PT. HM. SAMPOERNA, Tbk. - Pasuruan Jawa Timur

INHOUSE TRAINING VBA MACRO PROGRAMMING

PT. PLN PERSERO MALUKU / MALUKU UTARA

INHOUSE TRAINING I.S GOVERNANCE

O-Shop, SCTV, Infotech (Jakarta)

PUBLIC TRAINING MAGENTO ADVANCED

PT. ASKRINDO - JAKARTA

PUBLIC TRAINING PMP PMBOK EXAM PREPARATION

Bank Fama International - Bandung

INHOUSE TRAINING CYBERSECURITY AWARENESS PROGRAM

Monday, September 20, 2021

TRAINER DATA STORYTELLING DI JAKARTA BANDUNG

 Hery Purnama 081223344506, Certified Trainer for Training Data Storytelling in Jakarta, Bandung, Surabaya , Indonesia. For inquiry please contact Mr. Hery Purnama

Syllabus Data Storytelling

Duration : 2 Days (09.00-16.00)

Description

The unprecedented evolution and progress of technology in the recent past decades has led to the ease of capture and surge of storage capacity for data for everyone. With the saying that ‘data is the new oil’, we have witnessed organizations undergo transformation in their business models, new companies built on data platforms and the rise of various data products that has become part and parcel of our everyday life.

In light of all these head spinning developments there is one truth that needs to be remembered: data captured and stored but not processed is wasteful and useless. All the developments mentioned above became possible because data was made sense of- that is it was turned to information upon which insights were generated which were in turn used to drive better business-decision making, improve business operations or to craft new business strategies.

This course focuses on fundamental concepts and best practices for effective communication with data- something that sits between the crosshairs of science and art. It seeks to enable you to tell the story of your data and not just merely to show data. It is primarily designed for beginners in the field of business analytics or data science who quickly wants to learn how to effectively and efficiently communicate the insights they have discovered from a data exploratory analysis and be able to significantly contribute to the improvement or transformation of their respective organization.

What you'll learn

·         Draft the main message behind your data story

·         Utilize and conceptually construct the appropriate type of visualization for your data

·         Identify needed improvements and refinements on a visualization to make it more effective for communication

·         Smoothly and effectively convey the story behind your data

Requirements

·         No Specific Requirement needed

Who this course is for:

·         Those with interest and beginners in business and data analytics

·         People in the field of business intelligence

·         Those who want to learn explanatory data analysis

·         People who want to learn data visualization

·         Those who want to brush up their skills in data storytelling

·         For executives and managers who wants to know what good visualization and storytelling is like but who are not mainly responsible or tasked to do it.

 

Course content

 

Contextualizing the Data Story  • 

·         What is Data Storytelling

 

·         Why Data Storytelling and Its Steps

 

·         Clarifying the Context

 

·         Clarifying the Context Exercise

 

·         Crafting Your Message

 

·         Storyboarding

 

·         Clarifying the Context and Crafting Your Message

 

·         Crafting Your Message and Storyboarding Exercise

 

 

Choosing the Visualization  • 

 

·         Introduction to Visualization and Its Key Components

 

·         Visualization Title, Cues, Coordinate Systems and Scales

 

·         Visualization Basics

 

·         Position as Visual Cue and the Scatterplot

 

·         Direction as Visual Cue and the Line Plot

 

·         Length as Visual Cue and the Bar Chart

 

·         Area as Visual Cue and the Pie Chart

 

·         A Guide for Choosing Your Data Visualization

 

·         Chart Types

 

·         Visualization Tips Things to Avoid and Remember

 

·         Choosing and Constructing a Visualization

 

·         From Your Message to Data Visualization

 

 

Decluttering a Visualization  • 

 

·         Tufte's Data-to-Ink Ratio

 

·         Undertsanding Clutter

 

·         Common Types of Visual Clutter

 

·         Gestalt's Principle of Visual Perception

 

·         Principles of Similarity, Proximity and Enclosure

 

·         Principles of Closure, Continuity and Connection

 

·         Clutter and Visual Perception

 

·         Visualization Improvement Exercise

 

Enhancing Your Visualization  • 

 

·         Design Concepts for Enhancement

 

·         Pre-attentive Processing

 

·         Pre-attentive Attributes Introduction

 

·         Position, Color and Size Attributes

 

