CGRC Training Course Training ½Òµ{
  Facebook: CGRC Training Course Training ½Òµ{
 
CGRC Training Course Training ½Òµ{
CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{  
CGRC Training Course Training ½Òµ{ CGRC Training Course Training ½Òµ{

·Q©w´Áª¾¹D³Ì·s½Òµ{¤ÎÀu´f¶Ü¡H
§K¶O­q¾\¥»¤¤¤ßªº½Òµ{³q°T¡I

½Ò°ó¿ý¼vÀH®ÉÚ» 10 ¤jÀuÂI¤§­«ÂÐÆ[¬Ý¡G¥i§Y®É­«ÂÐÆ[¬Ý¤Î²âÅ¥¾É®vªºÁ¿¾Ç¡A±q¦Ó¹F­P§ó³z¹ýªº²z¸Ñ¡I

Certified in Governance, Risk and Compliance (CGRC) °ê»Ú»{¥iÃҮѽҵ{
½Òµ{²ºÙ¡GCGRC Training Course

  • ½Òµ{®É¶¡
  • ½Òµ{²¤¶
  • ½Òµ{¯SÂI
  • ¦Ò¸Õ¶·ª¾
  • ½Òµ{¤º®e

½Òµ{Àu´f¡I²{¤Z¦P®É³øŪ¥H¤U¨â­Ó½Òµ{¡G
§Y´î $750¡I

±À¤¶ªA°È¡G½Ò°ó¿ý¼vÀH®ÉÚ» (¦b®aÆ[¬Ý = 0%¡A¦b®ÕÆ[¬Ý = 100%)
¾Ç­û¨Ï¥Î¹q¸Ü©Î¥»ºô­¶³ø¦W¡A«Ý¥»¤¤¤ß½T»{¤w¬°¾Ç­û¯d¦ì«á¡A§Y¥i¨Ï¥Î Âà¼Æ§Ö ú¥I¾Ç¶O¡A¹Lµ{²«K¡I
½s¸¹ ¦aÂI ¥i¹w¬ù¬P´Á¤Î®É¶¡ ¾Ç¶O§C¦Ü 85 §é  
OU2412MV ©ô¨¤ ¤@¦Ü¤­¡G14:30 - 22:15   ¤»¡G13:45 - 21:30   ¤é¡G10:15 - 18:00 (¤½²³°²´Á¥ð®§) 95 §é«á¥u»Ý $4,256 «ö¦¹³ø¦W¡GCGRC Training Course Training ½Òµ{
OU2412OV Æ[¶í ¤@¦Ü¤­¡G14:15 - 22:00   ¤»¤Î¤é¡G12:15 - 20:00   (¬P´Á¤T¤Î¤½²³°²´Á¥ð®§) 9 §é«á¥u»Ý $4,032 «ö¦¹³ø¦W¡GCGRC Training Course Training ½Òµ{
OU2412PV ¥_¨¤ ¤@¦Ü¤­¡G14:15 - 22:00   ¤»¤Î¤é¡G12:15 - 20:00   (¬P´Á¤T¤Î¤½²³°²´Á¥ð®§) 9 §é«á¥u»Ý $4,032 «ö¦¹³ø¦W¡GCGRC Training Course Training ½Òµ{
OU2412SV ¨F¥Ð ¤@¦Ü¤­¡G14:15 - 22:00   ¤»¤Î¤é¡G12:15 - 20:00   (¬P´Á¤T¤Î¤½²³°²´Á¥ð®§) 85 §é«á¥u»Ý $3,808 «ö¦¹³ø¦W¡GCGRC Training Course Training ½Òµ{
OU2412YV ¤Ùªù ¤@¦Ü¤­¡G14:15 - 22:00   ¤»¤Î¤é¡G12:15 - 20:00   (¬P´Á¤@¡B¤T¤Î¤½²³°²´Á¥ð®§) 85 §é«á¥u»Ý $3,808 «ö¦¹³ø¦W¡GCGRC Training Course Training ½Òµ{
* ¦U¬F©²³¡ªù¥i¨Ï¥Î P Card ¥I´Ú  
¦p¨Ï¥Î P Card ú¥I¦Ò¸Õ¶O¡A¦Ò¸Õ¶O»Ý¥t¥[ 1.3% ªþ¥[¶O  
¦b®Õ§K¶O¸ÕÚ»¡G ­º 3 ¤p®É¡A½Ð­P¹q»P¥»¤¤¤ß¾­û¹w¬ù¡C ¬d¬Ý¦U¦aÂI¹q¸Ü
©ô¨¤ 2332-6544
Æ[¶í 3563-8425
¥_¨¤ 3580-1893
¨F¥Ð 2151-9360
¤Ùªù 3523-1560
¦b®Õ§K¶O­«Ú»¡G ¾Ç­û¥i©ó¨É¥Î®É´Á¤º©ó³øŪ¦aÂI¤£­­¦¸¼Æ¦a­«¬Ý½Ò°ó¿ý¼v¡A±q¦Ó¥i¤ÏÂЭ«·Å¾ã­Ó½Òµ{¡I
¾É®v¸Ñµª¡G ¾Ç­û¥i©óÆ[¬Ý¬Y¤@½Ò°ó¿ý¼v«á´£¥X½Ò°óª½±µ¬ÛÃöªº°ÝÃD¡A½Òµ{¾É®v·|¼Ö·N¬°¾Ç­û¥H³æ¹ï³æªº§Î¦¡¸Ñµª¡I
½Ò®É¡G 24 ¤p®É
¨É¥Î®É´Á¡G 8 ¬P´Á¡C¶i«×¥Ñ±z±±¨î¡A¥i§Ö¥iºC¡C
½Ò°ó¿ý¼v¾É®v¡G Franco (¥ô±Ð½Òµ{²M³æ)
¦b®ÕÆ[¬Ý¡G ¸Ô±¡¤Î¥Ü½d¤ù¬q


