasure selection
2.10.2.3 Considerations of qualitative risk assessment / analysis
2.10.2.4 Considerations of quantitative risk assessment / analysis
2.10.2.5 Hybrid
2.10.3 Risk respond / assignment / acceptance
2.10.4 Countermeasure selection and implementation
2.10.4.1 Countermeasure selection
2.10.4.2 Countermeasure implementation
2.10.5 Applicable types of controls (e.g., preventive, detective, corrective)
2.10.5.1 Types of controls
2.10.5.1.1 Compensating controls
2.10.5.1.2 Corrective controls
2.10.5.1.3 Deterrent controls
2.10.5.1.4 Detective controls
2.10.5.1.5 Preventive controls
2.10.5.1.6 Recovery controls
2.10.5.2 Control implementations
2.10.5.2.1 Administrative controls
2.10.5.2.2 Physical controls
2.10.5.2.3 Logical controls / Technical controls
2.10.5.2.4 An integrated example of controls
2.10.6 Security Control assessment (SCA) / monitoring and measurement / reporting
2.10.7 Continuous improvement
2.10.7.1 Risk maturity modeling
2.10.8 Risk frameworks / Risk management framework (RMF)
2.11 Understand and apply threat modeling concepts and methodologies (with reduction analysis)
2.11.1 Threat modeling tool
2.11.2 STRIDE
2.11.3 PASTA
2.11.4 Other threat models
2.11.5 Reduction analysis
2.12 Apply Supply Chain Risk Management (SCRM) concepts
2.12.1 Risks associated with hardware, software, and services
2.12.2 Third-party assessment and monitoring
2.12.3 Minimum security standard and service level requirements (SLR)
2.13 Establish and maintain a security awareness, education, and training program
2.13.1 Methods and techniques to present awareness and training (e.g., social engineering, phishing, security champions, gamification)
2.13.2 Security training
2.13.3 Program effectiveness evaluation and periodic content reviews

3 Domain 2: Asset Security
3.1 Identify and classify information and assets
3.1.1 Data classification
3.1.2 Asset Classification
3.2 Establish information, asset handling requirements and relevant laws and regulations
3.2.1 General Data Protection Regulation (GDPR)
3.2.2 Other regulations
3.3 Provision resources securely
3.3.1 Information and asset ownership
3.3.2 Asset inventory (e.g., tangible, intangible) and asset management
3.4 Manage data lifecycle
3.4.1 Data roles (i.e., owners, controllers, custodians, processors, users/subjects)
3.4.1.1 Owners
3.4.1.2 Data controllers / Controllers
3.4.1.3 Data processors / processors
3.4.1.4 Data Stewards
3.4.1.5 Data Custodians, users / subjects
3.4.2 Data collection
3.4.3 Data Location, data sovereignty, data localization or residency, data maintenance
3.4.4 Data remanence and destruction
3.4.4.1 Clearing
3.4.4.2 Purging
3.4.4.3 Overwriting
3.4.4.4 Degaussing
3.4.4.5 Destruction
3.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
3.6 Determine data security controls and compliance requirements
3.6.1 Data states (e.g., in use, in transit, at rest)
3.6.1.1 At rest
3.6.1.2 In transit / in motion / in flight
3.6.1.3 In use
3.6.2 Scoping and tailoring
3.6.3 Standards selection
3.6.4 Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB))
3.6.4.1 Traditional backup (Full, differential and incremental backup, journaling)
3.6.4.2 Other Backup Approaches (Database mirroring, disk mirroring / storage replication, snapshots, multi regions / availability zones, vaulting)
3.6.4.3 Data Deduplication
3.6.4.4 Digital Rights Management (DRM)
3.6.4.5 Data Loss Prevention (DLP)
3.6.4.6 Cloud Access Security Broker (CASB)