·         Pre-attentive Attributes

 

·         Affordances Eliminating Distraction

 

·         Visualization Accessibility

 

·         Visualization Aesthetics

 

·         Other Design Concepts for Visualization Enhancement

 

·         Enhancing Visualization Exercise

 

·         Enhancing the Visualization for Your Data Story

 

 

Crafting the Data Story  • 

 

·         Story Structure and Storytelling Tips

 

·         Creating the Narrative Structure and Flow

 

·         Storytelling and Narrative

 

·         Crafting Your Data Story

 

 

 Other topics : ITIL V.4, COBIT 2019 Foundation, COBIT 2019 Design & Implementation, TOGAF 9, Data Story Telling, CISM, CISA, CISSP, CDPSE, QA Automation, Capacity Management, ITAM, ISO 27001, ISO 31000,for Inquiry please contact Hery Purnama 081223344506




Thursday, September 2, 2021

TRAINER COBIT 2019 JAKARTA BANDUNG

Certified Trainer HERY PURNAMA 081223344506, COBIT 2019 Trainer di Jakarta Bandung , Trainer COBIT 2019 Exam Preparation Training dengan pengalaman di Industri IT sebagai IT Consultant, IT Auditor, IT Security Manager, IT Operations Manager dan IT Director selama lebih dari 20 tahun.



Undangan Mengajar Topik COBIT 2019 Training silahkan hubungi Bapak Hery Purnama di Whatsapp 081223344506


Pencarian lainnya terkait COBIT 2019 Trainer :


Cari Trainer CISSP, 

Download COBIT 2019 Exam Preparation,

Cara Daftar Ujian COBIT,

Silabus COBIT 2019 Exam preparation,

Download Bank Soal COBIT 2019 pdf,

Harga Ujian COBIT,

Training COBIT 2019 di Jakarta,

Training COBIT 2019 di Bandung,

Online COBIT 2019 Training,

Review Manual COBIT 2019 pdf Download,

Ujian Online cobit,

Materi Training cobit,

Hery Purnama Trainer COBIT,

COBIT 2019 Exam Practice PDF Download free,

Tempat Ujian COBIT,

COBIT 2019 Free Exam Practice Question answer,

Trainer Terbaik,

Praktisi IT Indonesia


What is COBIT 2019 / Apakah COBIT 2019 ISACA 


COBIT is a framework of the best practices for IT management (IT Governance). It is a set of the best practices and procedures that help the organization to achieve strategic objectives through an effective use of available resources and minimization of the IT risks. COBIT interconnects Enterprise governance and IT Governance. This connection is realized by linking business and IT goals, defining metrics and maturity models to measure achievement of objectives and defining the responsibilities of owners of business and IT processes.[1]



The first COBIT version was released by ISACA organization in 1996.The first edition consisted of the framework, the second one was extended to include audit guidelines, an implementation toolset and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). Current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.


LATEST VERSION IS COBIT 2019



Topik Training Sertifikasi lainnya yang di deliver oleh Bapak Hery Purnama Seorang praktisi dan Trainer CISA, CISSP, CISSP, TOGAF, ITIL FOUNDATION, COBIT FOUNDATION, COBIT 2019  DESIGN , PMP, CAPM, DMBOK, CDMP, ISTQB CTFL, DATA SECURITY, CCISO, ARCHIMATE, CRISC, CDPSE, UML, BIGDATA, DATA ANALYTICS, DATA SCIENCE, DATA STORYTELLING , OPERATIONS MANAGEMENT CAPACITY PLANNING, IBM COGNOS, APACHE NIFI, PYTHON DATA SCIENCE, POWER BI




CISSP TRAINER DI JAKARTA BANDUNG

Certified Trainer HERY PURNAMA 081223344506, CISSP Trainer di Jakarta Bandung , Trainer CISSP Exam Preparation Training dengan pengalaman di Industri IT sebagai IT Consultant, IT Auditor, IT Security Manager, IT Operations Manager dan IT Director selama lebih dari 20 tahun.