±À¤¶ªA°È¡G½Ò°ó¿ý¼vÀH®ÉÚ» (¦b®aÆ[¬Ý = 100%¡A¦b®ÕÆ[¬Ý = 0%)
¾Ç­û¨Ï¥Î¹q¸Ü©Î¥»ºô­¶³ø¦W¡A«Ý¥»¤¤¤ß½T»{¤w¬°¾Ç­û¯d¦ì«á¡A§Y¥i¨Ï¥Î Âà¼Æ§Ö ú¥I¾Ç¶O¡A¹Lµ{²«K¡I
½s¸¹ ¦aÂI ¬P´Á¤Î®É¶¡ ¶O¥Î  
OU2412HH ¦b®a ¨É¥Î®É´Á¤º¨C¬P´Á 7 ¤Ñ (¥]¬A¤½²³°²´Á)¡A¨C¤Ñ 24 ¤p®É¥þ¤Ñ­Ô¤£­­¦¸¼Æ¦aÆ[¬Ý¡C $4,480 «ö¦¹³ø¦W¡GCGRC Training Course Training ½Òµ{
* ¦U¬F©²³¡ªù¥i¨Ï¥Î P Card ¥I´Ú  
¦p¨Ï¥Î P Card ú¥I¦Ò¸Õ¶O¡A¦Ò¸Õ¶O»Ý¥t¥[ 1.3% ªþ¥[¶O  
¦b®Õ§K¶O¸ÕÚ»¡G ­º 3 ¤p®É¡A½Ð­P¹q»P¥»¤¤¤ß¾­û¹w¬ù¡C ¬d¬Ý¦U¦aÂI¹q¸Ü
©ô¨¤ 2332-6544
Æ[¶í 3563-8425
¥_¨¤ 3580-1893
¨F¥Ð 2151-9360
¤Ùªù 3523-1560
¾É®v¸Ñµª¡G ¾Ç­û¥i©óÆ[¬Ý¬Y¤@½Ò°ó¿ý¼v«á´£¥X½Ò°óª½±µ¬ÛÃöªº°ÝÃD¡A½Òµ{¾É®v·|¼Ö·N¬°¾Ç­û¥H³æ¹ï³æªº§Î¦¡¸Ñµª¡I
½Ò®É¡G 24 ¤p®É
¦b®aÆ[¬Ý®É¸T¥Îµ{¦¡¡G ¤@¨Ç¦M®`½Ò°ó¿ý¼vª©Åvªºµ{¦¡¡C
¨É¥Î®É´Á¡G 8 ¬P´Á¡C¶i«×¥Ñ±z±±¨î¡A¥i§Ö¥iºC¡C
½Ò°ó¿ý¼v¾É®v¡G Franco (¥ô±Ð½Òµ{²M³æ)
¦b®aÆ[¬Ý¡G ªA°È±ø´Ú¤Î¦u«h¡B³øŪµ{§Ç¤Î¥Ü½d¤ù¬q