4 Domain 3: Security Architecture and Engineering
4.1 Research, implement and manage engineering processes using secure design principles
4.1.1 Threat modeling
4.1.2 Least privilege
4.1.3 Defense in depth
4.1.4 Secure defaults
4.1.5 Fail securely
4.1.6 Separation of Duties / Segregation of Duties (SoD)
4.1.7 Keep it simple
4.1.8 Zero Trust
4.1.9 Privacy by design
4.1.10 Trust but verify
4.1.11 Shared responsibility
4.2 Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
4.2.1 State Machine
4.2.2 Lattice
4.2.3 Bell-LaPadula Confidentiality Model / Bell-LaPadula Model / BLP with star property
4.2.4 Biba Integrity Model / Biba Model with star property
4.2.5 Clark-Wilson Model
4.3 Select controls based upon systems security requirements
4.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
4.4.1 Memory protection
4.4.1.1 Supervisor state and user state
4.4.1.2 Buffer-overflow and Address space layout randomization (ASLR)
4.4.1.3 Concerns
4.4.2 Virtualization
4.4.3 Secure cryptoprocessor, Trusted Platform Module (TPM), encryption/decryption
4.4.3.1 Trusted Platform Module (TPM)
4.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
4.5.1 Client-based systems
4.5.2 Server-based systems
4.5.3 Database Systems
4.5.3.1 Inference
4.5.3.2 Aggregation
4.5.3.3 Data mining / Knowledge Discovery in Databases (KDD)
4.5.4 Cryptographic Systems
4.5.5 Industrial Control Systems (ICS)
4.5.6 Cloud-Based Systems
4.5.7 Distributed systems
4.5.8 Internet of Things (IoT)
4.5.9 Microservices (including SQL injection, XXE, XSS, CSRF / XSRF)
4.5.10 Containerization
4.5.11 Serverless
4.5.12 Embedded systems
4.5.13 High-Performance Computing (HPC) systems
4.5.14 Edge computing systems
4.5.15 Virtualized systems
4.6 Select and determine cryptographic solutions
4.6.1 Cryptographic life cycle (e.g., keys, algorithm selection)
4.6.2 Integrity (e.g., hashing)
4.6.2.1 Cryptographic hash function
4.6.2.2 Common cryptographic hash functions
4.6.2.3 HMAC
4.6.2.4 Salt
4.6.3 Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves, quantum)
4.6.3.1 Stream-based Ciphers
4.6.3.2 Block Ciphers
4.6.3.3 Block Cipher Modes of Operation
4.6.3.3.1 Electronic Code Book (ECB) mode
4.6.3.3.2 Cipher Block Chaining (CBC) mode
4.6.3.3.3 Cipher Feedback (CFB) mode
4.6.3.3.4 Counter (CTR) mode
4.6.3.3.5 Some points about various modes
4.6.3.3.6 Some other modes
4.6.3.3.6.1 Galois/counter (GCM) / AES-GCM-SIV
4.6.3.4 Symmetric
4.6.3.5 Common symmetric encryption algorithms
4.6.3.6 AES
4.6.3.7 Advantages and disadvantages of symmetric encryption algorithms
4.6.4 Asymmetric
4.6.4.1 General concepts
4.6.4.2 Digital signatures and Non-repudiation
4.6.4.3 RSA
4.6.4.3.1 RSA encryption and decryption
4.6.4.3.2 RSA digital signature
4.6.4.4 Diffie-Hellman key exchange
4.6.4.5 ElGamal
4.6.4.5.1 ElGamal encryption and decryption
4.6.4.5.2 ElGamal digital signature and DSA (Digital Signature Algorithm)
4.6.4.6 Elliptic curves (ECC)
4.6.4.6.1 Elliptic Diffie-Hellman Key Exchange (ECDH)
4.6.4.6.2 Elliptic ElGamal Public Key Cryptosystem
4.6.4.6.3 Elliptic Curve Digital Signature Algorithm (ECDSA)
4.6.4.7 Advantages and disadvantages of asymmetric algorithms
4.6.5 Quantum cryptography
4.6.6 Key Management Practices
4.6.7 Public Key Infrastructure (PKI) and digital certificates
4.6.7.1 Certification Authority (CA) and Digital certificates
4.6.7.2 Registration Authority (RA)
4.6.7.3 Validation Authority (VA)
4.6.7.4 Subordinate or intermediate certificates
4.7 Understand methods of cryptanalytic attacks
4.7.1 Brute force
4.7.2 Ciphertext only
4.7.3 Known plaintext
4.7.4 Frequency analysis
4.7.5 Chosen ciphertext
4.7.6 Implementation attacks
4.7.7 Side-channel and timing
4.7.8 Fault injection
4.7.9 Man-in-the-Middle (MITM)
4.7.10 Pass the hash
4.7.11 Kerberos exploitation
4.7.12 Ransomware
4.8 Apply security principles to site and facility design
4.9 Design site and facility security controls
4.9.1 Wiring closets/intermediate distribution facilities
4.9.2 Server rooms/data centers
4.9.2.1 Mantrap
4.9.2.2 Others
4.9.3 Media storage, evidence storage and work (restricted) area security
4.9.4 Power (e.g., redundant, backup)
4.9.4.1 Uninterruptible Power Supply (UPS)
4.9.4.2 Power Conditioner
4.9.4.3 Backup Power Source
4.9.5 Environmental issues
4.9.6 Utilities and Heating, Ventilation, and Air Conditioning (HVAC)
4.9.7 Fire prevention, detection, and suppression
4.9.7.1 Fire detection
4.9.7.2 Fire prevention and suppression

