CISSPمتخصص معتمد في أمن نظم المعلومات
نبذة عن الدورة التدريبية
يثبت الحصول على CISSP أن لديك ما يلزم لتصميم وتنفيذ وإدارة أفضل برنامج للأمن السيبراني في فئته بشكل فعال. باستخدام CISSP، يمكنك التحقق من خبرتك وتصبح عضوًا في (ISC)²، مما يفتح مجموعة واسعة من الموارد الحصرية والأدوات التعليمية وفرص التواصل بين الأقران.
المخرجات الرئيسية
محتوى الدورة التدريبية
→ (ISC)2 Code of Professional Ethics
→ Organizational code of ethics
→ Confidentiality, integrity, and availability, authenticity and nonrepudiation
→ Alignment of the security function to business strategy, goals, mission, and objectives
→ Organizational processes (e.g., acquisitions, divestitures, governance committees)
→ Organizational roles and responsibilities
→ Security control frameworks
→ Due care/due diligence
→ Contractual, legal, industry standards, and regulatory requirements
→ Privacy requirements
→ Cybercrimes and data breaches
→ Licensing and Intellectual Property (IP) requirements
→ Import/export controls
→ Transborder data flow
→ Privacy
→ Business Impact Analysis (BIA)
→ Develop and document the scope and the plan
→ Candidate screening and hiring
→ Employment agreements and policies
→ Onboarding, transfers, and termination processes
→ Vendor, consultant, and contractor agreements and controls
→ Compliance policy requirements
→ Privacy policy requirements
→ Identify threats and vulnerabilities
→ Risk assessment/analysis
→ Risk response
→ Countermeasure selection and implementation
→ Applicable types of controls (e.g., preventive,
detective, corrective)
→ Control assessments (security and privacy)
→ Monitoring and measurement
→ Reporting
→ Continuous improvement
(e.g., Risk maturity modeling)
→ Risk frameworks
→ Risks associated with hardware, software,
and services
→ Third-party assessment and monitoring
→ Minimum security requirements
→ Service level requirements
→ Methods and techniques to present awareness and training (e.g., social engineering,
phishing, security champions, gamification)
→ Periodic content reviews
→ Program effectiveness evaluation
→ Data classification
→ Asset Classification
→ Information and asset ownership
→ Asset inventory (e.g., tangible, intangible)
→ Asset management
→ Data roles (i.e., owners, controllers, custodians,
processors, users/subjects)
→ Data collection
→ Data location
→ Data maintenance
→ Data retention
→ Data remanence
→ Data destruction
→ Data states (e.g., in use, in transit, at rest)
→ Scoping and tailoring
→ Standards selection
→ Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP),
Cloud Access Security Broker (CASB)
→ Threat modeling
→ Least privilege
→ Defense in depth
→ Secure defaults
→ Fail securely
→ Separation of Duties (SoD)
→ Keep it simple
→ Zero Trust
→ Privacy by design
→ Trust but verify
→ Shared responsibility
→ Client-based systems
→ Server-based systems
→ Database systems
→ Cryptographic systems
→ Industrial Control Systems (ICS)
→ Cloud-based systems (e.g., Software as a Service
(SaaS), Infrastructure as a Service (IaaS), Platform as
a Service (PaaS))
→ Distributed systems
→ Internet of Things (IoT)
→ Microservices
→ Containerization
→ Serverless
→ Embedded systems
→ High-Performance Computing (HPC) systems
→ Edge computing systems
→ Virtualized systems
→ Cryptographic life cycle (e.g., keys, algorithm
selection)
→ Cryptographic methods (e.g., symmetric,
asymmetric, elliptic curves, quantum)
→ Public Key Infrastructure (PKI)
→ Key management practices
→ Digital signatures and digital certificates
→ Non-repudiation
→ Integrity (e.g., hashing)
→ Brute force
→ Ciphertext only
→ Known plaintext
→ Frequency analysis
→ Chosen ciphertext
→ Implementation attacks
→ Side-channel
→ Fault injection
→ Timing
→ Man-in-the-Middle (MITM)
→ Pass the hash
→ Kerberos exploitation
→ Ransomware
Wiring closets/intermediate distribution facilities