Undangan Mengajar Topik CISSP Training silahkan hubungi Bapak Hery Purnama di Whatsapp 081223344506


Pencarian lainnya terkait CISSP Trainer :


Cari Trainer CISSP, 

Download CISSP Exam Preparation,

Cara Daftar Ujian CISSP,

Silabus CISSP Exam preparation,

Download Bank Soal CISSP pdf,

Harga Ujian CISSP,

Training CISSP di Jakarta,

Training CISSP di Bandung,

Online CISSP Training,

Review Manual CISSP pdf Download,

Ujian Online CISSP,

Materi Training CISSP,

Hery Purnama Trainer CISSP,

CISSP Exam Practice PDF Download free,

Tempat Ujian CISSP,

CISSP Free Exam Practice Question answer,

Trainer Terbaik,

Praktisi IT Indonesia




What is CISSP / Apakah CISSP ISC2



Certified Information Security Manager (CISSP) adalah sertifikasi profesional untuk manajer keamanan informasi yang diberikan oleh ISACA. CISSP bertujuan memberikan pengetahuan umum pada bidang keamanan informasi dan mencakup pengetahuan mengenai manajemen risiko informasi, tata kelola keamanan informasi, serta isu-isu praktis seperti pengembangan dan pengelolaan program keamanan informasi serta manajemen insiden.


Untuk mendapatkan sertifikasi CISSP, kandidat harus melalui ujian tulis sertifikasi serta memiliki pengalaman paling tidak lima tahun di bidang keamanan informasi. Biasanya, profesional yang telah memiliki sertifikasi CISA atau CISSP juga berupaya mendapatkan sertifikasi CISSP.


Topik Training Sertifikasi lainnya yang di deliver oleh Bapak Hery Purnama Seorang praktisi dan Trainer CISA, CISSP, CISSP, TOGAF, ITIL FOUNDATION, COBIT FOUNDATION, COBIT 2019 DESIGN , PMP, CAPM, DMBOK, CDMP, ISTQB CTFL, DATA SECURITY, CCISO, ARCHIMATE, CRISC, CDPSE, UML, BIGDATA, DATA ANALYTICS, DATA SCIENCE, DATA STORYTELLING , OPERATIONS MANAGEMENT CAPACITY PLANNING, IBM COGNOS, APACHE NIFI, PYTHON DATA SCIENCE, POWER BI




TRAINER CISM EXAM PREPARATION DI JAKARTA BANDUNG

Certified Trainer HERY PURNAMA 081223344506, CISM Trainer di Jakarta Bandung , Trainer CISM Exam Preparation Training dengan pengalaman di Industri IT sebagai IT Consultant, IT Auditor, IT Security Manager, IT Operations Manager dan IT Director selama lebih dari 20 tahun.



Undangan Mengajar Topik CISM Training silahkan hubungi Bapak Hery Purnama di Whatsapp 081223344506


Pencarian lainnya terkait CISM Trainer :


Cari Trainer CISM, 

Download CISM Exam Preparation,

Cara Daftar Ujian CISM,

Silabus CISM Exam preparation,

Download Bank Soal CISM pdf,

Harga Ujian CISM,

Training CISM di Jakarta,

Training CISM di Bandung,

Online CISM Training,

Review Manual CISM pdf Download,

Ujian Online CISM,

Materi Training CISM,

Hery Purnama Trainer CISM,

CISM Exam Practice PDF Download free,

Tempat Ujian CISM,

CISM Free Exam Practice Question answer,

Trainer Terbaik,

Praktisi IT Indonesia




What is CISM / Apakah CISM


Certified Information Security Manager (CISM) adalah sertifikasi profesional untuk manajer keamanan informasi yang diberikan oleh ISACA. CISM bertujuan memberikan pengetahuan umum pada bidang keamanan informasi dan mencakup pengetahuan mengenai manajemen risiko informasi, tata kelola keamanan informasi, serta isu-isu praktis seperti pengembangan dan pengelolaan program keamanan informasi serta manajemen insiden.


Untuk mendapatkan sertifikasi CISM, kandidat harus melalui ujian tulis sertifikasi serta memiliki pengalaman paling tidak lima tahun di bidang keamanan informasi. Biasanya, profesional yang telah memiliki sertifikasi CISA atau CISSP juga berupaya mendapatkan sertifikasi CISM.