5 Domain 4: Communication and Network Security
5.1 Assess and implement secure design principles in network architectures
5.1.1 OSI reference model VS TCP / IP model
5.1.2 Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
5.1.2.1 OSI reference model
5.1.2.1.1 Layer 7: Application Layer
5.1.2.1.2 Layer 6: Presentation Layer
5.1.2.1.3 Layer 5: Session Layer
5.1.2.1.4 Layer 4: Transport Layer
5.1.2.1.5 Layer 3: Network Layer
5.1.2.1.6 Layer 2: Data Link Layer
5.1.2.1.7 Layer 1: Physical Layer
5.1.2.2 TCP / IP model
5.1.2.2.1 Application Layer
5.1.2.2.2 Transport Layer
5.1.2.2.3 Internet Layer
5.1.2.2.4 Network Interface Layer
5.1.3 Internet Protocol (IP) networking (e.g., Internet Protocol Security (IPSec), Internet Protocol (IP) v4/6)
5.1.3.1 IPv4 addressing
5.1.3.2 IPv6 addressing
5.1.3.3 "Addresses" of a host
5.1.3.4 TCP and UDP (Layer 4)
5.1.3.4.1 TCP
5.1.3.4.2 UDP
5.1.3.5 Ports (Layer 4)
5.1.3.5.1 Well-known ports / System ports
5.1.3.5.2 Registered ports / User Ports
5.1.3.5.3 Dynamic ports / Private ports / Ephemeral ports
5.1.3.6 Routing protocols
5.1.3.6.1 RIPv1, RIPv2 and RIPng
5.1.3.6.2 OSPFv2 and OSPFv3
5.1.3.6.3 Border Gateway Protocol (BGP)
5.1.3.7 Dynamic Host Configuration Protocol (DHCP)
5.1.3.8 Internet Control Message Protocol (ICMP)
5.1.3.8.1 Smurf attack
5.1.3.9 Domain Name Service (DNS)
5.1.4 Secure Protocols
5.1.4.1 IPSec and IPSec VPN
5.1.4.1.1 IPsec VPN: Authentication Header (AH)
5.1.4.1.2 IPsec VPN: Encapsulating Secure Payload (ESP)
5.1.4.1.3 IPSec operation modes
5.1.4.2 Transport Layer Security (TLS) / Secure Sockets Layer (SSL)
5.1.4.3 SSH (Secure Shell)
5.1.5 Implications of multilayer protocols, Encapsulation, VLAN and VLAN Hopping
5.1.6 Converged Protocols
5.1.6.1 Fibre Channel (FC) and Fibre Channel over Ethernet (FCoE)
5.1.6.2 Internet Small Computer System Interface (iSCSI)
5.1.6.3 Multiprotocol Label Switching (MPLS)
5.1.6.4 Voice over IP (VoIP)
5.1.6.4.1 Session Initiation Protocol (SIP)
5.1.7 Micro-segmentation
5.1.7.1 Software Defined Networks (SDN)
5.1.7.2 Network overlay and Virtual eXtensible Local Area Network (VXLAN)
5.1.7.3 Software-Defined Wide Area Network (SD-WAN)
5.1.8 Wireless networks
5.1.8.1 Wireless standards
5.1.8.2 MAC filtering
5.1.8.3 Shared key authentication
5.1.8.4 Wired equivalent privacy (WEP)
5.1.8.5 Wi-Fi protected access (WPA) / WPA2 / WPA3
5.1.8.5.1 IEEE 802.1X and Extensible Authentication Protocol (EAP)
5.1.8.6 "Parking lot" attack
5.1.8.7 SSID flaw
5.1.8.8 Signal jamming
5.1.8.9 Li-Fi
5.1.8.10 Zigbee
5.1.9 Cellular networks (e.g., 4G, 5G)
5.1.10 Content Distribution Networks (CDN)
5.2 Secure network components
5.2.1 Operation of hardware (e.g., redundant power, warranty, support)
5.2.2 Transmission media
5.2.2.1 Copper
5.2.2.1.1 Shielded Twisted Pair (STP)
5.2.2.1.2 Unshielded Twisted Pair (UTP)
5.2.2.1.3 Comparison (Just for reference)
5.2.2.2 Coaxial Cable (Coax)
5.2.2.3 Fiber Optic / Optical Fiber
5.2.3 Network access control (NAC) devices
5.2.3.1 Firewall
5.2.3.2 Proxies
5.2.3.3 Intrusion Detection System (IDS)
5.2.3.4 Intrusion Prevention System (IPS)
5.2.3.5 Bastion Host / Screened Host
5.2.3.6 Network Address Translation (NAT) / Port Address Translation (PAT)
5.2.3.7 Security information and event management (SIEM)
5.2.4 Endpoint security
5.2.4.1.1 Network access control (NAC)
5.3 Implement secure communication channels according to design
5.3.1 Voice, Private Branch Exchange (PBX) and Plain Old Telephone Service (POTS)
5.3.2 Multimedia collaboration
5.3.2.1 Internet Relay Chat (IRC)
5.3.3 Remote access
5.3.3.1 Screen scraping
5.3.3.2 Tunneling, PPTP and L2TP
5.3.4 Data communications
5.3.4.1 Email Security, S/MIME, PEM, DKIM
5.3.5 Virtualized networks
5.3.5.1 Virtual Machine Jumping or Hyperjumping
5.3.6 Third-party connectivity

