Upload
phungxuyen
View
249
Download
7
Embed Size (px)
Citation preview
133
Secu
rity
SSCPSSCP-
CISSPCISSP-
ENSAEC-Council ENSA
CEHEC-Council CEH
ECSAEC-Council ECSA
ECSPNetEC-Council ECSP .NET()
CSSLPCSSLP-()
AppSPMobile App Security
Oracle Java
SL-870Java Web
DWS-4120Java Web Services
ECIHEC-Council ECIH
CHFIEC-Council CHFI
EDRPEC-Council EDRP
UPISAP
PIMSBS10012LABS 10012
BS10012MBS 10012
BS10012FBS 10012
ISO 27001
ISMSSGSISLAISO 27001
SGSISRAISO 27001
SGSISFISO 27001
NSPA
SNORTW-Snort for Windows
MicrosoftUIIS8Windows Server 2012 IIS 8
Oracle11gSECOracle 11g
CiscoCCNP SecurityCCNP Security-
IPSCCNP SecurityCisco
LinuxRHS333Linux
Check PointCCSACheck Point CCSA
CCSECheck Point CCSE
SymantecNBUNetBackup-
DLP
SFUVeritas Storage Foundation for UNIX
VCSVeritas Cluster Server
PGPPGP Universal Server
JuniperENSJuniper
134
Secu
rity
UCOM EDU July-December 2013
IT
135
(ISC)2
IT
(ISC)2
SSCP
(System Security Certified Practitioner)
CSSLP
(Certified Secure Software Lifecycle Professional)
CISSP
(Certified Information Systems Security Professional)
SSCP CISSP CSSLP
CPE()
(ISC)2VUE
http://www.pearsonvue.com/isc2/
136
(ISC)2
UCOM EDU July-December 2013
SSCP SSCP- Systems Security Certified Practitioner
4040,000 10 (ISC)2
SSCP(SystemsSecurityCertifiedPractitioner)SSCPSSCP(ISC)2(ISC)2SSCPCBKSSCP(ISC)2
1.2.SSCP3.IT
1.AccessControls 1-1 1-2 2.Cryptography 2-1 2-2 2-3 2-4 2-5 3.MaliciousCodeandActivity 3-1 3-2 3-3
1.AM09:00~PM18:00 2.80%(ISC)2 3. 4.SSCP(ISC)2 5.2NT$36,000 25()NT$30,000
4.MonitoringandAnalysis4-14-24-34-4SIEM(SecurityInformationandEventManagement)5.NetworksandCommunications5-15-25-35-4
6.Risk,Response,andRecovery6-16-26-37.SecurityOperationsandAdministration7-17-27-37-47-5
CSSLP CSSLP- Certified Secure Software Lifecycle Professional
4050,00012.5 (ISC)2
CSSLP(CertifiedSecureSoftwareLifecycleProfessional)(SDLC)80%SDLCCSSLPCSSLP(ISC)2CSSLPSDLCSDLCCSSLP
1. 2.3.4.
CSSLPCBKSDLC 1.SecureSoftwareConcepts 1-1Confidentiality,Integrity,Availability
1-2Authentication,Authorization,andAuditing
1-3SecurityDesignPrinciples
1-4RiskManagement
1-5Regulations,Privacy,andCompliance
1-6SoftwareArchitecture
2.SecureSoftwareRequirements
2-1PolicyDecomposition
2-2IdentificationandGathering
3.SecureSoftwareDesign
3-1DesignProcesses
3-2DesignConsiderations
3-3SecuringCommonlyUsedArchitecture
3-4Technologies
4.SecureSoftwareImplementation/Coding
4-1DeclarativeversusImperativeSecurity
4-2VulnerabilityDatabases/Lists
4-3DefensiveCodingPracticesandControls
4-4SourceCodeandVersioning
4-5DevelopmentandBuildenvironment
4-6Code/PeerReview
4-7CodeAnalysis
4-8Anti-tamperingTechniques
5.SecureSoftwareTesting
5-1TestingArtifacts
5-2TestingforSecurityandQualityAssurance
5-3TypesofTesting
5-4ImpactAssessmentandCorrectiveAction
5-5TestDataLifecycleManagement
6.SoftwareAcceptance
6-1Pre-releaseandPre-deployment
6-2Post-release
7.SoftwareDeployment,Operations,MaintenanceandDisposal
7-1InstallationandDeployment
7-2OperationsandMaintenance
7-3SoftwareDisposal
8.SupplyChainandSoftwareAcquisition
8-1SupplierRiskAssessment
8-2SupplierSourcing
8-3SoftwareDevelopmentandTest
8-4SoftwareDelivery,OperationsandMaintenance 8-5SupplierTransitioning
1.AM09:00~PM18:00
2.80%(ISC)2
3.
