Opis
Petodnevni kurs CISSP predstavlja naprednu obuku u sferi informatičke bezbjednosti. Ovaj kurs se oslanja na iskustvo i ekspertizu polaznika i nadograđuje njihova znanja za primjenu bezbjednosti u realnom okruženju, ili za polaganje ispita čiji je sponzor (ISC)². (ISC)² je renomirana organizacija koja promoviše informatičku bezbjednost kroz edukaciju i razne programe sertifikacije.
Na ovom kursu, polaznike ćemo informisati o ključnim temama koje su definisane u profesionalnoj bazi znanja za profesionalce u informatičkoj bezbjednosti – CBK (Common Body of Knowledge). Baza se redovno dopunjuje i ažurira od strane renomiranih specijalista iz oblasti informatičke bezbjednosti širom sveta.
CISSP sertifikacija je izuzetno cijenjena i smatra se premium sertifikacijom u globalnom svijetu informatičke bezbjednosti. Razlog tome je što je sadržaj ispita regulisan od strane (ISC)², koja garantuje odgovarajući kvalitet i relevantnost ispitnih pitanja. Da bi mogla da obezbijedi odgovarajući nivo, ISC)² se oslanja na saradnju sa vrhunskim svjetskim ekspertima iz oblasti odgovarajućih domena CBK, čiji je zadatak kontrola ispitnih pitanja u smislu predstavljanja realne slike informacione bezbjednosti današnjeg svijeta.
Ovaj kurs priprema polaznike da prepoznaju i unaprijede znanje iz ključnih osam domena iz CBK, koji predstavljaju osnovu za CISSP sertifikaciju:
- Bezbjednost i upravljanje rizikom
- Bezbjednost informacija
- Bezbjednosni inženjering
- Bezbjednost telekomunikacija i umrežavanja
- Bezbjednost u upravljanju identiteta i pristupa
- Bezbjednosne procjene i testiranje
- Bezbjednost u poslovanju
- Bezbjednost u razvoju aplikacija
Predavač: Milan Vlahović
Poželjno predznanje
Preporučeno je da polaznici budu sertifikovani Network+ ili Security+ ili da imaju jednako iskustvo za pohađanje CISSP obuke. Preporučeno je da polaznik posjeduje jednu ili više od navedenih sertifikacija (ili odgovarajuće iskustvo): MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP, GIAC, CISA, ili CISM.
Napomena za kandidate za polaganje CISSP ispita:
Experience Requirements
Candidates must have a minimum of five years of cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Earning a four-year college degree or regional equivalent or an additional credential from the (ISC)2 approved list will satisfy one year of the required experience. Education credit will only satisfy one year of experience. A candidate that doesn’t have the required experience to become a CISSP may become an Associate of (ISC)2 by successfully passing the CISSP examination. The Associate of (ISC)2 will then have six years to earn the five years required experience.
Plan obuke:
Domain 1: Security and Risk Management
- Security Governance Principles
- Compliance
- Professional Ethics
- Security Documentation
- Risk Management
- Threat Modeling
- Business Continuity Plan Fundamentals
- Acquisition Strategy and Practice
- Personnel Security Policies
- Security Awareness and Training
Domain 2: Asset Security
- Asset Classification
- Privacy Protection
- Asset Retention
- Data Security Controls
- Secure Data Handling
Domain 3: Security Architecture and Engineering
- Security in the Engineering Lifecycle
- System Component Security
- Security Models
- Controls and Countermeasures in Enterprise Security
- Information System Security Capabilities
- Design and Architecture Vulnerability Mitigation
- Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
- Cryptography Concepts
- Cryptography Techniques
- Site and Facility Design for Physical Security
- Physical Security Implementation in Sites and Facilities
Domain 4: Communications and Network Security
- Network Protocol Security
- Network Components Security
- Communication Channel Security
- Network Attack Mitigation
Domain 5: Identity and Access Management
- Physical and Logical Access Control
- Identification, Authentication, and Authorization
- Identity as a Service
- Authorization Mechanisms
- Access Control Attack Mitigation
Domain 6: Security Assessment and Testing
- System Security Control Testing
- Software Security Control Testing
- Security Process Data Collection
- Audits
Domain 7: Security Operations
- Security Operations Concepts
- Physical Security
- Personnel Security
- Logging and Monitoring
- Preventative Measures
- Resource Provisioning and Protection
- Patch and Vulnerability Management
- Change Management
- Incident Response
- Investigations
- Disaster Recovery Planning
- Disaster Recovery Strategies
- Disaster Recovery Implementation
Domain 8: Software Development Security
- Security Principles in the System Lifecycle
- Security Principles in the Software Development Lifecycle
- Database Security in Software Development
- Security Controls in the Development Environment
- Software Security Effectiveness Assessment