6 Domain 5: Identity and Access Management (IAM)
6.1 Control physical and logical access to assets
6.1.1 Information and Systems
6.1.2 Devices and MDM
6.1.3 Facilities and PACS
6.1.4 Applications
6.2 Manage identification and authentication of people, devices, and services
6.2.1 Identity Management (IdM) implementation
6.2.2 Single/Multi-Factor Authentication (MFA)
6.2.2.1 Biometric
6.2.3 Accountability
6.2.4 Session management
6.2.5 Registration, proofing, and establishment of identity (with IAL concept)
6.2.6 Single Sign On (SSO), Federated Identity Management (FIM) and Security Assertion Markup Language (SAML)
6.2.6.1 Security Assertion Markup Language (SAML)
6.2.6.2 OpenID Connect (OIDC) / Open Authorization (Oauth)
6.2.7 Credential management systems
6.2.8 Just-In-Time (JIT)
6.3 Federated identity with a third-party service
6.3.1 On-premise
6.3.2 Cloud
6.3.3 Hybrid
6.4 Implement and manage authorization mechanisms
6.4.1 Role Based Access Control (RBAC)
6.4.2 Rule based access control
6.4.3 Mandatory Access Control (MAC)
6.4.4 Discretionary Access Control (DAC)
6.4.5 Attribute Based Access Control (ABAC)
6.4.6 Risk based access control
6.5 Manage the identity and access provisioning lifecycle
6.5.1 Account access review (e.g., user, system, service)
6.5.2 Provisioning and deprovisioning (e.g., on /off boarding and transfers)
6.5.3 Role definition (e.g., people assigned to new roles)
6.5.4 Privilege escalation (e.g., managed service accounts, use of sudo, minimizing its use)
6.6 Implement authentication systems
6.6.1 OpenID Connect (OIDC)/Open Authorization (Oauth)
6.6.2 Security Assertion Markup Language (SAML)
6.6.3 Kerberos
6.6.4 Remote Authentication Dial-In User Service (RADIUS) / Terminal Access Controller Access Control System Plus (TACACS+)

7 Domain 6: Security Assessment and Testing
7.1 Design and validate assessment, test, and audit strategies
7.2 Conduct security control testing
7.2.1 Vulnerability assessment
7.2.2 Penetration testing
7.2.3 Log reviews
7.2.4 RUM / EUM and Synthetic transactions
7.2.4.1 RUM / EUM
7.2.4.2 Synthetic transactions
7.2.5 Code review and testing
7.2.5.1 Black-Box-Testing vs. White-Box-Testing
7.2.5.2 Dynamic Testing vs. Static Testing
7.2.5.3 Manual Testing vs. Automatic Testing
7.2.5.4 Code review processes (Pair programming, Over-the-shoulder, Pass-around, Tool-assisted, etc.)
7.2.5.5 Types of testing
7.2.6 Misuse case testing / Abuse Case Testing
7.2.7 Test coverage analysis
7.2.8 Interface testing
7.2.9 Breach attack simulations
7.2.10 Compliance checks
7.3 Collect security process data (e.g., technical and administrative)
7.3.1 Account management
7.3.2 Management review and approval
7.3.3 Key performance and risk indicators
7.3.4 Backup verification data
7.3.5 Training and awareness
7.3.6 Disaster Recovery (DR) and Business Continuity (BC)
7.3.6.1 Read-through/tabletop
7.3.6.2 Walkthrough
7.3.6.3 Simulation
7.3.6.4 Parallel
7.3.6.5 Full interruption
7.4 Analyze test output and generate report
7.4.1 Remediation and exception handling
7.4.2 Ethical disclosure
7.4.3 Conduct or facilitate security audits
7.4.3.1 Internal
7.4.3.2 External
7.4.3.3 Third-party