¦a°Ï ¦a§} ¹q¸Ü ±Ð¨|§½µù¥U½s¸¹
©ô¨¤ ¤EÀs©ô¨¤¨È¬Ò¦Ñµó 109 ¸¹¡A¬Ò©ô°Ó·~¤j·H 18 ¼Ó 1802 - 1807 «Ç 2332-6544 533459
Æ[¶í ¤EÀsÆ[¶í¦¨·~µó 7 ¸¹¹ç®Ê¤¤¤ß 12 ¼Ó G2 «Ç 3563-8425 588571
¥_¨¤ ­»´ä¥_¨¤°¨Ä_¹D 41-47 ¸¹µØÄ_°Ó·~¤j·H 3 ¼Ó 01-02 ¸¹çE 3580-1893 591262
¨F¥Ð ·s¬É¨F¥Ð¥Ûªù¦w¸sµó 3 ¸¹¨Ê·ç¼s³õ 1 ´Á 10 ¼Ó M «Ç 2151-9360 604488
¤Ùªù ·s¬É¤Ùªù¤Ù³ß¸ô 2 ¸¹¤Ùªù¬fÄR¼s³õ 17 ¼Ó 1708 «Ç 3523-1560 592552
ª`·N¡I «È¤á¥²¶·¬d°Ý³øŪ¾Ç®Õªº±Ð¨|§½µù¥U½s¸¹¡A¥H½T»{¸Ó®Õ¬°µù¥U¾Ç®Õ¡A¥H§K»X¨ü¤£¥²­nªº·l¥¢¡I


¦b·í¤µ¤é¯q½ÆÂøªº°Ó·~Àô¹Ò¤¤¡A¾A·íªºªv²z¡B­·ÀIºÞ²z©M¦X³W©Ê¡]Governance, Risk, and Compliance, GRC¡^µ¦²¤¹ï©óºûÅ@¥ø·~ªº¥i«ùÄòµo®i©Mªk«ß¿í±q©Ê¦ÜÃö­«­n¡C­±¹ï¶V¨Ó¶VÄY®mªº³W½d­n¨D©M¼ç¦bªº¦w¥þ«Â¯Ù¡A±M·~ªº GRC ª¾ÃѤ£¶È¯à°÷À°§U¥ø·~¦³®ÄºÞ²z­·ÀI¡AÁÙ¯à«O»Ù¥ø·~ªº°Ó·~§Q¯q©M«È¤á¸ê®Æªº¦w¥þ¡C

¬°¦¹¡A§Ú­Ì¯S§O±À¥X¤F Certified in Governance, Risk and Compliance (CGRC) °ê»Ú»{¥iÃҮѽҵ{¡A¦®¦b¬°±ý²`¤Æ¦b¥ø·~ªv²z¡B­·ÀIºÞ²z¤Î¦X³W»â°ì±M·~ª¾ÃѪº¤H¤h´£¨Ñ¥þ­±¥B¨t²Îªº°ö°V¡C¥»½Òµ{¥Ñ¨ã¦³Â×´I¸gÅ窺±M®aºë¤ß³]­p¡A¥þ­±²[»\¤F CGRC »{ÃÒ¦Ò¸Õªº¤jºõ¡A±q²Õ´ªv²zµ²ºcªº«Ø¥ß¡B­·ÀIÃѧO»Pµû¦ô¨ì¦X³W©Êµ¦²¤ªº¨î©w¤Î°õ¦æµ¥ÃöÁä»â°ì¡A§¡¦³²`¤Jªº­åªR¡C

