付款。
ISACA® 成立於1969 年,多年來不斷參與各項系統確認性與安全、企業資訊治理及資訊風險的活動,口碑載譽。
ISACA® 會員遍佈逾 160 個國家,總數超過 86,000 人。其頒授的全球認可國際資訊隱私防護師認證 (CDPSE, Certified Data Privacy Solutions Engineer) 資格,更是各位管理人員必考的證書。取得 CDPSE 資格標誌著該專業人員具備管理隱私的知識,以及構建和實施全面數據隱私措施所需的技術,以降低風險並提高效率。
本中心的 CDPSE 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、實習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。
| 課程名稱: |
CDPSE 國際認可證書課程 - 簡稱:CDPSE Training Course |
| 課程時數: | 合共 18 小時 (共 6 堂) |
| 適合人士: | 具備 3 年或以上的資料隱私治理、隱私架構及/或資料生命週期領域工作經驗 |
| 授課語言: | 以廣東話為主,輔以英語 |
| 課程筆記: | 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。 |
| 1. Franco Tsang (CCIE #19772) 親自教授: | 本課程由擁有 CISA, CISM, CRISC, CDPSE, CISSP, ITILv3 Expert, ITIL 4 Managing Professional, ITIL 4 Strategic Leader, PMP 等專業認證的 Franco Tsang 親自教授。 |
| 2. Franco Tsang 親自編寫筆記: | Franco 親自編寫筆記,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。 |
| 3. 提供模擬考試題目: | 本中心為學員提供充足的模擬考試題目,每條考試題目均附有標準答案。而較難理解的題目,均會附有 Franco 的解釋。 |
| 4. 深入淺出: | Franco 會在課堂上深入淺出地講解相關概念,務求令同學理解抽象的概念。 |
| 5. 免費重讀: | 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。 |
本中心為 PSI 指定的 CDPSE 考試試場,導師會在課堂上講解考試程序。考試費用如下:
通過考試後,同學需要
完成上述要求後,便能成為 CDPSE。 |
| 課程名稱:CDPSE 國際認可證書課程 - 簡稱:CDPSE Training Course |
1. Privacy Governance
1.1 Privacy Governance
1.1.1 Personal Information
1.1.2 Privacy Principles (e.g., Privacy by Design, Consent, Transparency)
1.1.3 Privacy Laws and Regulations
1.1.4 Privacy Documentation (e.g., Policies, Guidelines)
1.2 Privacy Operations
1.2.1 Organizational Culture, Structure, and Responsibilities
1.2.2 Vendor and Supply Chain Management
1.2.3 Incident Management
1.2.4 Data Subject Rights, Requests, and Notification
2: Privacy Risk Management and Compliance
2.1 Risk Management
2.1.1 Risk Management Process and Policies
2.1.2 Privacy-Focused Assessment (e.g., Privacy Impact Assessment (PIA))
2.1.3 Privacy Training and Awareness
2.1.4 Threats and Vulnerabilities
2.1.5 Risk Response
2.2 Compliance
2.2.1 Privacy Frameworks
2.2.2 Evidence and Artifacts
2.2.3 Program Monitoring and Metrics
3. Data Life Cycle Management
3.1 Data Collection and Processing
3.1.1 Data Inventory, Dataflow Diagram, and Classification
3.1.2 Data Quality (e.g. Accuracy)
3.1.3 Data Use Limitation
3.1.4 Data Analytics (e.g., Aggregation, AI, Data Warehouse)
3.2 Data Persistence and Destruction
3.2.1 Data Minimization
3.2.2 Data Disclosure and Transfer
3.2.3 Data Storage, Reten
4. Privacy Engineering
4.1 Technology Stacks
4.1.1 Infrastructure and Platform Technology (e.g., legacy, cloud computing)
4.1.2 Devices and Endpoints
4.1.3 Connectivity
4.1.4 Secure Development Life Cycle
4.1.5 APIs and Cloud-Native Services
4.2 Privacy-Related Security Controls
4.2.1 Asset Management
4.2.2 Identity and Access Management
4.2.3 Patch Management and Hardening
4.2.4 Communication and Transport Protocols
4.2.5 Encryption and Hashing
4.2.6 Monitoring and Logging
4.3 Privacy Controls
4.3.1 Consent Tagging
4.3.2 Tracking Technologies
4.3.3 Anonymization and Pseudonymization
4.3.4 Privacy Enhancing Technologies (PETs)
4.3.5 AI/Machine Learning (ML) Considerations