8 Domain 7: Security Operations
8.1 Understand and comply with investigations
8.1.1 Evidence collection and handling
8.1.2 Reporting and documentation
8.1.3 Investigative techniques
8.1.4 Digital forensics tools, tactics, procedures and artifacts (e.g., computer, network, mobile device)
8.2 Conduct logging and monitoring activities
8.2.1 Intrusion detection and prevention
8.2.2 Security Information and Event Management (SIEM)
8.2.3 Continuous monitoring
8.2.4 Egress monitoring
8.2.5 Log management
8.2.6 Threat intelligence (e.g., threat feeds, threat hunting)
8.2.7 User and Entity Behavior Analytics (UEBA)
8.3 Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
8.4 Apply foundational security operations concepts
8.4.1 Need-to-know/least privilege
8.4.2 Separation of Duties (SoD) and responsibilities
8.4.3 Privileged account management
8.4.4 Job rotation
8.4.5 Service Level Agreements (SLAs)
8.5 Apply resource protection
8.5.1 Media management
8.5.2 Media protection techniques
8.6 Conduct incident management
8.6.1 Detection
8.6.2 Response
8.6.3 Mitigation
8.6.4 Reporting
8.6.5 Recovery
8.6.6 Remediation
8.6.7 Lessons learned
8.7 Operate and maintain detective and preventative measures
8.7.1 Firewalls (e.g., next generation, web application, network)
8.7.2 Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
8.7.3 Whitelisting/blacklisting
8.7.4 Third-party provided security services
8.7.5 Sandboxing
8.7.6 Honeypots/honeynets
8.7.7 Anti-malware
8.7.8 Machine learning and Artificial Intelligence (AI) based tools
8.8 Implement and support patch and vulnerability management
8.9 Understand and participate in change management processes
8.10 Implement recovery strategies
8.10.1 Backup storage strategies
8.10.2 Recovery site strategies
8.10.3 Multiple processing sites
8.10.4 System resilience, High Availability (HA), Quality of Service (QoS), and fault tolerance
8.10.4.1 System resilience
8.10.4.2 High availability and fault tolerance
8.10.4.3 Quality of service
8.11 Implement Disaster Recovery (DR) processes
8.11.1 Response
8.11.2 Personnel and Communications
8.11.3 Assessment and Restoration
8.11.4 Training and awareness
8.11.5 Lessons learned
8.12 Test Disaster Recovery Plans (DRP)
8.12.1 Read-through/tabletop
8.12.2 Walkthrough
8.12.3 Simulation
8.12.4 Parallel
8.12.5 Full interruption
8.13 Participate in Business Continuity (BC) planning and exercises
8.14 Implement and manage physical security
8.14.1 Perimeter security controls
8.14.2 Internal security controls
8.15 Address personnel safety and security concerns
8.15.1 Travel
8.15.2 Duress, emergency management and security training and awareness

