Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

ISO17799 BS7799

advertisement 
C
C
B
1779
7799
9
A
O
1
9
S
7
S
I
O
I
7
S
C
I
ISO1
99
7799
CISA
ISO
CISA
A
S
O177
I
ISO1
9
S
A
C
9
I
9
S
9
I
C
BS77
BS77
CISA
7799
CISA
99
S
7
A
B
7
A
S
S
S
9
I
B
C
CI
7799
1
1779
ISA
A
9
O
9
C
O
S
9
I
9
S
S
I
7
I
C
7
77
ISO1
7799
ISO1
799
CISA
CISA
7
IS
1
ISO1
O
A
S
9
9
S
I
I
A
9
9
C
7
7
S
I
7
7
C
BS
BS
99
CISA
99
A
7
CISA
7
S
I
BS77
S
CISA
C
B
1779
9
7799
A
99
ISA
O
9
1
7
S
7
S
C
I
O
I
7
7
S
C
1
I
O
ISSponsored
ISO1
99
by: 17799
ISA
CISA
A
C
A
O
S
O177
S
I
I
9
S
C
9
I
9
9
CISA
99
BS77
SA
BS77
7
I
9
CISA
7
C
9
S
7
B
BS7
CISA
799
CISA
A
7
7799
S
1
I
A
9
C
9
O
S
9
I
9
S
ISO1
I
C
77
77
1
9
1
9
O
O
A
A
9
7
S
I
7
IS
CIS
CIS
779
ISO1
SA
9
9
ISO1
ISA
9
9
C
7
7
7
7
CISA
S
BS
B
9
A
9
9
CISA
7
S
9
CI
BS7
CISA
CISA
BS77
99
7799
7
A
9
7
9
S
A
9
I
1
9
C
ISO
77
CIS
ISO
177
O
9
S
A
ISO1
I
9
9
A
S
77
CI
779
CIS
ISO1
CISA
9
CISA
9
ISO1
9
9
7
7
7
C
7
A
S
Course
code: 21085
B
BS
ISA
9
CIS
7799
C
9
S
7
A
B
7
A
9
S
S
B
99
CI
CIS
779
A
9
CISA
O177
S
99
SO1
I
9
S
7
I
IS
7
C
7
7
1
O
ISand
99
7799
ISO1
SA
ISA
I
7
1
C
7
C
O
Aims
Objectives
1
S
A
I
9
ISO
CIS
CISA
7799
S779
1
A
B
9
O
9
S
I
A
9
S
I
C aims to train business
This course
managers
and audit professionals
who are required
to understand,
CIS
S77
1779
ISA managers, IT B
O
9
A
C
S
9
S
I
9
I
7
9
7
C
of IT services in their
The content
of the course
9 risks, and controls
CISA
O177organizations.
ISO1manage andOevaluate
ISA adopts 3 C I
99
1779
Cis
IS
7
7
9
S
IS standards:
9
well-known
the1first
two
are
the
standards
of
ISO17799
and
BS7799
part
2.
The
third
one
the Control
9
A
B
77
779
CIS
S
A
7799
B
ISOand Related Technology
S
CISA
I
1
9
Objectives
of
Information
(“CobIT”)
and
Certified
Information
Systems
Auditor
(“CISA”)
C
O
9
7
S
I
A
A
799 Review Manual
BS7
CIS
CISdeveloped
799 and Controls
by
Association
(“ISACA”)
17Audit
AInformation Systems
9
CISA
CISA of the US.
9
O
S
9
I
9
S
7
I
7
C
7
7
1
9
9
1
9
O
79
99
ISO
77information
ISThe
ISO17799
and77BS7799
part 2 Standards
management
perspective
system
CISA focus on the
BS7security
BSof
A
A
S
I
ISO1
9
A
A
C
779
9
IS
CIS
management
while the ISACA
throughout
the whole
ITCprocess.
Since these
ISO1
BS77 Standard1covers
99 a wider scope
CISA
7
9
9
7
9
A have
77risk management,
779 issue related
scope
the
to1IT
ISO addressingIS
CISwe
CISofA some common
7799 standards consist
O1same
ISO
9
A
9
9
CIS
S
7
I
C
A standards in order
extracted
fromCthese
to produce a more
and
S7comprehensive79
779the key idea 9and knowledge
S
A
1
I
9
B
S
O
I
C
9
IS
BS7
content.