Topik Training Sertifikasi lainnya yang di deliver oleh Bapak Hery Purnama Seorang praktisi dan Trainer CISA, CISM, CISSP, TOGAF, ITIL FOUNDATION, COBIT FOUNDATION, COBIT 2019 DESIGN , PMP, CAPM, DMBOK, CDMP, ISTQB CTFL, DATA SECURITY, CCISO, ARCHIMATE, CRISC, CDPSE, UML, BIGDATA, DATA ANALYTICS, DATA SCIENCE, DATA STORYTELLING , OPERATIONS MANAGEMENT CAPACITY PLANNING, IBM COGNOS, APACHE NIFI, PYTHON DATA SCIENCE, POWER BI




TRAINER CISA EXAM PREPARATION DI JAKARTA BANDUNG

Certified Trainer HERY PURNAMA 081223344506, CISA Trainer di Jakarta Bandung , Trainer CISA Exam Preparation Training dengan pengalaman di Industri IT sebagai IT Consultant, IT Auditor, IT Security Manager, IT Operations Manager dan IT Director selama lebih dari 20 tahun.

Undangan Mengajar Topik CISA Training silahkan hubungi Bapak Hery Purnama di Whatsapp 081223344506



Informasi lainnya terkait CISA 

- Cari Trainer Cisa

- Download CISA Exam Preparation

- Cara Daftar Ujian CISA

- Silabus CISA Exam preparation

- Bank Soal CISA

- Harga Ujian CISA

- Training CISA di Jakarta

- Training CISA di Bandung

- Online CISA Training

- Review Manual CISA pdf Download

- Ujian Online CISA

- Materi Training CISA

- Hery Purnama Trainer CISA

- CISA Exam Practice PDF Download free


What is CISA / Apakah CISA


Certified Information Systems Auditor (CISA) adalah sertifikasi profesional audit sistem informasi yang disponsori oleh ISACA.

Sertifikasi ini dibentuk pada tahun 1978 dan ujiannya untuk pertama kali diadakan pada tahun 1981. Awalnya ujian CISA diadakan sekali setahun pada setiap bulan Juni. Pada tahun 2005, ISACA mengumumkan bahwa ujian CISA diadakan setiap dua kali tiap tahun, pada bulan Juni dan Desember, mulai tahun 2005 tersebut.

Hery Purnama Adalah  Trainer bersertifikasi CISA dengan pengalaman mengajar CISA lebih dari 5 tahun baik di instansi pemerintah ataupun Swasta, hubungi whatsapp 081223344506 untuk undangan mengajar di tempat Anda atau menggunakan media online 




Monday, August 9, 2021

HERY PURNAMA TRAINER COBIT 2019 DESIGN AND IMPLEMENTATION - JAKARTA, BANDUNG

Hery Purnama 081223344506 Is COBIT Trainer , COBIT 2019 Design And Implementation in Jakarta and Bandung



COBIT TRAINER JAKARTA, BANDUNG, SURABAYA

 COBIT®2019 Design & Implementation 

COBIT® 2019 is ISACA's framework for effective and strategic governance of information and technology (EGIT). Effective governance over information and technology is critical to business success, and this new release further cements COBIT’s continuing role as an important driver of innovation and business transformation.

This Design and Implementation course is intended for experienced users to COBIT who are interested in more advanced use of the framework, i.e. designing governance systems and running governance improvement programs. This course requires the COBIT 2019 Foundation Certificate to be successfully achieved. This two-day course is structured around the COBIT 2019 Design Guide and the COBIT 2019 Implementation Guide.

Objectives

At the conclusion of the course, attendees will be able to

Describe the key concepts of COBIT 2019 as taught in the COBIT Foundation course.

Describe the benefits of the COBIT 2019 Design Guide for its target audience.

Describe the current design factors in COBIT 2019.

Apply the design factor concept to identify relevant values.

Describe the impact design factors can have on the design of a governance system.

Describe the design workflow of a governance system.

Use the steps in the design workflow for governance systems.

Apply the design workflow to a concrete situation in order to obtain

a governance system design.

Describe and use the design guide toolkit in a concrete situation.

 


Use the mapping tables between design factors

and governance/management objectives pragmatically.

Describe purpose and scope of the COBIT 2019 Implementation Guide.

Apply the implementation methodology and approach for a governance implementation program.

Combine the process from both the COBIT 2019 Implementation Guide and the COBIT 2019 Design Guide to use in concrete situations.

Apply the objectives, descriptions and tasks of the seven implementation phases in concrete situations.

Apply the challenges, root causes and critical success factors of the

seven implementation phases to concrete situations.