→ Server rooms/data centers
→ Media storage facilities
→ Evidence storage
→ Restricted and work area security
→ Utilities and Heating, Ventilation, and Air
Conditioning (HVAC)
→ Environmental issues
→ Fire prevention, detection, and suppression
→ Power (e.g., redundant, backup)
Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
→ Internet Protocol (IP) networking (e.g., Internet Protocol Security (IPSec), Internet Protocol (IP) v4/6)
→ Secure protocols
→ Implications of multilayer protocols
→ Converged protocols (e.g., Fiber Channel Over Ethernet (FCoE),
Internet Small Computer Systems Interface (iSCSI), Voice over Internet Protocol (VoIP))
→ Micro-segmentation (e.g., Software Defined Networks (SDN), Virtual eXtensible Local Area Network (VXLAN),
Encapsulation, Software-Defined Wide Area Network (SD-WAN))
→ Wireless networks (e.g., Li-Fi, Wi-Fi, Zigbee, satellite)
→ Cellular networks (e.g., 4G, 5G)
→ Content Distribution Networks (CDN)
→Operation of hardware
(e.g., redundant power, warranty, support)
→ Transmission media
→ Network Access Control (NAC) devices
→ Endpoint security
→ Voice
→ Multimedia collaboration
→ Remote access
→ Data communications
→ Virtualized networks
→ Third-party connectivity
→ Information
→ Systems
→ Devices
→ Facilities
→ Applications
→ Identity Management (IdM) implementation
→ Single/Multi-Factor Authentication (MFA)
→ Accountability
→ Session management
→ Registration, proofing, and establishment
of identity
→ Federated Identity Management (FIM)
→ Credential management systems
→ Single Sign On (SSO)
→ Just-In-Time (JIT)
→ On-premise
→ Cloud
→ Hybrid
→ Role Based Access Control (RBAC)
→ Rule based access control
→ Mandatory Access Control (MAC)
→ Discretionary Access Control (DAC)
→ Attribute Based Access Control (ABAC)
→ Risk based access control
→ Account access review (e.g., user, system, service)
→ Provisioning and deprovisioning
(e.g., on /off boarding and transfers)
→ Role definition (e.g., people assigned to new roles)
→ Privilege escalation (e.g., managed service
accounts, use of sudo, minimizing its use)
→ OpenID Connect (OIDC)/Open Authorization
(Oauth)
→ Security Assertion Markup Language (SAML)
→ Kerberos
→ Remote Authentication Dial-In User Service
(RADIUS)/Terminal Access Controller Access
Control System Plus (TACACS+)
→ Internal
→ External
→ Third-party
→ Vulnerability assessment
→ Penetration testing
→ Log reviews
→ Synthetic transactions
→ Code review and testing
→ Misuse case testing
→ Test coverage analysis
→ Interface testing
→ Breach attack simulations
→ Compliance checks
→ Account management
→ Management review and approval
→ Key performance and risk indicators
→ Backup verification data
→ Training and awareness
→ Disaster Recovery (DR) and Business Continuity
(BC)
→ Remediation
→ Exception handling
→ Ethical disclosure
→ Internal
→ External
→ Third-party
→ Evidence collection and handling
→ Reporting and documentation
→ Investigative techniques
→ Digital forensics tools, tactics, and procedures
→ Artifacts (e.g., computer, network, mobile device)
→ Intrusion detection and prevention
→ Security Information and Event Management
(SIEM)
→ Continuous monitoring
→ Egress monitoring
→ Log management
→ Threat intelligence (e.g., threat feeds, threat
hunting)
→ User and Entity Behavior Analytics (UEBA)
→ Need-to-know/least privilege
→ Separation of Duties (SoD) and responsibilities
→ Privileged account management
→ Job rotation
→ Service Level Agreements (SLAs)
→ Media management
→ Media protection techniques
→ Detection
→ Response
→ Mitigation
→ Reporting
→ Recovery
→ Remediation
→ Lessons learned
→ Firewalls (e.g., next generation, web
application, network)
→ Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS)
→ Whitelisting/blacklisting
→ Third-party provided security services