CISA
BS77
799
99
7
SA fruitful course
7
7
S
A
9
9
1
B
S
A
CI
ISO
CIStraining,
O177
1779
A
S
O
I
S
9
I
S
I
9
A
After
the
the
participants
should
be
able
to
obtain:
C
77
CIS
7799
CISA
99
ISA
ISO1
7
C
9
SO1
7
C
9
1
9
7
9
SO
i) BasicIUnderstanding
for CISA
BS7 Examination
S77
CISA
7799
799
B
7
S
S
B
A
B
9
CIS
CISA
CISA
ISA
1779
C
ISA
Ofor
S
9of9 the course is referred
9
I
9
7
The core 1
part
to
the
Review
Material
preparing
the
CISA
examination.
The C
participants
will ISO
7
7
9
7
9
9
1
7
O
A
O
79
S relevant knowledge
17which is useful forCthem
Ithe
IS as a first step toISprepare
A
7
S
O
1
I
S
gain
for
the
CISA
examination.
If
they
want
O
I
C
IS
A
9
S
I
9
9
CISAto go furtherISto
7
C
9
S7
examination,
this course
will be able to Iserve
them as a foundation
B
9
C A sit for the CISA
BS77 in taking the
C SA
7799
A
9
S
S779
S
9
A
B
I
B
7
S
9
C
I
7
9
preparation
courses
organized
by
relevant
parties
such
as
ISACA
Hong
Kong
Chapter.
1
C
77
ISO
CISA
CISA
ISO1
7799
799
1
7
9
1
ISO
O
9
9
O
S
7
9
A
I
7
7
IS
IS
1BS7799
7
A
C
1
O
S
I
S
A
O
I
ii)
Basic
Understanding
for
Assessor
Training
C
IS
CIS
99
CISA
9
ISA
SA
7799
I
9
BS77
9
C
S
9
C
B
7
BS77
99 soures of theCcourse
9
BS7 the
A
Another
content is from
ISA
7
9
S
7
I
7
1
7
C
A
O
ISISO17799
ISAparticipants ISO1
CIS
CThe
and
7799 part 2 Standard.
A
7799
9
1
9
O1BS7799
A
9
9
O
7
S
S
I
I
7
S
7
I
C
CISA
O1
will
useful information
ISO17799
O17 including the
A
S
I
A
S
I
9
ISobtain
S
9
I
9
9
C
7
A
S7 guidelines of799 C
partC2ISrequirements
andBthe
BS77
799 and BS7799
CISA
7
9
A
A
S
9
S
S
B
I
BS77
7
I
7
9
C will also introduce
C
implementation.
The course
the
1
9
7
O
A
7
A
S
S
I
CI
CIS
7799
ISO1
7799
99would help the
9
SO1
7
9
I
CISA BS7799 assessor
A
ISO1 training which
7
7
S
1
I
7
C
SO
CISA
participants
the Iexamination.
ISA
ISO1
C
9
CISA prepareSfor
9
9
7
9
9
9
BS7
CI A
CISA
BS77
S779
S779
B
9
A
B
9
9
S
A
I
7
9
7 to Perform IT RiskC
iii) Knowledge
Assessment and ITCAuditing
CIS
177
ISA
SA
I
O
9
ISO1
S
C
9
9
I
9
7
9
77
17
9
779knowledge
CISAThe CISA Review
ISOManual
ISO1
O1the
CISA
1779
provides
for
S
O
I
CI
A
S
I
A
9
IS
S
I
9
9
C
7
C
9
7
A
7
S
performing
IT risk assessment
and a general
B view of IT
9
CIS
9
99
BS7
CISA
A
99 the ISACA Audit
BS77auditing. In1addition,
A
BS77
ISGuidelines
7
provides
S
9
C
I
7
9
C
77
ISA
ISOguide for the participants
CISA
99
ISO1
7799
aSpractical
to carry
outCday-to7
1
7
A
9
1
O
9
I
9
IS
C
77
ISO
779
CISA
9
day IT audits.
ISO1
C
A
ISO1
S
9
I
CISA
9
C
7
99
A
7
A
7
S
S
9
I
S
7
I
9
B
9
C
S
9
C
7
B
BS7
BS77
Subsidy
7799
799
CISA Education
ISA
1
7
C
1
O
A
O
S
S
I
I
CISA
99 opened for application.CBusinesses
IS
The
“SME Training Fund” (STF)
may apply
throughout
the year. For
each
799successful application,
7is7now
7
1
9
1
9
O
A
ISA
9
9
O
7
S
S
C
I
I
7
IS
77 expenses directly C
1training
the grant will cover
a maximum
of 50% ofSthe
incurred.