Apply the key decision topics and related responsibilities for governance implementation to concrete situations.


The session COBIT® 2019 Design & Implementation (ISACA®) is aimed to any stakeholder with responsibilities for designing enterprise governance systems and implementing governance systems within their organization.

COBIT 2019 is intended namely for

Chief Executives

Business management

IT/IS auditors

Internal auditors

Information security and IT practitioners

Consultants

IT service managers.

IT/IS management

Any stakeholder with responsibilities for the governance and management of information and technology


This course requires the COBIT 2019 Foundation Certificate to be successfully achieved.


The COBIT 2019 Design & Implementation training covers 7 modules:

1. COBIT 2019 Basic Concepts – 8%

2. Design Factors for a Governance System– 15%

3. Impact of Design Factors – 3%

4. The Governance System Design Workflow – 32%

5. Implementing and Optimizing I&T Governance Overview– 7%

 


6. Governance Implementation Lifecycle – 32%

7. Key Topics Decision Matrix -3%


2-day classroom excluding the certification exam.


Exam voucher can be purchased, allowing to take the remote-proctored exam online1 on the ISACA website.


Three hours (180 minutes) are foreseen to complete the closed book exam. Each multiple-choice question has four options with only one correct answer. A score of 65% or higher is required to pass the exam.


Friday, July 30, 2021

HERY PURNAMA CERTIFIED TRAINER cissp CISA, CISM, CDPSE, CRISC, CCISO, CDMP, CTFL , ITILF - JAKARTA BANDUNG

HERY PURNAMA 081-223344-506 IS A CERTIFIED TRAINER FOR TRAINING : CISSP , CISA, CISM, CDPSE, CRISC, CCISO, CDMP, CTFL , ITILF IN JAKARTA BANDUNG INDONESIA (inhousetrainer.net).

SYLLABUS TRAINING ,

Certified Information Systems Security Professional (CISSP) 



Durations  :


5 Days (09.00 – 16.00)


Descriptions :

The CISSP certification training develops your expertise in defining the IT architecture and in designing, building, and maintaining a secure business environment using globally approved information security standards. The CISSP training covers industry best practices and prepares you for the CISSP certification exam held by (ISC)².

A CISSP certification validates your skills in IT security. Cybersecurity Ventures predicts a total of 3.5 million Cyber Security jobs by 2021. The global Cyber Security market is expected to reach USD $282.3 Billion by 2024, growing at a rate of 11.1-percent annually.


Objectives :

This Certified Information Systems Security Professional (CISSP) certification course. To obtain the CISSP certification, candidates need to pass an exam that consists of mostly multiple-choice questions. The purpose of this course is to prepare you for the certification exam by introducing you to the concepts and terminology you need to know to pass.


This course is designed to provide you with extensive knowledge, learning strategies, and instructor support along the way. In addition to the exam, you must meet a few other requirements in order to become a Certified Information Systems Security Professional. You must demonstrate that you follow the CISSP Code of Ethics, have a minimum of five years full-time paid work experience in the systems security field, and hold an IS or IT degree. With that in mind, before enrolling in this course, be sure that this is the right course for you.


This course is designed for people who want to become certified security professionals and are looking for jobs that require the CISSP certification. The prerequisites for this course are basic knowledge in networking and some knowledge of systems operations. Throughout this course, you will learn about the basics of asset security, cryptography, security and risk management, and various threats and attacks. This is a theoretical course — not a practical one — and we will cover many regulations, laws, policies, standards, and encryption protocols. With the flashcards, interactive diagrams, video lessons, and instructor support included with this course, you are equipped with everything you need to successfully pass the exam and earn your CISSP certification.


Participants :


The CISSP Course is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

Chief Information Security Officer

Chief Information Officer

Director of Security

IT Director/Manager

Security Systems Engineer

Security Analyst

Security Manager

Security Auditor

Security Architect

Security Consultant

Network Architect


Prerequisites :

Roughly five years of direct full-time security work experience is recommended, but not required



Outlines :