→ Sandboxing
→ Honeypots/honeynets
→ Anti-malware
→ Machine learning and Artificial Intelligence (AI)
based tools
→ Backup storage strategies
→ Recovery site strategies
→ Multiple processing sites
→ System resilience, High Availability (HA), Quality
of Service (QoS), and fault tolerance
→ Response
→ Personnel
→ Communications
→ Assessment
→ Restoration
→ Training and awareness
→ Lessons learned
→ Read-through/tabletop
→ Walkthrough
→ Simulation
→ Parallel
→ Full interruption
→ Perimeter security controls
→ Internal security controls
→ Travel
→ Security training and awareness
→ Emergency management
→ Duress
→ Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps)
→ Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))
→ Operation and maintenance
→ Change management
→ Integrated Product Team (IPT)
→ Programming languages
→ Libraries
→ Tool sets
→ Integrated Development Environment (IDE)
→ Runtime
→ Continuous Integration and Continuous Delivery
(CI/CD)
→ Security Orchestration, Automation, and Response
(SOAR)
→ Software Configuration Management (SCM)
→ Code repositories
→ Application security testing (e.g., Static Application
Security Testing (SAST), Dynamic Application
Security Testing (DAST))
→ Auditing and logging of changes
→ Risk analysis and mitigation
→ Commercial-off-the-shelf (COTS)
→ Open source
→ Third-party
→ Managed services (e.g., Software as a Service
(SaaS), Infrastructure as a Service (IaaS), Platform
as a Service (PaaS))
→ Security weaknesses and vulnerabilities at the source-code level
→ Security of Application Programming Interfaces (APIs)
→ Secure coding practices
→ Software-defined security
على من يجب الحضور؟
أسئلة شائعة
التعليقات
- عرض:AR IAMM Internal Audit Maturity ModelAR In recognition of their dedication and contribution supporting IKEA Saudi Arabia in arranging training programs during 2017 & 2018, looking forward for more development and exciting effort this year. On behalf of IKEA Saudi Arabia, THANK YOU!Dalal Kutbi
- عرض:AR Certified Professional in Quality and Patient SafetyAR Dating back to 2014, Mobily’s “LEORON” experience has grown from a single collaboration to a long-term partnership. We consider “LEORON” Institute as a strategic partner, whose contribution has been nothing but premium in equipping our staff with field-based knowledge and information. Past three years have resulted with an expanded collaboration with superior customer service and support. Best Regards,Turki S. Alsahaan
- عرض:AR Certified Professional in Quality and Patient SafetyAR Since the partnership was signed between BAE Systems Saudi Development & Training and LEORON in 2017, we have been working together to offer the Saudi market a complete portfolio of training solutions benefiting from the wide and extensive experience of both parties. Recognizing the great success of this partnership, we are looking for further collaborations in the future that will position both companies as one of the leading training providers in Saudi Arabia. We thank the LEORON team for their full cooperation and continuing support, and look forward to further success together in the years to come.Emad Alrajih
- عرض:AR Certified Professional in Quality and Patient SafetyAR We have been working with LEORON for the past two years and will be working with them again this upcoming year. The programs they delivered were fruitful and exciting and our organization has received positive feedback from the participants. What our organization aims to do is to provide at no cost training for all the private sector employees so that they may benefit from our offered programs in Innovation and Professional development. LEORON has helped us achieve this goal. We look forward to continuing this service and wish them the best of luck. Regards,Nasser M. Al-Subaie