For detailsA
ISO1visit the
799
I O5125.
9
S and application forms, please
9
I
9
CISA
7
C
A
7
website:
www.smefund.tid.gov.hk
or
call
2398
S
S779
BS
9
CI
A
9
B
9
9
S
I
7
7
7
C
BS
BS7
7799
CISA
CISA
799
A
7
S
SA
1
9
ISO1
I
9
9
9
C
O
CIS
77
IS
77
799
CISA
ISO1
99
A
ISO1
7799
SO1
CISA
ISO17799
IT
CE Certificate in
BS7799
CISA
IT Risk Management
Syllabus
Module 1 - IT Processes, System Development and Operations
i) Management Planning and Organization of IS
z
z
z
Information systems strategy
Information systems management practices
IS organizational structure and responsibilitie
ii) Technical Infrastructure and Operational Practices
z
z
z
z
z
Information systems hardware
Information systems software
Software acquisition
Information systems network and telecommunication
infrastructure
Information systems operations
iii) Protection of Information Assets
z
z
z
z
z
z
z
Logical access exposures and controls
Access control software
Network infrastructure security, LAN security, client/
server security, internet threats
Encryption
Remote access security
Environmental exposures and controls
Physical access exposures and controls
iv) Network and PC Security
z
z
z
z
The hazards and classes of attack
Establishment of access paths
Viruses
Methods of attacks
v) Disaster Recovery and Business Continuity
z
z
z
Recovery/continuity planning
Specifications, test execution, documentation of results,
results analysis and recovery continuity plan maintenance
Review business continuity plan
vi) Business Application System Development,
Acquisition, Implementation & Maintenance
z
z
z
z
z
z
Business application development
Structured (traditional) system development life cycle
methodology
Alternative development methodologies
Information systems maintenance practices
Project management tools and techniques
Project management
vii)Business Process Evaluation and Business Applications
z
z
z
Business process re-engineering, process change projects
and IT governance
Application controls
Business application systems
Module 2-ISO17799 & BS7799 Part 2 Standard for Information Security Management
z
z
z
z
z
z
Introduction of the background of information security
management system(ISMS) and standard of ISO17799 &
BS7799 part 2
The requirements of ISMS for compiling BS7799 part 2
Build and maintain ISMS
Principle of ISMS
ISMS organization
Policy development
z
z
z
z
z
z
z
Risk assessment
Implementation
Control plan development
Statement of applicability
Business continuity
Auditing for BS7799 part 2
Certification & Accreditation
Module 3 - IT Risk Management, Controls and Auditing
i) IT Risk Management and Controls
z
z
understand IT risk management, different assessment models and mitigation strategies to avoid, control, accept and
transfer risks
introduction to CobIT, an overview to the Control Objectives, Audit Guidelines and Implementation process
ii) How to Audit IT Function
Describe how to audit the following IT processes covered by CobIT.
Domain 1 - Planning & Organisation
z Define a strategic IT plan
z Define the information architecture
z Determine the technological direction
z Define the IT organisation and relationships
z Manage the IT investment
z Communicate management aims and direction
Domain 2 - Acquisition & Implementation
z Identify solutions
z Acquire and maintain application software
z Acquire and maintain technology architecture
Domain 3 - Delivery & Support
z Define service levels
z Manage third-party services
z Manage performance and capacity
z Ensure continuous service
z Ensure systems security
z Identify and attribute costs
z Educate and train users
Domain 4 - Monitoring
z Monitor the processes
z Assess internal control adequacy
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
z
Manage human resources
Ensure Compliance with external requirements
Assess risks
Manage projects
Manage quality
Develop and maintain IT procedures
Install and accredit systems
Manage changes
Assist and advise IT customers
Manage the configuration
Manage problems and incidents
Manage data
Manage facilities
Manage operations
Obtain independent assurance
Provide for independent audit
Admission Requirements
The participants should possess good knowledge about their businesses and IT environments. IT related
experiences would be useful but in-depth knowledge is not required as the course will cover some IT introductory.
Instead, experiences in auditing work would be preferable. The participants must:
1. hold a Certificate, Diploma, Higher Diploma or Degree in business or technology related disciplines or
equivalent; AND
2. have at least one year of working experience in relation to their IT functions or systems.