DAY 1 

CISSP Introduction

DOMAIN 1 : SECURITY AND RISK MANAGEMENT

Understand and Apply Concepts of Confidentiality, Integrity, and Availability

Information Security

Evaluate and Apply Security Governance Principles

Alignment of Security Functions to Business Strategy, Goals, Mission,

and Objectives

Vision, Mission, and Strategy

Governance

Due Care

Determine Compliance Requirements

Legal Compliance

Jurisdiction

Legal Tradition

Legal Compliance Expectations

Understand Legal and Regulatory Issues That Pertain to Information Security in a

Global Context

Cyber Crimes and Data Breaches

Privacy

Understand, Adhere to, and Promote Professional Ethics

Ethical Decision-Making

Established Standards of Ethical Conduct

(ISC)² Ethical Practices

Develop, Document, and Implement Security Policy, Standards, Procedures,

and Guidelines

Organizational Documents

Policy Development

Policy Review Process

Identify, Analyze, and Prioritize Business Continuity Requirements

Contribute to and Enforce Personnel Security Policies and Procedures

Understand and Apply Risk Management Concepts

Understand and Apply Threat Modeling Concepts and Methodologies

Apply Risk-Based Management Concepts to the Supply Chain

Establish and Maintain a Security Awareness, Education, and Training Program

Questions & Answers

DOMAIN 2 : ASSET SECURITY

Asset Security Concepts

Data Policy

Data Governance

Data Quality

Data Documentation

Data Organization

Identify and Classify Information and Assets

Asset Classification

Determine and Maintain Information and Asset Ownership

Asset Management Lifecycle

Software Asset Management

Protect Privacy

Cross-Border Privacy and Data Flow Protection

Data Owners

Data Controllers

Data Processors

Data Stewards

Data Custodians

Data Remanence

Data Sovereignty

Data Localization or Residency

Government and Law Enforcement Access to Data

Collection Limitation

Understanding Data States

Data Issues with Emerging Technologies

Ensure Appropriate Asset Retention

Retention of Records

Determining Appropriate Records Retention

Retention of Records in Data Lifecycle

Records Retention Best Practices

Determine Data Security Controls

Technical, Administrative, and Physical Controls

Establishing the Baseline Security

Scoping and Tailoring

Standards Selection

Data Protection Methods

Establish Information and Asset Handling Requirements

Marking and Labeling

Handling

Declassifying Data

Storage

Questions & Answers

DAY 2

DOMAIN 3: SECURITY ARCHITECTURE AND ENGINEERING

Implement and Manage Engineering Processes Using Secure Design Principles

Saltzer and Schroeder’s Principles

ISO/IEC

Defense in Depth

Using Security Principles

Understand the Fundamental Concepts of Security Models

Select Controls Based upon Systems Security Requirements

Understand Security Capabilities of Information Systems

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and

Assess and Mitigate Vulnerabilities in Web-Based Systems

Assess and Mitigate Vulnerabilities in Mobile Systems

Insecure Devices

Mobile Device Management

Assess and Mitigate Vulnerabilities in Embedded Devices

Apply Cryptography

Cryptographic Lifecycle

Cryptographic Methods

Public Key Infrastructure

Key Management Practices

Digital Signatures

Non-Repudiation

Integrity

Understand Methods of Cryptanalytic Attacks

Digital Rights Management

Apply Security Principles to Site and Facility Design

Implement Site and Facility Security Controls

Physical Access Controls

Wiring Closets/Intermediate Distribution Facilities

Server Rooms/Data Centers

Media Storage Facilities

Evidence Storage

Restricted and Work Area Security

Utilities and Heating, Ventilation, and Air Conditioning

Environmental Issues

Fire Prevention, Detection, and Suppression

Questions & Answers

DOMAIN 4 : COMMUNICATION AND NETWORK SECURITY

Implement Secure Design Principles in Network Architectures

Open Systems Interconnection and Transmission Control

Internet Protocol Networking

Implications of Multilayer Protocols

Converged Protocols

Software-Defined Networks

Wireless Networks

Internet, Intranets, and Extranets

Demilitarized Zones

Virtual LANs

Secure Network Components

Firewalls

Network Address Translation

Intrusion Detection System

Security Information and Event Management

Network Security from Hardware Devices

Transmission Media

Endpoint Security

Implementing Defense in Depth

Content Distribution Networks

Implement Secure Communication Channels According to Design

Secure Voice Communications

Multimedia Collaboration

Remote Access

Data Communications

Virtualized Networks

Questions & Answers