¤¤¤ßªº Certified in Governance, Risk and Compliance (CGRC) °ê»Ú»{¥iÃҮѽҵ{¥Ñ Franco Tsang Äw³Æ¦h®É¡Aºë¤ß½s±Æ¡C¥Ñ¤W°ó¡B·Å²ß¡B¹ê²ß¡B¦Ò¸Õ¬ã²ß¡B°µ¸ÕÃD¦Ü³Ì«á¦Ò¸Õ¡A§¡¬°§A«×¨­­q³y¡A§@¥X¦³¨t²Îªº½s±Æ¡C°È¨D¯u¥¿±ÐÃѧA¡A¤S¥O§A¦Ò¸Õ¤Î®æ¡C

­Y­n¦Ò¨ú CGRC¡A¦P¾Ç¶·­n¨ã³Æ 2 ¦~ªv²z¡B­·ÀIºÞ²z¤Î¦X³W»â°ìªº¤u§@¸gÅç¤Î³q¹L¦Ò¸Õ¡C


½Òµ{¦WºÙ¡G Certified in Governance, Risk and Compliance (CGRC) °ê»Ú»{¥iÃҮѽҵ{
- ²ºÙ¡GCGRC Training Course
½Òµ{®É¼Æ¡G ¦X¦@ 24 ¤p®É (¦@ 8 °ó)
¾A¦X¤H¤h¡G ¥ô¦ó¤H¤h¡AµL¶·¸gÅç¡C
±Â½Ò»y¨¥¡G ¥H¼sªF¸Ü¬°¥D¡A»²¥H­^»y¡C
½Òµ{µ§°O¡G ¥»¤¤¤ß¾É®v¿Ë¦Û½s¼g­^¤å¬°¥Dµ§°O¡A¦Ó³¡¥÷­^¤å¦rªþ¦³¤¤¤å¹ï·Ó¡C

1. Franco Tsang (CCIE #19772) ¿Ë¦Û±Ð±Â¡G ¥»½Òµ{¥Ñ¾Ö¦³ Triple CCIE, CISA, CISM, CRISC, CDPSE, CISSP, ITILv3 Expert, ITIL 4 Managing Professional, ITIL 4 Strategic Leader, PMP µ¥±M·~»{ÃÒªº Franco Tsang ¿Ë¦Û±Ð±Â¡C
2. Franco Tsang ¿Ë¦Û½s¼gµ§°O¡G Franco ¿Ë¦Û½s¼gµ§°O¡A¥O§AµL¶·¡u¦º¾S¡v¦p¦r¨å¯ë«p¤Î¤£¾A¦X­»´äŪ®Ñ®æ½Õªº®Ñ¥»¡C
3. ´£¨Ñ¼ÒÀÀ¦Ò¸ÕÃD¥Ø¡G ¥»¤¤¤ß¬°¾Ç­û´£¨Ñ¥R¨¬ªº¼ÒÀÀ¦Ò¸ÕÃD¥Ø¡A¨C±ø¦Ò¸ÕÃD¥Ø§¡ªþ¦³¼Ð·Çµª®×¡C¦Ó¸ûÃø²z¸ÑªºÃD¥Ø¡A§¡·|ªþ¦³ Franco ªº¸ÑÄÀ¡C
4. ²`¤J²L¥X¡G Franco ·|¦b½Ò°ó¤W²`¤J²L¥X¦aÁ¿¸Ñ¬ÛÃö·§©À¡A°È¨D¥O¦P¾Ç²z¸Ñ©â¶HªººÞ²z·§©À¡C
5. §K¶O­«Åª¡G ¶Ç²Î½Ò°ó¾Ç­û¥i©ó½Òµ{µ²§ô«á¤T­Ó¤ë¤º§K¶O­«¬Ý½Ò°ó¿ý¼v¡C