9 Domain 8: Software Development Security
9.1 Understand and integrate security in the Software Development Life Cycle (SDLC)
9.1.1 Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps)
9.1.1.1 Waterfall
9.1.1.2 Agile
9.1.1.3 DevOps
9.1.1.4 DevSecOps
9.1.2 Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))
9.1.2.1 Capability Maturity Model (CMM)
9.1.2.2 Software Assurance Maturity Model (SAMM)
9.1.3 Operation and maintenance
9.1.3.1 Regression testing
9.1.3.2 Acceptance testing
9.1.4 Change management
9.1.5 Integrated Product Team (IPT)
9.2 Identify and apply security controls in software development ecosystems
9.2.1 Programming languages
9.2.2 Libraries
9.2.3 Tool sets and integrated development environment (IDE)
9.2.4 Runtime
9.2.5 Continuous Integration and Continuous Delivery (CI/CD)
9.2.6 Security Orchestration, Automation, and Response (SOAR)
9.2.7 Software Configuration Management (SCM)
9.2.8 Code repositories
9.2.9 Application security testing (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST))
9.2.9.1 Static Application Security Testing (SAST)
9.2.9.2 Dynamic Application Security Testing (DAST)
9.3 Assess the effectiveness of software security
9.3.1 Auditing and logging of changes
9.3.2 Risk analysis and mitigation
9.4 Assess security impact of acquired software
9.4.1 Commercial-off-the-shelf (COTS)
9.4.2 Open source / OSS
9.4.3 Third-party
9.4.4 Managed services (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
9.4.4.1 Software as a Service (SaaS)
9.4.4.2 Platform as a Service (PaaS)
9.4.4.3 Infrastructure as a Service (IaaS)
9.5 Define and apply secure coding guidelines and standards
9.5.1 Security weaknesses and vulnerabilities at the source-code level
9.5.2 Security of Application Programming Interfaces (APIs) (including fuzzing and Monkey testing
9.5.3 Secure coding practices
9.5.4 Software-defined security
9.5.5 Satellite Internet access

