PT. HM. SAMPOERNA, Tbk. - Pasuruan Jawa Timur

INHOUSE TRAINING VBA MACRO PROGRAMMING

PT. PLN PERSERO MALUKU / MALUKU UTARA

INHOUSE TRAINING I.S GOVERNANCE

O-Shop, SCTV, Infotech (Jakarta)

PUBLIC TRAINING MAGENTO ADVANCED

PT. ASKRINDO - JAKARTA

PUBLIC TRAINING PMP PMBOK EXAM PREPARATION

Bank Fama International - Bandung

INHOUSE TRAINING CYBERSECURITY AWARENESS PROGRAM

Saturday, July 31, 2021

HERY PURNAMA CERTIFIED TRAINER cissp CISA, CISM, CDPSE, CRISC, CCISO, CDMP, CTFL , ITILF - JAKARTA BANDUNG

HERY PURNAMA 081-223344-506 IS A CERTIFIED TRAINER FOR TRAINING : CISSP , CISA, CISM, CDPSE, CRISC, CCISO, CDMP, CTFL , ITILF IN JAKARTA BANDUNG INDONESIA (inhousetrainer.net).

SYLLABUS TRAINING ,

Certified Information Systems Security Professional (CISSP) 



Durations  :


5 Days (09.00 – 16.00)


Descriptions :

The CISSP certification training develops your expertise in defining the IT architecture and in designing, building, and maintaining a secure business environment using globally approved information security standards. The CISSP training covers industry best practices and prepares you for the CISSP certification exam held by (ISC)².

A CISSP certification validates your skills in IT security. Cybersecurity Ventures predicts a total of 3.5 million Cyber Security jobs by 2021. The global Cyber Security market is expected to reach USD $282.3 Billion by 2024, growing at a rate of 11.1-percent annually.


Objectives :

This Certified Information Systems Security Professional (CISSP) certification course. To obtain the CISSP certification, candidates need to pass an exam that consists of mostly multiple-choice questions. The purpose of this course is to prepare you for the certification exam by introducing you to the concepts and terminology you need to know to pass.


This course is designed to provide you with extensive knowledge, learning strategies, and instructor support along the way. In addition to the exam, you must meet a few other requirements in order to become a Certified Information Systems Security Professional. You must demonstrate that you follow the CISSP Code of Ethics, have a minimum of five years full-time paid work experience in the systems security field, and hold an IS or IT degree. With that in mind, before enrolling in this course, be sure that this is the right course for you.


This course is designed for people who want to become certified security professionals and are looking for jobs that require the CISSP certification. The prerequisites for this course are basic knowledge in networking and some knowledge of systems operations. Throughout this course, you will learn about the basics of asset security, cryptography, security and risk management, and various threats and attacks. This is a theoretical course — not a practical one — and we will cover many regulations, laws, policies, standards, and encryption protocols. With the flashcards, interactive diagrams, video lessons, and instructor support included with this course, you are equipped with everything you need to successfully pass the exam and earn your CISSP certification.


Participants :


The CISSP Course is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

Chief Information Security Officer

Chief Information Officer

Director of Security

IT Director/Manager

Security Systems Engineer

Security Analyst

Security Manager

Security Auditor

Security Architect

Security Consultant

Network Architect


Prerequisites :

Roughly five years of direct full-time security work experience is recommended, but not required



Outlines :