­º¥ý¦Û¦æ«e©¹ ISC2 ºô¯¸«Ø¥ß ISC2 Account ¨Ã¥H¸Ó ISC2 Account µn¤J¡Aµn¤J«á¨Ì±q¸Óºô¯¸«ü¥Ü§¹µ½±zªº­Ó¤H¸ê®Æ (¦p©m¦W¡B¹q¸Ü¸¹½X¤Î¹q¶l¦a§}µ¥µ¥)¡C

­«­n¡G±z¥²¶·«ö·Ó¦b¦Ò¸Õ¤¤¤ß¥X¥Üªº¨­¥÷ÃÒ¤Wªº¸ê®Æ¨Ó¶ñ¼g±zªº«H®§¡C¦pªG¤£§¹¥þ¤Ç°t¡A±z±NµLªk°Ñ¥[¦Ò¸Õ¡A¥B¤£·|Àò°hÁÙ¥ô¦ó¶O¥Î¡C

´£¥æ ISC2 ªººô¤W¹q¤lªí®æ«á¡A±z±N³Q­«©w¦V¨ì Pearson VUE ºô¯¸¡A¦b¨ºùرz±N¯à°÷¦w±Æ¦b¥»¤¤¤ß¦Ò¸Õ¤Îú¥I USD$599 ¤§¦Ò¸Õ¶O¡C

¦Ò¸Õ·í¤é¨ì¹F¥»¤¤¤ß®É¥²¶·¥X¥Ü¤U¦C¨â¶µ¦³®Ä¤§¨­¥÷ÃÒ©ú¤å¥ó¡A§_«h¦Ò¥Í¤£¥i¶i¦æ¦Ò¸Õ¡A¦Ó¤wú¥I¤§¦Ò¸Õ¶O¥ç¤£·|°h¦^¡G

  1. ­»´ä¨­¥÷ÃÒ ¤Î
  2. ªþ¦³¦Ò¥Í©m¦W¤Îñ¦WªºÃÒ¥ó (¦p«H¥ÎÍü¡B­»´ä¯S°ÏÅ@·Ó¡BBNOµ¥)

¦Ò¸ÕÃD¥Ø¥Ñ¿D¬w¦Ò¸Õ¤¤¤ß¶Ç°e¨ì§A­nÀ³¦Òªº¹q¸£¡A¦Ò¸Õ®É¥H¹q¸£§@µª¡C©Ò¦³¦Ò¸ÕÃD¥Ø§¡¬°­^¤å¡A¦Ó¦Ò¸ÕÃD¥Ø®æ¦¡¬° 125 ±ø¦h¶µ¿ï¾ÜÃD¡C¦X®æ¤À¼Æ¬° 700 out of 1000 points¡C




½Òµ{¦WºÙ¡GCertified in Governance, Risk and Compliance (CGRC) °ê»Ú»{¥iÃҮѽҵ{
- ²ºÙ¡GCGRC Training Course

Domain 1 Security and Privacy Governance, Risk Management, and Compliance Program

1.1 Demonstrate knowledge in security and privacy governance, risk management, and compliance program
1.1.1 Principles of governance, risk management, and compliance
1.1.2 Risk management and compliance frameworks using national and international standards and guidelines for security and privacy requirements (e.g., National Institute of Standards and Technology (NIST), cybersecurity framework, Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC))
1.1.3 System Development Life Cycle (SDLC) (e.g., requirements gathering, design, development, testing, and operations/maintenance/disposal)
1.1.4 Information lifecycle for each data type processed, stored, or transmitted (e.g., retaining, disposal/destruction, data flow, marking)
1.1.5 Confidentiality, integrity, availability, non-repudiation, and privacy concepts
1.1.6 System assets and boundary descriptions
1.1.7 Security and privacy controls and requirements
1.1.8 Roles and responsibilities for compliance activities and associated frameworks
1.2 Demonstrate knowledge in security and privacy governance, risk management and compliance program processes
1.2.1 Establishment of compliance program for the applicable framework
1.3 Demonstrate knowledge of compliance frameworks, regulations, privacy, and security requirements
1.3.1 Familiarity with compliance frameworks (e.g., International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), Federal Risk and Authorization Management Program (FedRAMP), Payment Card Industry Data Security Standard (PCI-DSS), Cybersecurity Maturity Model Certification)
1.3.2 Familiarity with other national and international laws and requirements for security and privacy (e.g., Federal Information Security Modernization Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), executive orders, General Data Protection Regulation (GDPR))