10 NIST SP (Special Publication) related to CISSP exam

11 Further reading
11.1 Domain 1 topics,
11.1.1 Other examples and topics of ethics
11.1.1.1 The Code of Fair Information Practices
11.1.1.2 Internet Architecture Board
11.1.1.3 Computer Ethics Institute (CEI)
11.1.1.4 Common ethics fallacies
11.1.2 More about export controls: Wassenaar Arrangement
11.1.3 Best Practices of Security Policy
11.1.4 Security Planning
11.1.4.1 Strategic Planning
11.1.4.2 Tactical Planning
11.1.4.3 Operational Planning
11.1.4.4 An example of security planning
11.1.5 Other risk assessment methodologies
11.1.5.1 NIST 800-30, NIST 800-39 and NIST 800-66
11.1.5.2 CCTA Risk Analysis and Management Method (CRAMM)
11.1.5.3 Failure mode and effects analysis (FMEA)
11.1.5.4 Facilitated risk analysis process (FRAP)
11.1.5.5 OCTAVE
11.1.5.6 Security Officers Management and Analysis Project (SOMAP)
11.1.5.7 Value at Risk (VaR)
11.1.6 Payment Card Industry Data Security Standard (PCI-DSS)
11.1.7 Industry and international security implementation guidelines
11.1.8 Control Objectives for Information and Related Technology (COBIT)
11.2 Domain 2 topics
11.2.1 General privacy concepts
11.2.2 Hardware and software considerations
11.2.3 Link encryption and end-to-end encryption
11.2.4 More about standard selection
11.2.4.1 United States
11.2.4.1.1 Department of Defense
11.2.4.1.2 National Security Agency (NSA)
11.2.4.1.3 National Institute of Standards and Technology (NIST)
11.2.4.2 United Kingdom
11.2.4.2.1 Communications-Electronics Security Group (CESG)
11.2.4.3 European Union
11.2.4.4 International Organization for Standardization (ISO)
11.2.4.5 International Telecommunications Union (ITU)
11.2.4.6 NATO
11.3 Domain 3 topics
11.3.1 System Life Cycle
11.3.2 Security principles based on NIST SP 800-27
11.3.3 Relationships between principles and System life-cycles
11.3.4 Common system components
11.3.4.1 Processors
11.3.4.2 Memory and storage (primary storage)
11.3.4.3 Memory and storage (secondary storage)
11.3.4.4 Memory and storage (virtual storage)
11.3.4.5 Memory and storage (memory protection)
11.3.5 Layering / Protection ring
11.3.6 More security models
11.3.6.1 Lipner Model
11.3.6.2 Brewer-Nash (The Chinese Wall) Model
11.3.6.3 Graham-Denning Model
11.3.6.4 Harrison-Ruzzo-Ulman Model
11.3.7 Select controls and countermeasures based upon systems security evaluation models
11.3.7.1 Certification and accreditation
11.3.7.1.1 Certification
11.3.7.1.2 Accreditation
11.3.7.2 Product evaluation models
11.3.7.2.1 Trusted Computer System Evaluation Criteria (TCSEC)
11.3.7.2.2 Information Technology Security Evaluation Criteria (ITSEC)
11.3.7.2.3 Common Criteria
11.3.7.3 Data Flow Diagram (DFD)
11.3.7.4 Warehousing and data mart
11.3.8 Large-scale parallel data systems
11.3.9 Distributed systems
11.3.9.1 Grid computing
11.3.9.2 Peer to peer (P2P)
11.3.10 Classic encryption systems
11.3.10.1 Null Cipher
11.3.10.2 The Rail Fence
11.3.10.3 Caesar Cipher / Monoalphabetic Cipher
11.3.10.4 Blais de Vigenere / Polyalphabetic Cipher
11.3.10.5 Playfair Cipher
11.3.11 Running Key Cipher with modular mathematics
11.3.12 One-time Pads
11.3.13 Double DES
11.3.14 Key escrow / "fair" cryptosystem
11.3.15 Key management: XML Key Management Specification (XKMS)
11.3.16 More about fire suppression
11.3.16.1 Other fire suppression agents (except those mentioned in chapter 4.9.7.2)
11.3.17 Terms used in electrical voltage fluctuations
11.3.18 Trusted Computing Base (TCB)
11.3.19 Security Kernels and Reference Monitors
11.3.20 Common architecture frameworks
11.3.20.1 Zachman Framework
11.3.20.2 Sherwood Applied Business Security Architecture Framework
11.3.20.3 The Open Group Architecture Framework (TOGAF)
11.3.20.4 IT Infrastructure Library (ITIL v3 / ITIL 4)
11.3.21 Roadway Design
11.3.22 Crime Prevention Through Environment Design (CPTED)
11.3.23 Entry points: Doors
11.3.24 Entry points: Windows
11.3.24.1 Types of glasses
11.3.25 Ground Potential Rise (GPR)
11.4 Domain 4 topics
11.4.1 Simplex, half duplex and full duplex
11.4.2 Attacks related to Internet Control Message Protocol (ICMP)
11.4.2.1 Ping of death
11.4.2.2 ICMP redirect attack / Man-in-the-middle attack
11.4.3 More about Multilayer protocols / Implications of multilayer protocols
11.4.3.1 DNP3
11.4.3.2 Modbus
11.4.4 File Transfer Protocol (FTP)
11.4.4.1 FTP Transfer modes: Active mode (PORT mode)
11.4.4.2 FTP Transfer modes: Passive mode (PASV mode)
11.4.4.3 Secure FTP with TLS (FTPS)
11.4.4.4 FTP over SSH
11.4.5 Trivial File Transfer Protocol (TFTP)
11.4.6 Common Internet File System (CIFS) / Server Message Block (SMB)
