課程簡介
資訊技術在人們生活中的應用越來越廣泛,隨之而來的資訊系統安全問題
也被受關注。加上科技的發展和商業競爭日益激烈,許多公司越來越意識
到資訊系統保安的重要性,還聘請專業的系統保安分析員來訂立規則來保
護公司商業機密和用戶資料。
CISSP (Certified Information System Security Professional)
是由(ISC)2
國際資訊系統保安認證協會所頒發的專業認可證書,(ISC)2 於
1989 年成立,總部設立在美國,為一個獨立且非牟利的組織,其目標是發
展及管理一套完善的資訊系統保安架構及訂立一系列的專業保安認證。
從 1992 年起,(ISC)2 推出 CISSP 認證考試,其認證很快得到社會各大企業
及國際的認可。成功考取到 CISSP 證書就意味著你已經掌握了控制資訊系統安
全的方法,能夠為企業制定一系列的安全方案,對於現今企業對資訊系統保安
的需求,CISSP 可以說是現今 I.T. 專才必考之證書。
![]() ![]() ![]()
![]() ![]() ![]() |
![]() |












授課語言:
課程全長:
開課及上課日期 (
真人教授 , 1 人1 機 , 100% 保證開班 ) :
課程由本中心資深導師
( 擁有多年豐富 實戰經驗 , 並考獲 CISSP / CISA / CISM / PMP 等認證的網絡保安專家 )
親自任教 .
( 課程費用 已經包括 Endorsement 服務 )
![]() |
最新版本 全新日程 真人授課 . 專業無間 |
注意 : 本中心於編定課程日程的時候已照顧在職人仕需要 , 於一般 香港公眾假期 ( 紅日
) 及 節慶日 ( 如 : 冬至 / 除夕 ) 不用上課 .
* 特別列明的課程除外 ( 例如 星期日班 , 聖誔特別班 等等 . )
課程費用 ( 費用 已經包括 Endorsement 服務 ) :
學員請留意 : 報名處 不會 接受 現金 / EPS 付款 , 多謝支持 !
( 登記成為 金會員 或 365 特級會員 即可 免費報讀 本課程 (自選日程) , 詳情按此 )
新春激賞 ! HK$ 8,880 即可登記成 "隨您點學" 金會員 (原價 HK$ 9,880) !
HK$ 4,280 ( 正價 )
HK$ 3,680 ( 優惠價 - 需於 2025 年 2 月 8 日 (星期六) 或前 #完成報名手續 )
( 通過 WhatsApp 即可查詢優惠詳情 )
請即致電 2380 9888 / WhatsApp 確認優惠 . * 需於 2025 年 2 月 8 日 (星期六) 或前 #完成報名手續 . |
|
*** 我們致力提供 最優質 的服務 , 學員親身報名前 , 敬請預先 確認學額 , 以便安排 . *** 星期一 至 星期五 : 13:30 PM - 20:00 PM 其他公眾假期 : 報名處 休息 ( 電話留位 , 全天候如常服務 . 歡迎於上述 辦公時間 致電 / WhatsApp 查詢 ) |
提示 : 你可在薪俸稅下申請扣除你的個人進修開支 (包括本課程的 課程費用 及 考試費用) .
學員報讀課程時 , 可以 選擇 保留學額 , 並於 12 個月 內 展開 所報讀的 課程組合 , 進修日程更具彈性 !
Certified Information System Security
Professional (CISSP)
試題數量: 100-150 題
考試時間: 180 分鐘
合格分數: 70%
CISSP 之考試由 (ISC)2 國際資訊系統安全認證協會統籌,每月在香港指定地點舉行。CISSP 的考試費用為 749 美元。
考試時間長 3 小時,考生必須在指定時間內完成 100-150 條多項選擇題,考試 1000 分滿,合格分數為 700 分。
考試後 4-6 星期
ISC2 會以電郵通知考試成績。
* (ISC)² has introduced Computerized Adaptive Testing (CAT) for all English CISSP exams worldwide.
成功通過考試後獲得的國際認可證書及資格:

Core
Information Security Principles (CIA)
Security
Planning
Security
Policies, Procedures, Standards, Guidelines and Baseline
Best
Practices in Information Security
Reporting
Model
Secure
Awareness Training
Overview
of Ethics
Common
Computer Ethic Fallacies
lSC2
Code of Ethic
Identify
and understand the relationship between Vulnerabilities, Threat,
Likelihood
Risk
Assessment – Qualitative Risk Assessments

Definitions
of key terms
6
Categories of Access Control Controls
3
Types of Access Controls
Threats
of Access Controls
System
Access
Data
/ Information Access
Intrusion
Detection System (IDS) and Intrusion Prevention System (IPS)
Penetration
Test
Assurance
of Access Controls

Definitions
of key terms
History
of Cryptography
2
Cryptography Methods
Encryption
System – Substitution Ciphers
Encryption
System – Asymmetric Algorithms
Features
of Encryptions System other than encryption / decryption
Message
Integrity Control Overview
Message
Integrity Control – Hash Functions
Message
Integrity Control – Message Authentication Code (MAC)
Digital
Signatures
Cryptanalysis
and Attacks

Threats
and Vulnerabilities in the Physical Environment
Site
Location
Site
fabric and infrastructure topics
Layered
Defense Model
Infrastructure
Support System

Concepts
in Computer Hardware
Concepts
in Computer Software
Trusted
Computer Base (TCB)
Reference
Monitor
Security
Models and Architecture Theories Overview
Security
Models and Architecture Theories – Lattice Model
Security
Models and Architecture Theories – Noninterference Model
Security
Models and Architecture Theories – Information Flow Model
Security
Models and Architecture Theories – Bell-LaPadula Confidentiality
Model
Security
Models and Architecture Theories – Biba Integrity Model
Security
Models and Architecture Theories – Clark–Wilson Integrity Model
Security
Models and Architecture Theories – Chinese Wall (Brewer - Nash)
Model
Security
Product Evaluation Methods and Criteria Overview
Security
Product Evaluation Methods and Criteria – TCSEC
Security
Product Evaluation Methods and Criteria - ITSEC
Security
Product Evaluation Methods and Criteria - Common Criteria
Certification
and Accreditation

Definition
of Disaster
Definition
of Business Continuity Planning (BCP) & Disaster Recovery Planning
(DRP)
Understanding
Business Continuity Management (BCM)
BCP
Scope
Stages
of BCM
BCP
Phase 1: Project Management and Initiation
BCP
Phase 2: Business Impact Assessment (BIA)
BCP
Phase 3: Recovery strategy
BCP
Phase 4: Plan design and development
BCP
Phase 5: Testing, Maintenance, Awareness and Training
Steps
in developing recovery strategies
Alternate
Sites Overview
Alternate
Sites – Mirror Site
Alternate
Sites – Hot Site
Alternate
Sites – Warn Site
Alternate
Sites – Cold Site
Alternate
Sites – Mobile Site
Reciprocal
agreement

Core
Data Network Key Terms and Technologies
OSI
Reference Model
Basic
Telephony
Remote
Access Security and Technologies
Network
Vulnerabilities, Network Attack and Countermeasures
Network
Access Controls (AAA and Firewalls)
Network
Availabilities Controls
Internet
Security Protocols
Multimedia
Security
Network
Audit

Basic
Programming Procedures: Coding and Compiling
Threats
in Software Environment
Application
Development Security Protections and Controls
Software
Protection Mechanisms
Malware
– Trojans
Malware
– Hoaxes
Malware
– Virus
Malware
– Worms
Other
Malware
Malware
Protections
DBMS
Architecture
Data
Warehouse
Database
Interface Language - ODBC
Database
Interface Language - OLEDB
XML
Database
Vulnerabilities, Threats and Protection
Web
Application Vulnerabilities, Threats and Protection

Roles
of System Administrators
Roles
of Security Administrators
Operation
Security Threats
7
types of Operation Security Controls
Operation
Security Control Methods
Continuity
of Operations
Change
Management
Patch
Management

Major
Legal System Overview
Major
Legal System - Common Law
Major
Legal System - Civil Law
Major
Legal System – Religious Law
Major
Legal System – Mixed Law
Intellectual
Properties Laws
Incident
Response
Digital
/ Electronic Evidence
Computer
Forensics