Domain 2 Scope of the System


2.1 Describe the system
2.1.1 System name and scope documented
2.1.2 System purpose and functionality
2.2 Determine security compliance required
2.2.1 Information types processed, stored, or transmitted
2.2.2 Security objectives outlined for each information type based on national and international security and privacy compliance requirements (e.g., Federal Information Processing Standards (FIPS), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC), data protection impact assessment)
2.2.3 Risk impact level determined for system based on the selected framework


Domain 3 Selection and Approval of Framework, Security, and Privacy Controls


3.1 Identify and document baseline and inherited controls
3.2 Select and tailor controls
3.2.1 Determination of applicable baseline and/or inherited controls
3.2.2 Determination of appropriate control enhancements (e.g., security practices, overlays, mitigating controls)
3.2.3 Specific data handling/marking requirements identified
3.2.4 Control selection documentation
3.2.5 Continued compliance strategy (e.g., continuous monitoring, vulnerability management)
3.2.6 Control allocation and stakeholder agreement


Domain 4 Implementation of Security and Privacy Controls


4.1 Develop implementation strategy (e.g., resourcing, funding, timeline, effectiveness)
4.1.1 Control implementation aligned with organizational expectations, national or international requirements, and compliance for security and privacy controls
4.1.2 Identification of control types (e.g., management, technical, common, operational control)
4.1.3 Frequency established for compliance documentation reviews and training
4.2 Implement selected controls
4.2.1 Control implementation consistent with compliance requirements
4.2.2 Compensating or alternate security controls implemented
4.3 Document control implementation
4.3.1 Residual security risk or planned implementations documented (e.g., Plan of Action and Milestones (POA&M), risk register)
4.3.2 Implemented controls documented consistent with the organization's purpose, scope, and risk profile (e.g., policies, procedures, plans)


Domain 5 Assessment/Audit of Security and Privacy Controls


5.1 Prepare for assessment/audit
5.1.1 Stakeholder roles and responsibilities established
5.1.2 Objectives, scope, resources, schedule, deliverables, and logistics outlined
5.1.3 Assets, methods, and level of effort scoped
5.1.4 Evidence for demonstration of compliance audited (e.g., previous assessments/audits, system documentation, policies)
5.1.5 Assessment/audit plan finalized
5.2 Conduct assessment/audit
5.2.1 Compliance capabilities verified using appropriate assessment methods: interview, examine, test (e.g., penetration, control, vulnerability scanning)
5.2.2 Evidence verified and validated
5.3 Prepare the initial assessment/audit report
5.3.1 Risks identified during the assessment/audit provided
5.3.2 Risk mitigation summaries outlined
5.3.3 Preliminary findings recorded
5.4 Review initial assessment/audit report and plan risk response actions
5.4.1 Risk response assigned (e.g., avoid, accept, share, mitigate, transfer) based on identified vulnerabilities or deficiencies
5.4.2 Risk response collaborated with stakeholders
5.4.3 Non-compliant findings with newly applied corrective actions reassessed and validated
5.5 Develop final assessment/audit report
5.5.1 Final compliance documented (e.g., compliant, non-compliant, not applicable)
5.5.2 Recommendations documented when appropriate
5.5.3 Assessment report finalized
5.6 Develop risk response plan
5.6.1 Residual risks and deficiencies identified
5.6.2 Risk prioritized
5.6.3 Required resources identified (e.g., financial, personnel, and technical) to determine time required to mitigate risk