DAY 1 

CISSP Introduction

DOMAIN 1 : SECURITY AND RISK MANAGEMENT

Understand and Apply Concepts of Confidentiality, Integrity, and Availability

Information Security

Evaluate and Apply Security Governance Principles

Alignment of Security Functions to Business Strategy, Goals, Mission,

and Objectives

Vision, Mission, and Strategy

Governance

Due Care

Determine Compliance Requirements

Legal Compliance

Jurisdiction

Legal Tradition

Legal Compliance Expectations

Understand Legal and Regulatory Issues That Pertain to Information Security in a

Global Context

Cyber Crimes and Data Breaches

Privacy

Understand, Adhere to, and Promote Professional Ethics

Ethical Decision-Making

Established Standards of Ethical Conduct

(ISC)² Ethical Practices

Develop, Document, and Implement Security Policy, Standards, Procedures,

and Guidelines

Organizational Documents

Policy Development

Policy Review Process

Identify, Analyze, and Prioritize Business Continuity Requirements

Contribute to and Enforce Personnel Security Policies and Procedures

Understand and Apply Risk Management Concepts

Understand and Apply Threat Modeling Concepts and Methodologies

Apply Risk-Based Management Concepts to the Supply Chain

Establish and Maintain a Security Awareness, Education, and Training Program

Questions & Answers

DOMAIN 2 : ASSET SECURITY

Asset Security Concepts

Data Policy

Data Governance

Data Quality

Data Documentation

Data Organization

Identify and Classify Information and Assets

Asset Classification

Determine and Maintain Information and Asset Ownership

Asset Management Lifecycle

Software Asset Management

Protect Privacy

Cross-Border Privacy and Data Flow Protection

Data Owners

Data Controllers

Data Processors

Data Stewards

Data Custodians

Data Remanence

Data Sovereignty

Data Localization or Residency

Government and Law Enforcement Access to Data

Collection Limitation

Understanding Data States

Data Issues with Emerging Technologies

Ensure Appropriate Asset Retention

Retention of Records

Determining Appropriate Records Retention

Retention of Records in Data Lifecycle

Records Retention Best Practices

Determine Data Security Controls

Technical, Administrative, and Physical Controls

Establishing the Baseline Security

Scoping and Tailoring

Standards Selection

Data Protection Methods

Establish Information and Asset Handling Requirements

Marking and Labeling

Handling

Declassifying Data

Storage

Questions & Answers

DAY 2

DOMAIN 3: SECURITY ARCHITECTURE AND ENGINEERING

Implement and Manage Engineering Processes Using Secure Design Principles

Saltzer and Schroeder’s Principles

ISO/IEC

Defense in Depth

Using Security Principles

Understand the Fundamental Concepts of Security Models

Select Controls Based upon Systems Security Requirements

Understand Security Capabilities of Information Systems

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and

Assess and Mitigate Vulnerabilities in Web-Based Systems

Assess and Mitigate Vulnerabilities in Mobile Systems

Insecure Devices

Mobile Device Management

Assess and Mitigate Vulnerabilities in Embedded Devices

Apply Cryptography

Cryptographic Lifecycle

Cryptographic Methods

Public Key Infrastructure

Key Management Practices

Digital Signatures

Non-Repudiation

Integrity

Understand Methods of Cryptanalytic Attacks

Digital Rights Management

Apply Security Principles to Site and Facility Design

Implement Site and Facility Security Controls

Physical Access Controls

Wiring Closets/Intermediate Distribution Facilities

Server Rooms/Data Centers

Media Storage Facilities

Evidence Storage

Restricted and Work Area Security

Utilities and Heating, Ventilation, and Air Conditioning

Environmental Issues

Fire Prevention, Detection, and Suppression

Questions & Answers

DOMAIN 4 : COMMUNICATION AND NETWORK SECURITY

Implement Secure Design Principles in Network Architectures

Open Systems Interconnection and Transmission Control

Internet Protocol Networking

Implications of Multilayer Protocols

Converged Protocols

Software-Defined Networks

Wireless Networks

Internet, Intranets, and Extranets

Demilitarized Zones

Virtual LANs

Secure Network Components

Firewalls

Network Address Translation

Intrusion Detection System

Security Information and Event Management

Network Security from Hardware Devices

Transmission Media

Endpoint Security

Implementing Defense in Depth

Content Distribution Networks

Implement Secure Communication Channels According to Design

Secure Voice Communications

Multimedia Collaboration

Remote Access

Data Communications

Virtualized Networks

Questions & Answers

