Certified Information SystemsSecurity Professional
bez PDV-a
Alternativni datumi i lokacije
Prikaži sve datume
Datum ne odgovara
Kontaktirajte nas koristeći obrazac ovde .
Ciljevi
This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:
- Security Consultant
- Security Manager
- IT Director/Manager
- Security Auditor
- Security Architect
- Security Analyst
- Security Systems Engineer
- Chief Information Security Officer
- Director of Security
- Network Architect
Trajanje
5 dana (8h/day)
Sadržaj
The Official (ISC)2 CISSP CBK Training Seminar is the most comprehensive review of information security concepts and industry best practices, and covers the 8 domains of the CISSP CBK (Common Body of Knowledge). Students will gain knowledge in information security that will increase their ability to successfully implement and manage security programs in any organization or government entity.
Domain 1: Security and Risk Management
- Understand and Apply Concepts of Confidentiality, Integrity, and Availability
- Information Security
- Evaluate and Apply Security Governance Principles
- Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives
- Vision, Mission, and Strategy
- Governance
- Due Care
- Determine Compliance Requirements
- Legal Compliance
- Jurisdiction
- Legal Tradition
- Legal Compliance Expectations
- Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context
- Cyber Crimes and Data Breaches
- Privacy
- Understand, Adhere to, and Promote Professional Ethics
- Ethical Decision-Making
- Established Standards of Ethical Conduct
- (ISC)2 Ethical Practices
- Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
- Organizational Documents
- Policy Development
- Policy Review Process
- Identify, Analyze, and Prioritize Business Continuity Requirements
- Develop and Document Scope and Plan
- Risk Assessment
- Business Impact Analysis
- Develop the Business Continuity Plan
- Contribute to and Enforce Personnel Security Policies and Procedures
- Key Control Principles
- Candidate Screening and Hiring
- Onboarding and Termination Processes
- Vendor, Consultant, and Contractor Agreements and Controls
- Privacy in the Workplace
- Understand and Apply Risk Management Concepts
- Risk
- Risk Management Frameworks
- Risk Assessment Methodologies
- Understand and Apply Threat Modeling Concepts and Methodologies
- Threat Modeling Concepts
- Threat Modeling Methodologies
- Apply Risk-Based Management Concepts to the Supply Chain
- Supply Chain Risks
- Supply Chain Risk Management
- Establish and Maintain a Security Awareness, Education, and Training Program
- Security Awareness Overview
- Developing an Awareness Program
- Training Domain 2: Asset Security
- Asset Security Concepts
- Data Policy
- Data Governance
- Data Quality
- Data Documentation
- Data Organization
- Identify and Classify Information and Assets
- Asset Classification
- Determine and Maintain Information and Asset Ownership
- Asset Management Lifecycle
- Software Asset Management
- Protect Privacy
- Cross-Border Privacy and Data Flow Protection
- Data Owners
- Data Controllers
- Data Processors
- Data Stewards
- Data Custodians
- Data Remanence
- Data Sovereignty
- Data Localization or Residency
- Government and Law Enforcement Access to Data
- Collection Limitation
- Understanding Data States
- Data Issues with Emerging Technologies
- Ensure Appropriate Asset Retention
- Retention of Records
- Determining Appropriate Records Retention
- Retention of Records in Data Lifecycle
- Records Retention Best Practices
- Determine Data Security Controls
- Technical, Administrative, and Physical Controls
- Establishing the Baseline Security
- Scoping and Tailoring
- Standards Selection
- Data Protection Methods
- Establish Information and Asset Handling Requirements
- Marking and Labeling
- Handling
- Declassifying Data
- Storage Domain 3: Security Architecture and Engineering
- Implement and Manage Engineering Processes Using Secure Design Principles
- Saltzer and Schroeder's Principles
- ISO/IEC 19249
- Defense in Depth
- Using Security Principles
- Understand the Fundamental Concepts of Security Models
- Bell-LaPadula Model
- The Biba Integrity Model
- The Clark-Wilson Model
- The Brewer-Nash Model
- Select Controls Based upon Systems Security Requirements
- Understand Security Capabilities of Information Systems
- Memory Protection
- Virtualization
- Secure Cryptoprocessor
- Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
- Client-Based Systems
- Server-Based Systems
- Database Systems
- Cryptographic Systems