11.4.7 Simple Mail Transfer Protocol (SMTP) / Extended Simple Mail Transfer Protocol (ESMTP)
11.4.8 Lightweight Directory Access Protocol (LDAP)
11.4.9 Network Basic Input Output System (NetBIOS)
11.4.10 Network Information Service (NIS / NIS+)
11.4.11 Fiber Channel over Internet Protocol (FCIP / FCoIP)
11.4.12 InfiniBand (IB)
11.4.13 MPLS Pseudowires / L2VPN
11.4.14 Circuit switched and packet switched networks
11.4.14.1 Circuit switched networks
11.4.14.2 Packet switched networks
11.4.15 Common hardware
11.4.15.1 Modems
11.4.15.2 Multiplexers
11.4.15.3 Switches and bridges
11.4.15.4 Hubs / Repeaters
11.4.15.5 Routers
11.4.15.6 Wireless access points (WAP / AP)
11.4.16 More about Multimedia collaboration
11.4.16.1 Remote meeting technology
11.4.16.2 Instant messaging (IM)
11.4.16.3 Extensible Messaging and Presence Protocol (XMPP) / Jabber
11.4.17 Network attacks
11.4.17.1 Domain litigation
11.4.17.2 Open mail relay and SPAM
11.4.17.3 Port scanning
11.4.17.4 Port scanning: FIN scanning / X-mas scanning / Null scanning
11.4.17.5 Teardrop
11.4.17.6 Overlapping fragment attack
11.4.17.7 Source Routing Exploitation
11.4.17.8 Denial of service and spoofing
11.4.17.9 Email spoofing
11.4.17.10 DNS spoofing
11.4.17.11 Eavesdropping
11.4.17.12 Emanations / Tempest
11.5 Domain 5 topics
11.5.1 Control physical and logical access to assets
11.5.1.1 Access control of information
11.5.1.2 Centralized access control system for devices access control
11.5.1.3 Decentralized access control
11.5.1.4 Hybrid access control
11.5.2 Manage identification and authentication of people and devices
11.5.2.1 Identification methods
11.5.2.2 Identification guidelines
11.5.2.3 Identification implementation
11.5.2.3.1 Password management
11.5.2.3.2 Account management
11.5.2.4 Profile management
11.5.2.5 Directory management and Lightweight Directory Access Protocol (LDAP)
11.5.2.6 X.500 and X.400
11.5.3 Biometric
11.5.4 Classic Role-Based Access Control (RBAC) concepts
11.5.4.1 Non-RBAC
11.5.4.2 Limited RBAC
11.5.4.3 Hybrid RBAC
11.5.4.4 Full RBAC
11.5.5 SDDL (Security Descriptor Definition Language)
11.5.6 Prevent and mitigate access control attacks and IAM
11.5.6.1 Identity and access provisioning lifecycle
11.6 Domain 7 topics
11.6.1 More about evidence
11.6.2 More about RAID / High availability and fault tolerance in hard disk
11.6.2.1 RAID 0
11.6.2.2 RAID 1
11.6.2.3 RAID 5
11.6.2.4 Nested RAID Levels / RAID 10
11.6.3 Shoulder Surfing
11.6.4 Firewall architectures
11.6.4.1 Dual-Homed Firewall
11.6.4.2 Screened Host
11.6.4.3 Screened Subnet
11.6.5 Classic recovery site strategies and multiple processing sites
11.7 Domain 8 topics
11.7.1 More about agile software methodology
11.7.1.1 Scrum
11.7.1.2 Extreme programming (XP)
11.7.1.3 Test-driven development (TDD)
11.7.1.4 Lean
11.7.1.5 Minimum viable product (MVP)
11.7.2 More about programming languages (compiled languages vs interpreters)
11.7.3 Type checking
11.7.4 Language generations
11.7.5 Model View Controller (MVC)
11.7.6 Common programming languages
11.7.7 ACID in database transactions
11.7.8 Database View
11.7.9 Von Neumann model
11.7.10 Relationship between acquisition processes and IEEE 1062, PMBOK, NIST SP 800-64, DoDI 5000.2, ISO / IEC 12207
11.7.11 Object-Oriented (OO) programming
11.7.11.1 Encapsulation
11.7.11.2 Inheritance
11.7.11.3 Polymorphism
11.7.12 Distributed object-oriented systems
11.7.12.1 CORBA (Common Object Request Broker Architecture)
11.7.12.2 EJB (Enterprise JavaBeans)
11.7.12.3 Microsoft COM / DCOM
11.7.12.4 More about Virus
11.7.12.5 More about Botnet
11.7.12.6 More about Worms
11.7.12.7 Hoax
11.7.13 Database Management System (DBMS)
11.7.13.1 Database Management System (DBMS) Elements
11.7.13.2 Relational Database Management System (DBMS)
11.7.14 Normalization, primary keys, foreign keys and referential integrity
11.7.14.1 Normalization
11.7.14.2 Primary keys
11.7.14.3 Foreign keys and referential integrity
11.7.14.4 OODBMS and ORDBMS
11.7.15 Database Interface Languages
11.7.16 Polyinstantiation
11.7.17 Secure Electronic Transaction (SET) Protocol
11.7.18 Cleanroom
11.8 More about the examination (Computerized Adaptive Testing)

The course content above may change at any time without notice in order to better reflect the content of the examination.


本中心開辦的 CISSP 國際認可證書課程成績卓越,本地媒體都爭相為本課程進行專訪,以下是《東方日報》的教育專題訪問內容。

【點擊觀看《東方日報》詳細報導】

 

 


更多綜合課程
  攝影課程
  • 攝影初級
  • 攝影中級 (風景專題)
  英文課程
  • IPA 拼音:級別 1 2 3 4
  普通話課程
  • 基礎普通話拼音 (免費)
  • 進階普通話拼音
  • 普通話會話:級別 1 2 3
  西班牙語文課程
  • 級別 1 2 3
  中醫課程
  • 濕疹與皮膚敏感病
  • 暗瘡與色斑 | 鼻敏感與感冒
  • 脫髮與白髮 | 從五官看健康
  風水命理課程
  • 紫微斗數:級別 1 2 3
  • 子平八字:級別 1 2 3
  • 八字風水:級別 1 2 3
  • 奇門遁甲:級別 1 2 3