Module I: Information System Security Management and Planning

Access Controls
• Understand the attack method and possible threats in business and financial security model
• Knowledge of setup an identification and authentication scheme to allow the authorized people to access the computer environment

Communication Concerns & Measures
• Understand the communication applications and environment in order to make a secured business and financial environment.

Security Management
• Prepare and make a well personnel security, training and awareness on business service model.
• Knowledge of example of phishing and pharming (luring people to disclose sensitive information by using bogus emails and websites) are two new security threats that financial institutions faced within this few years.
• Setup a policies, procedures, standards, and guidelines for the business and financial management model

Applications Security Development Planning
• Understand the data warehousing and data mining
• Knowledge of application controls, which apply to the business processes they support and are designed within the application to prevent/detect unauthorized business and financial transactions.

Security Architecture
• Understand infrastructure project risk management framework under business and financial environment
• Analyst and setup a common flaws in applications and certification and accreditation to enforce various levels of confidentiality, integrity and availability

Operations Security Strategic Management
• Understand setup the preventive, detective, corrective, and recovery controls
• Maintenance concepts of training, auditing, and business resource protection activities
• Understand and prepare security and fault tolerance technologies
• Understand e-commerce risk and impact and case study of its impact

Business Continuity Planning
• Understand unit priorities, crisis management and the elements of business continuity planning
• Knowledge of plan development, implementation, maintenance and recovery plans of the business and financial service

Law, Investigations & Ethics
• Knowledge of management incident handling related business law, investigations & ethnics.
• Understand the types of laws, regulations and crimes

Physical Security Management
• Understand to protect facilities, hardware, data, media, personnel, business and financial related assets.
• Knowledge of intrusion detection and make a security plan and impalement physical hardware to prevent the loss of asset

Module II: Information System Audit and Control

IS Audit Process
• Understand the risk assessment in an audit context to ensure business and financial systems protected and controlled.
• Develop and implement a risk-based Information System audit strategy for the organization in compliance with Information System audit standards, guidelines and best practices.

Corporate Governance (IT Governance)
• Evaluate management practices to ensure compliance with the organization's IT strategy, policies, standard and procedures under the requirements of corporate governance of IT.
• Understand of quality management privacy, intellectual property and corporate governance requirements.

Systems and Infrastructure Lifecycle
• Understand the business service and infrastructure are disposed of to ensure that they comply with the organization's policies and procedures.
• Evaluate the business case for the proposed system development/acquisition to ensure that it meets the organization's business goals.
• Evaluate the project management framework and project governance practices to ensure that business objectives are achieved in a cost-effective manner, while managing risks to the organization.

Service Delivery and Support Management
• Understand service level management practices to ensure that the level of service from internal and external service providers is defined and managed.
• Understand operations management to ensure that business, financial and computer service support functions effectively meet business needs.

Protection of Information Assets
• Understand the processes and procedures used to store, retrieve, transport and dispose of confidential information assets.
• Understand the design, implementation and monitoring of business and financial environmental controls to prevent or minimize loss

Business Continuity and Disaster Recovery
• Evaluate the organization's disaster recovery plan to ensure that it enables the recovery of IT processing capabilities in the event of a disaster.
• Evaluate the adequacy of backup and restore provisions to ensure the availability of information required to resume processing

Assessment methods and course completion requirements
There are two three-hour examinations. This course requires participants to pass a test at the end of the course and a minimum of 80% attendance is required for satisfactory completion. The course certificate will be awarded to the students who satisfy the attendance requirement and pass in the end-of-course test.

Certificate exam of official CISSP and CISA
After completed this course, participants can also take the certificate exam of official CISSP and CISA, the syllabus are compatible each other.

Prerequisites (for applying CEF)

• Degree or above with 1 year of experience in business management, auditing, security management or related fields; OR

• Diploma with 2 years of experience in business management, auditing, security management or related fields

(Applicants are required to provide proof on education background, e.g. a hard copy of degree, CCNA etc; AND proof on working experience, e.g. a hard copy of CV)

Please click here for the Guidelines for applying CEF funding.

Schedules & Fess

Course Code : CCISM01-28 
Date: 25 April ~ 05 Sept 2012 (Every Wed)
Time : 7:00pm ~ 10:00pm
Lesson : 20 Sessions (Total 60 hours)    
Enrolment Location: 4/F, Ruby Commercial Building, 480 Nathan Road, Kowloon
Course Venue: 3/F, Ruby Commercial Building, 480 Nathan Road, Kowloon
Price: HK$9,900

CISSP  (11 Sessions)
Date : 25 Apr.~ 4 July 2012 (Every Wed)
* April - 25
* May - 02 / 09 / 16 / 23 / 30
* June - 06 / 13 / 20 / 27
* July - 04

CISA  (9 Sessions)
Date : 11 July ~ 5 Sept. 2012 (Every Wed)
* July - 11 / 18 / 25
* August - 01 / 08 / 15 / 22 / 29
* Sept. - 05
<9 lessons>

Application & Enrolment

Please contact Mr. Raymond Cheng at:

Hong Kong Telephone: (852) 2206-9011
Macau Telephone: (853) 6636-9010
Mainland China Telephone: (86)1326 6941 519 This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it.