- Industrial Control Systems
- Cloud-Based Systems
- Distributed Systems
- Internet of Things
- Assess and Mitigate Vulnerabilities in Web-Based Systems
- Injection Vulnerabilities
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring
- Cross-Site Request Forgery
- Assess and Mitigate Vulnerabilities in Mobile Systems
- Passwords
- Multifactor Authentication
- Session Lifetime
- Wireless Vulnerabilities
- Mobile Malware
- Unpatched Operating System or Browser
- Insecure Devices
- Mobile Device Management
- Assess and Mitigate Vulnerabilities in Embedded Devices
- Apply Cryptography
- Cryptographic Lifecycle
- Cryptographic Methods
- Public Key Infrastructure
- Key Management Practices
- Digital Signatures
- Non-Repudiation
- Integrity
- Understand Methods of Cryptanalytic Attacks
- Digital Rights Management
- Apply Security Principles to Site and Facility Design
- Implement Site and Facility Security Controls
- Physical Access Controls
- Wiring Closets/Intermediate Distribution Facilities
- Server Rooms/Data Centers
- Media Storage Facilities
- Evidence Storage
- Restricted and Work Area Security
- Utilities and Heating, Ventilation, and Air Conditioning
- Environmental Issues
- Fire Prevention, Detection, and Suppression Domain 4: Communication and Network Security
- Implement Secure Design Principles in Network Architectures
- Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models
- Internet Protocol Networking
- Implications of Multilayer Protocols
- Converged Protocols
- Software-Defined Networks
- Wireless Networks
- Internet, Intranets, and Extranets
- Demilitarized Zones
- Virtual LANs
- Secure Network Components
- Firewalls
- Network Address Translation
- Intrusion Detection System
- Security Information and Event Management
- Network Security from Hardware Devices
- Transmission Media
- Endpoint Security
- Implementing Defense in Depth
- Content Distribution Networks
- Implement Secure Communication Channels According to Design
- Secure Voice Communications
- Multimedia Collaboration
- Remote Access
- Data Communications
- Virtualized Networks Domain 5: Identity and Access Management
- Control Physical and Logical Access to Assets
- Information
- Systems
- Devices
- Facilities
- Manage Identification and Authentication of People, Devices, and Services
- Identity Management Implementation
- Single Factor/Multifactor Authentication
- Accountability
- Session Management
- Registration and Proofing of Identity
- Federated Identity Management
- Credential Management Systems
- Integrate Identity as a Third-Party Service
- On-Premise
- Cloud
- Federated
- Implement and Manage Authorization Mechanisms
- Role-Based Access Control
- Rule-Based Access Control
- Mandatory Access Control
- Discretionary Access Control
- Attribute-Based Access Control
- Manage the Identity and Access Provisioning Lifecycle
- User Access Review
- System Account Access Review
- Provisioning and Deprovisioning
- Auditing and Enforcement Domain 6: Security Assessment and Testing
- Design and Validate Assessment, Test, and Audit Strategies
- Assessment Standards
- Conduct Security Control Testing
- Vulnerability Assessment
- Penetration Testing
- Log Reviews
- Synthetic Transactions
- Code Review and Testing
- Misuse Case Testing
- Test Coverage Analysis
- Interface Testing
- Collect Security Process Data
- Account Management
- Management Review and Approval
- Key Performance and Risk Indicators
- Backup Verification Data
- Training and Awareness
- Disaster Recovery and Business Continuity
- Analyze Test Output and Generate Report
- Conduct or Facilitate Security Audits
- Internal Audits
- External Audits
- Third-Party Audits
- Integrating Internal and External Audits
- Auditing Principles
- Audit Programs Domain 7: Security Operations
- Understand and Support Investigations
- Evidence Collection and Handling
- Reporting and Documentation
- Investigative Techniques
- Digital Forensics Tools, Techniques, and Procedures
- Understand Requirements for Investigation Types
- Administrative
- Criminal
- Civil
- Regulatory
- Industry Standards
- Conduct Logging and Monitoring Activities
- Define Auditable Events
- Time
- Protect Logs
- Intrusion Detection and Prevention
- Security Information and Event Management
- Continuous Monitoring
- Ingress Monitoring
- Egress Monitoring
- Securely Provision Resources
- Asset Inventory
- Asset Management
- Configuration Management
- Understand and Apply Foundational Security Operations Concepts
- Need to Know/Least Privilege