Domain 6 System Compliance


6.1 Review and submit security/privacy documents
6.1.1 Security and privacy documentation required to support a compliance decision by the appropriate party (e.g., authorizing official, third-party assessment organizations, agency) compiled, reviewed, and submitted
6.2 Determine system risk posture
6.2.1 System risk acceptance criteria
6.2.2 Residual risk determination
6.2.3 Stakeholder concurrence for risk treatment options
6.2.4 Residual risks defined in formal documentation
6.3 Document system compliance
6.3.1 Formal notification of compliance decision
6.3.2 Formal notification shared with stakeholders


Domain 7 Compliance Maintenance


7.1 Perform system change management
7.1.1 Changes weigh the impact to organizational risk, operations, and/or compliance requirements (e.g., revisions to baselines)
7.1.2 Proposed changes documented and approved by authorized personnel (e.g., Change Control Board (CCB), technical review board)
7.1.3 Deploy to the environment (e.g., test, development, production) with rollback plan
7.1.4 Changes to the system tracked and compliance enforced
7.2 Perform ongoing compliance activities based on requirements
7.2.1 Frequency established for ongoing compliance activities review with stakeholders
7.2.2 System and assets monitored (e.g., physical and logical assets, personnel, change control)
7.2.3 Incident response and contingency activities performed
7.2.4 Security updates performed and risks remediated/tracked
7.2.5 Evidence collected, testing performed, documentation updated (e.g., service level agreements, third party contracts, policies, procedures), and submission/communication to stakeholders when applicable
7.2.6 Awareness and training performed, documented, and retained (e.g., contingency, incident response, annual security and privacy)
7.2.7 Revising monitoring strategies based on updates to legal, regulatory, supplier, security and privacy requirements
7.3 Engage in audits activities based on compliance requirements
7.3.1 Required testing and vulnerability scanning performed
7.3.2 Personnel interviews conducted
7.3.3 Documentation reviewed and updated
7.4 Decommission system when applicable
7.4.1 Requirements for system decommissioning reviewed with stakeholders
7.4.2 System removed from operations and decommissioned
7.4.3 Documentation of the decommissioned system retained and shared with stakeholders

The course content above may change at any time without notice in order to better reflect the content of the examination.

 

§ó¦hºî¦X½Òµ{
  Äá¼v½Òµ{
  ¡E Äá¼vªì¯Å
  ¡E Äá¼v¤¤¯Å (­·´º±MÃD)
  ­^¤å½Òµ{
  ¡E IPA «÷­µ¡G¯Å§O 1 ¡E 2 ¡E 3 ¡E 4
  ´¶³q¸Ü½Òµ{
  ¡E °ò¦´¶³q¸Ü«÷­µ (§K¶O)
  ¡E ¶i¶¥´¶³q¸Ü«÷­µ
  ¡E ´¶³q¸Ü·|¸Ü¡G¯Å§O 1 ¡E 2 ¡E 3
  ¦è¯Z¤ú»y¤å½Òµ{
  ¡E ¯Å§O 1 ¡E 2 ¡E 3
  ¤¤Âå½Òµ{
  ¡E Àã¯l»P¥Ö½§±Ó·P¯f
  ¡E ·t½H»P¦â´³ | »ó±Ó·P»P·P«_
  ¡E ²æ¾v»P¥Õ¾v | ±q¤­©x¬Ý°·±d
  ­·¤ô©R²z½Òµ{
  ¡E µµ·L¤æ¼Æ¡G¯Å§O 1 ¡E 2 ¡E 3
  ¡E ¤l¥­¤K¦r¡G¯Å§O 1 ¡E 2 ¡E 3
  ¡E ¤K¦r­·¤ô¡G¯Å§O 1 ¡E 2 ¡E 3
  ¡E ©_ªù¹P¥Ò¡G¯Å§O 1 ¡E 2 ¡E 3