Assessment and Award
To be eligible for the award of certificate, participants must achieve 70% attendance, pass all the mini-tests and
the project.
Project
Having completed all lectures, the participants should prepare a project related to the knowledge gained from
the course. The course instructors will provide appropriate contacts and supports, including face-to-face tutorial
sessions and remote support, e.g. email, to help the participants complete the projects.
Course Structure
The course will last for about 4 months. It consists of 26 lecture sessions and each session will take 3 hours. In
total there are 78 lecture hours. For the project, there will be 22 contact hours, including the tutorials, for the
lecturers to assist the participants to complete their projects.
Date and Time
The course will commerce on 29 April 2002
Monday & Wednesday : 6:30 - 9:30 pm
Venue
City University of Hong Kong
Course Fee
HK$9,500 (First-come-first-served)
General Information
1. Please send the application form together with the course fee in the form of a crossed cheque or cashier’s cheque made
payable to City University of Hong Kong on or before 8 April 2002 to
School of Continuing and Professional Education, City University of Hong Kong
Tat Chee Avenue, Kowloon
Post-dated cheque will not be accepted.
2. Personal data provided on the application form will be used by SCOPE for purpose relating to application and admission.
3. Applicants will be notified their application results by mail. Please contact SCOPE if you do not receive any notification
two weeks before course commencement.
4. The School of Continuing and Professional Education reserves the right not to admit an applicant. Place allocated on each
class is not transferable. Fees are not refundable and transferable, except for unsuccessful enrolment or cancellation of a
course.
5. The School of Continuing and Professional Education reserves the right to alter the details of the course such as date, time,
venue and substitution of instructors and to cancel courses.
6. No class will be held upon announcement of storm warning signal No. 8 or above. After the typhoon passes, if the No. 8
signal is lowered (before 7 am in the case of morning, before 12 noon in the case of afternoon classes, and before 4 pm in
the case of evening classes), classes will meet as usual; otherwise classes will be postponed. For rainstorm black warning,
the arrangement will be similar.
7. Enquiries : SCOPE, LG/F, Academic Exchange Building, City University of Hong Kong.
Office hours of the School :
Mon - Sat : 9 am - 12 noon
Mon - Fri : 2 pm - 5 pm
Enquiries : 2788 9295/2788 7423 E-mail : cece@cityu.edu.hk Web site : http://www.cityu.edu.hk/ce/cec.htm
City University of Hong Kong
School of Continuing and Professional Education
Please photocopy this form if required
CE Certificate in IT Risk Management
(Course Code : 21085)
Application Form
Name
(English)
HKID No.
(
) Age
(Chinese)
Sex
Address of Correspondence
Company Name
Tel
Fax
Position
(Day)
(Evening)
(Mobile/Pager)
E-mail
The following are enclosed:
Copies of educational certificates (please specify)
 Degree or above
 Diploma
 Certificate
 Others (please specify)
 Course fee of HK$9,500 (inclusive of application fee HK$140) payable to City University of Hong Kong
Bank
Branch
Cheque No(s)
Declaration
I hereby declare that
z I have read and understood the General Information stated in the course brochure.
z All the information given in this application form and the attached documents (if applicable) is, to the best of my knowledge, accurate and complete; and agree
to provide original certificate(s) to substantiate my qualifications when required. Any misrepresentation will lead to disqualification of my application and
admission to the course.
z I consent that if admitted to the course, I will conform to the Statutes and Regulations of the University and SCOPE.
Signature
Mailing Address
Date
Mailing Address
Name
Name
Address
Address
SCOPE/1/01/09/401
Related documents
Development - information systems and it audit
Development - information systems and it audit
4th Chapter - information systems and it audit
4th Chapter - information systems and it audit
Council Of International Students Australia (CISA)
Council Of International Students Australia (CISA)
5th Chapter - information systems and it audit
5th Chapter - information systems and it audit
Best Marketing Practices 101: Ideas for grower trainings and farmer
Best Marketing Practices 101: Ideas for grower trainings and farmer
The EU rules - The European Criminal Law Association UK
The EU rules - The European Criminal Law Association UK
CISA ® -CISM ® Brochure
CISA ® -CISM ® Brochure
101126 Population of African Cities to Triple
101126 Population of African Cities to Triple
Download
advertisement