- Separation of Duties and Responsibilities
- Privileged Account Management
- Job Rotation
- Information Lifecycle
- Service Level Agreements
- Apply Resource Protection Techniques to Media
- Marking
- Protecting
- Transport
- Sanitization and Disposal
- Conduct Incident Management
- An Incident Management Program
- Detection
- Response
- Mitigation
- Reporting
- Recovery
- Remediation
- Lessons Learned
- Third-Party Considerations
- Operate and Maintain Detective and Preventative Measures
- White-listing/Black-listing
- Third-Party Security Services
- Honeypots/Honeynets
- Anti-Malware
- Implement and Support Patch and Vulnerability Management
- Understand and Participate in Change Management Processes
- Implement Recovery Strategies
- Backup Storage Strategies
- Recovery Site Strategies
- Multiple Processing Sites
- System Resilience, High Availability, Quality of Service, and Fault Tolerance
- Implement Disaster Recovery Processes
- Response
- Personnel
- Communications
- Assessment
- Restoration
- Training and Awareness
- Test Disaster Recovery Plans
- Read-Through/Tabletop
- Walk-Through
- Simulation
- Parallel
- Full Interruption
- Participate in Business Continuity Planning and Exercises
- Implement and Manage Physical Security
- Physical Access Control
- The Data Center
- Address Personnel Safety and Security Concerns
- Travel
- Duress Domain 8: Software Development Security
- Understand and Integrate Security in the Software Development Lifecycle
- Development Methodologies
- Maturity Models
- Operations and Maintenance
- Change Management
- Integrated Product Team
- Identify and Apply Security Controls in Development Environments
- Security of the Software Environment
- Configuration Management as an Aspect of Secure Coding
- Security of Code Repositories
- Assess the Effectiveness of Software Security
- Logging and Auditing of Changes
- Risk Analysis and Mitigation
- Assess the Security Impact of Acquired Software
- Acquired Software Types
- Software Acquisition Process
- Relevant Standards
- Software Assurance
- Certification and Accreditation
- Define and Apply Secure Coding Standards and Guidelines
- Security Weaknesses and Vulnerabilities at the Source-Code Level
- Security of Application Programming Interfaces
- Secure Coding Practices
Hvala na interesovanju.
Potrudićemo se da odgovorimo na Vaš zahtev u najkraćem mogućem roku i organizujemo termin.
Hvala na interesovanju.
Odgovorićemo na Vaš zahtev u najkraćem mogućem roku.
Hvala na interesovanju.
Potrudićemo se da odgovorimo na Vaš zahtev u najkraćem mogućem roku i organizujemo termin.
Trening sale
ALEF Trening centri u Adriatic regiji imaju na raspolaganju po jednu trening salu kapaciteta 12 mesta.
Svaka učionica je opremljena sa projektorom i tablom, internet konekcijom i računarom predavača. Kao radna stanica studentima služe personalni računari sa pristupom Cisco opremi. Praktična obuka omogućava studentima da steknu veštine potrebne za konfiguraciju opreme.
CZ
ALEF Trening centar ima na raspolaganju pet trening sali. Tri učionice su nazvane po kontinentima – Australija koja ima kapacitet 8 mesta, Afrika i Evropa imaju svaka po 12 mesta – kapacitet se dopunjava pomoću učionice sa opremom (12 mesta) i pomoću centra za kompetenciju (18 mesta).
SK
ALEF ima na raspolaganju 4 trening sale. Imenovane su po gradovima sveta. Sidnej ima kapacitet 16 mesta, Roterdam i Hamburg imaju 12 mesta svaka dok New York ima 8 mesta
HU
ALEF Trening centar ima 3 trening sale. Imenovane su po gradovima zemalja u kojim ALEF posluje. Prag ima kapacitet 12 mesta, Bratislava i Budimpešta imaju 8 mesta svaka.
Beograd
Prag
Bratislava
Budimpešta
Tim predavača
Raspolažemo sa timom od preko 50 predavača, nudimo kompletan spektar tehnološkog znanja za ruting i switching, za bezbednost i saradnju između centara podataka. Stručnost instruktora dokazuje niz međunarodnih sertifikata najvišeg nivoa.
Jedinstvenost naših predavača sastoji se uglavnom u njihovom bogatom iskustvu u pojedinim projektima, i ovako su u stanju da vrlo fleksibilno reaguju na predloge polaznika kursa ili kod odgovaranja na postavljena pitanja, isto kao i kod prenošenje svojih praktičnih znanja polaznicima. Zahvaljujući pouzdanom radu kompanije i dugogodišnjem iskustvu, vrlo smo fleksibilni u reagovanju na projekte koji se pripremaju na stručnom području Cisco-a, i na osnovu toga možemo Vam garantovati širok spektar sertifikovanih kurseva koji će vama i vašim kolegama omogućiti da steknete potrebno stručno znanje za buduće testove sertifikacije.