DAY 3

DOMAIN 5 : IDENTITY AND ACCESS MANAGEMENT

Control Physical and Logical Access to Assets

Information

Systems

Devices

Facilities

Manage Identification and Authentication of People, Devices, and Services

Identity Management Implementation

Single Factor/Multifactor Authentication

Accountability

Session Management

Registration and Proofing of Identity

Federated Identity Management

Credential Management Systems

Integrate Identity as a Third-Party Service

On-Premise

Cloud

Federated

Implement and Manage Authorization Mechanisms

Role-Based Access Control

Rule-Based Access Control

Mandatory Access Control

Discretionary Access Control

Attribute-Based Access Control

Manage the Identity and Access Provisioning Lifecycle

User Access Review

System Account Access Review

Provisioning and Deprovisioning

Auditing and Enforcement

Questions & Answers

DAY 4

DOMAIN 6 : SECURITY ASSESSMENT AND TESTING

Design and Validate Assessment, Test, and Audit Strategies

Assessment Standards

Conduct Security Control Testing

Vulnerability Assessment

Penetration Testing

Log Reviews

Synthetic Transactions

Code Review and Testing

Misuse Case Testing

Test Coverage Analysis

Interface Testing

Collect Security Process Data

Account Management

Management Review and Approval

Key Performance and Risk Indicators

Backup Verification Data

Training and Awareness

Disaster Recovery and Business Continuity

Analyze Test Output and Generate Report

Conduct or Facilitate Security Audits

Internal Audits

External Audits

Third-Party Audits

Integrating Internal and External Audits

Auditing Principles

Audit Programs

Questions & Answers

DOMAIN 7: SECURITY OPERATIONS

Understand and Support Investigations

Evidence Collection and Handling

Reporting and Documentation

Investigative Techniques

Digital Forensics Tools, Techniques, and Procedures

Understand Requirements for Investigation Types

Administrative

Criminal

Civil

Regulatory

Industry Standards

Conduct Logging and Monitoring Activities

Define Auditable Events

Time

Protect Logs

Intrusion Detection and Prevention

Security Information and Event Management

Continuous Monitoring

Ingress Monitoring

Egress Monitoring

Securely Provision Resources

Asset Inventory

Asset Management

Configuration Management

Understand and Apply Foundational Security Operations Concepts

Need to Know/Least Privilege

Separation of Duties and Responsibilities

Privileged Account Management

Job Rotation

Information Lifecycle

Service Level Agreements

Apply Resource Protection Techniques to Media

Marking

Protecting

Transport

Sanitization and Disposal

Conduct Incident Management

An Incident Management Program

Detection

Response

Mitigation

Reporting

Recovery

Remediation

Lessons Learned

Third-Party Considerations

Operate and Maintain Detective and Preventative Measures

White-listing/Black-listing

Third-Party Security Services

Honeypots/Honeynets

Anti-Malware

Implement and Support Patch and Vulnerability Management

Understand and Participate in Change Management Processes

Implement Recovery Strategies

Backup Storage Strategies

Recovery Site Strategies

Multiple Processing Sites

System Resilience, High Availability, Quality of Service, and Fault Tolerance

Implement Disaster Recovery Processes

Response

Personnel

Communications

Assessment

Restoration

Training and Awareness

Test Disaster Recovery Plans

Read-Through/Tabletop

Walk-Through

Simulation

Parallel

Full Interruption

Participate in Business Continuity Planning and Exercises

Implement and Manage Physical Security

Physical Access Control

The Data Center

Address Personnel Safety and Security Concerns

Travel

Duress

Questions & Answers

DAY 5

DOMAIN 8: SOFTWARE DEVELOPMENT SECURITY

Understand and Integrate Security in the Software Development Lifecycle

Development Methodologies

Maturity Models

Operations and Maintenance

Change Management

Integrated Product Team

Identify and Apply Security Controls in Development Environments

Security of the Software Environment

Configuration Management as an Aspect of Secure Coding

Security of Code Repositories

Assess the Effectiveness of Software Security

Logging and Auditing of Changes

Risk Analysis and Mitigation

Assess the Security Impact of Acquired Software

Acquired Software Types

Software Acquisition Process

Relevant Standards

Software Assurance

Certification and Accreditation

Define and Apply Secure Coding Standards and Guidelines

Security Weaknesses and Vulnerabilities at the

Security of Application Programming Interfaces

Secure Coding Practices

Questions & Answers