4.CSSLP(ISC)2 5.PMI R.E.P.(RegisteredEducationProvider)R.E.P.3150PMI 40PDU
6.
2NT$45,000
P.172~P.199
P.172~P.199
137
(ISC)2
CISSP CISSP- Certified Information Systems Security Professional
4050,00012.5 (ISC)2
CISSP(CertifiedInformationSystemsSecurityProfessional)CISSPCISSPCISSP(ISC)2CBKCBK100CISSP
1.CISSP2.3.
1.AccessControl 1-1IntroductiontoAccessControl 1-2AccessControlKeyConcepts,Methodologies,andTechniques 1-3SystemLoggingandMonitoring 1-4AccessControlAttacksandThreats 2.TelecommunicationsandNetworkSecurity 2-1IntroductiontoTelecommunicationsandNetworkSecurity 2-2NetworkModelsandSystemArchitecture 2-3TheNetworkandITSecurity 2-3UnderstandingtheAttack 2-4Layer1PhysicalLayer 2-5Layer2Data-linkLayer 2-6Layer3NetworkLayer 2-7Layer4TransportLayer 2-8Layer5SessionLayer 2-9Layer6PresentationLayer 2-10Layer7ApplicationLayer 3.InformationSecurityGovernanceandRiskManagement 3-1IntroductiontoInformationSecurityGovernanceandRiskManagement 3-2InformationSecurityGovernance 3-3TheRiskManagementProcess 4.SecureSystemDevelopment 4-1IntroductiontoSecureSystemDevelopment 4-2SystemsDevelopmentMethodologies 4-3SecurityIssueswithProgrammingLanguages 4-4SecurityControls 4-5DatabaseSecurity 5.Cryptography 5-1KeyConceptsandCommonTerminologyUsedinCryptography 5-2HistoricalAspectofCryptography 5-3CategoriesofCryptosystems 5-4BasicSymmetricCryptography 5-5Two-WayCryptography 5-6MessageIntegrityControls 5-7KeyManagement 5-8Cryptanalysis 6.SecurityArchitectureandDesign 6-1KeyConceptsandDefinitions 6-2ArchitecturalComponents 6-3EvaluationCriteria 7.OperationsSecurity 7-1SecurityConceptsandActivities 7-2ProtectionofResources 7-3PreventiveMeasures 8.BusinessContinuityandDisasterRecoveryPlanning 8-1ProcessesRequiredforPlanningtheProject 8-2DefiningtheOrganization 8-3PlanImplementation 9.Legal,Regulations,Investigations,andCompliance 9-1TheMajorLegalSystemsinInformationSecurity 9-2InternationalLawinInformationSecurity 9-3SupportingtheInvestigation 9-4TheForensicInvestigation 9-5ComplianceProcessesandProcedures 9-6EthicalConsiderationsinInformationSecurity 10.Physical(Environmental)Security() 10-1DefinitionsandKeyConcepts 10-2ImplementationandOperationofPerimeterSecurity 10-3ImplementationandOperationofInternalSecurity 10-4ImplementationandOperationofFacilitiesSecurity 10-5EquipmentProtection 10-6PersonnelPrivacyandSafety
1.AM09:00~PM18:00 2.80%(ISC)2 3. 4.CISSP(ISC)2 5.PMI R.E.P.(RegisteredEducationProvider)R.E.P.3150PMI 40PDU 6. 2NT$45,000
P.172~P.199