DAY 3

DOMAIN 5 : IDENTITY AND ACCESS MANAGEMENT

Control Physical and Logical Access to Assets

Information

Systems

Devices

Facilities

Manage Identification and Authentication of People, Devices, and Services

Identity Management Implementation

Single Factor/Multifactor Authentication

Accountability

Session Management

Registration and Proofing of Identity

Federated Identity Management

Credential Management Systems

Integrate Identity as a Third-Party Service

On-Premise

Cloud

Federated

Implement and Manage Authorization Mechanisms

Role-Based Access Control

Rule-Based Access Control

Mandatory Access Control

Discretionary Access Control

Attribute-Based Access Control

Manage the Identity and Access Provisioning Lifecycle

User Access Review

System Account Access Review

Provisioning and Deprovisioning

Auditing and Enforcement

Questions & Answers

DAY 4

DOMAIN 6 : SECURITY ASSESSMENT AND TESTING

Design and Validate Assessment, Test, and Audit Strategies

Assessment Standards

Conduct Security Control Testing

Vulnerability Assessment

Penetration Testing

Log Reviews

Synthetic Transactions

Code Review and Testing

Misuse Case Testing

Test Coverage Analysis

Interface Testing

Collect Security Process Data

Account Management

Management Review and Approval

Key Performance and Risk Indicators

Backup Verification Data

Training and Awareness

Disaster Recovery and Business Continuity

Analyze Test Output and Generate Report

Conduct or Facilitate Security Audits

Internal Audits

External Audits

Third-Party Audits

Integrating Internal and External Audits

Auditing Principles

Audit Programs

Questions & Answers

DOMAIN 7: SECURITY OPERATIONS

Understand and Support Investigations

Evidence Collection and Handling

Reporting and Documentation

Investigative Techniques

Digital Forensics Tools, Techniques, and Procedures

Understand Requirements for Investigation Types

Administrative

Criminal

Civil

Regulatory

Industry Standards

Conduct Logging and Monitoring Activities

Define Auditable Events

Time

Protect Logs

Intrusion Detection and Prevention

Security Information and Event Management

Continuous Monitoring

Ingress Monitoring

Egress Monitoring

Securely Provision Resources

Asset Inventory

Asset Management

Configuration Management

Understand and Apply Foundational Security Operations Concepts

Need to Know/Least Privilege

Separation of Duties and Responsibilities

Privileged Account Management

Job Rotation

Information Lifecycle

Service Level Agreements

Apply Resource Protection Techniques to Media

Marking

Protecting

Transport

Sanitization and Disposal

Conduct Incident Management

An Incident Management Program

Detection

Response

Mitigation

Reporting

Recovery

Remediation

Lessons Learned

Third-Party Considerations

Operate and Maintain Detective and Preventative Measures

White-listing/Black-listing

Third-Party Security Services

Honeypots/Honeynets

Anti-Malware

Implement and Support Patch and Vulnerability Management

Understand and Participate in Change Management Processes

Implement Recovery Strategies

Backup Storage Strategies

Recovery Site Strategies

Multiple Processing Sites

System Resilience, High Availability, Quality of Service, and Fault Tolerance

Implement Disaster Recovery Processes

Response

Personnel

Communications

Assessment

Restoration

Training and Awareness

Test Disaster Recovery Plans

Read-Through/Tabletop

Walk-Through

Simulation

Parallel

Full Interruption

Participate in Business Continuity Planning and Exercises

Implement and Manage Physical Security

Physical Access Control

The Data Center

Address Personnel Safety and Security Concerns

Travel

Duress

Questions & Answers

DAY 5

DOMAIN 8: SOFTWARE DEVELOPMENT SECURITY

Understand and Integrate Security in the Software Development Lifecycle

Development Methodologies

Maturity Models

Operations and Maintenance

Change Management

Integrated Product Team

Identify and Apply Security Controls in Development Environments

Security of the Software Environment

Configuration Management as an Aspect of Secure Coding

Security of Code Repositories

Assess the Effectiveness of Software Security

Logging and Auditing of Changes

Risk Analysis and Mitigation

Assess the Security Impact of Acquired Software

Acquired Software Types

Software Acquisition Process

Relevant Standards

Software Assurance

Certification and Accreditation

Define and Apply Secure Coding Standards and Guidelines

Security Weaknesses and Vulnerabilities at the

Security of Application Programming Interfaces

Secure Coding Practices

Questions & Answers