1 PRIVACY GOVERNANCE
1.1 PRIVACY GOVERNANCE
1.1.1 Personal Information
1.1.1.1 Personal data, personal information, personal datum and data subject
1.1.1.1.1 Personal Data
1.1.1.1.2 Personal Information
1.1.1.1.3 Personal Datum
1.1.1.1.4 Data Subject
1.1.2 Privacy Principles (e.g., Privacy by Design, Consent, Transparency)
1.1.2.1 Privacy by Design
1.1.2.1.1 Overview of Privacy by Design (PbD)
1.1.2.1.2 Foundational Principles of Privacy by Design
1.1.2.1.3 Privacy Design Strategies
1.1.2.2 Consent
1.1.2.3 Transparency
1.1.3 Privacy Laws and Regulations
1.1.3.1 Legal purpose and legitimate interest
1.1.3.1.1 Legal purpose
1.1.3.1.2 Legitimate interest
1.1.3.2 Privacy protection legal models
1.1.3.2.1 Comprehensive Model
1.1.3.2.2 Sectoral Model
1.1.3.2.3 Co-regulatory Model
1.1.3.2.4 Self-regulatory Model
1.1.3.3 Examples of privacy laws and regulations
1.1.3.3.1 US Privacy Laws and Regulations
1.1.3.3.2 EU and International Privacy Laws
1.1.3.4 Privacy Standards
1.1.4 Privacy Documentation (e.g., Policies, Guidelines)
1.1.4.1 Privacy notice
1.1.4.2 Consent form
1.1.4.3 Privacy policies
1.1.4.4 Privacy procedures
1.1.4.5 Record of processing
1.1.4.6 Corrective action plan / CAP
1.1.4.7 Data protection impact assessment / DPIA
1.1.4.8 System of Record Notice / SoRN
1.1.4.9 Personal Information Inventory
1.2 PRIVACY OPERATIONS
1.2.1 Organizational Culture, Structure, and Responsibilities
1.2.1.1 Privacy roles and responsibilities
1.2.1.1.1 Data Controller
1.2.1.1.2 Joint Controller
1.2.1.1.3 Chief Privacy Officer (CPO) or Data Protection Officer (DPO)
1.2.1.1.4 Privacy Steering Committee
1.2.1.1.5 Privacy Engineer
1.2.1.1.6 Privacy Management Architect
1.2.1.1.7 Privacy Manager
1.2.1.1.8 Enterprise Risk Management Committee
1.2.1.1.9 Data Processor
1.2.1.1.10 Business Unit Manager
1.2.1.1.11 Information Custodian or Service Owner
1.2.1.1.12 Incident Response Team
1.2.1.1.13 Forensics Expert
1.2.1.1.14 Three Lines Model
1.2.1.1.14.1 First Line (Operational Management)
1.2.1.1.14.2 Second Line (Risk Management and Compliance Functions)
1.2.1.1.14.3 Third Line (Internal Audit)
1.2.1.2 Culture, ethics, and behavior
1.2.1.2.1 Culture
1.2.1.2.2 Ethics
1.2.1.2.3 Behavior
1.2.2 Vendor and Supply Chain Management
1.2.2.1 Legal requirements
1.2.2.2 Management procedures
1.2.3 Incident Management
1.2.3.1 Privacy incident response team / PIRT
1.2.4 Data Subject Rights, Requests, and Notification
1.2.4.1 NIST Privacy Framework
1.2.4.2 Data subject requests
1.2.4.3 Data Subject Notification
2 PRIVACY RISK MANAGEMENT AND COMPLIANCE
2.1 RISK MANAGEMENT
2.1.1 Risk Management Process and Policies
2.1.1.1 Overview
2.1.1.2 Risk Appetite, Tolerance, and Capacity
2.1.1.3 Risk culture
2.1.1.4 Privacy Risk Management Process
2.1.1.4.1 Setting Context
2.1.1.4.2 Risk Identification
2.1.1.4.3 Risk Assessment
2.1.1.4.4 Risk Response and Mitigation
2.1.1.4.4.1 Plan of Action and Milestones (POAM)
2.1.1.5 Risk Management Policies
2.1.2 Privacy-Focused Assessment (e.g., Privacy Impact Assessment (PIA))
2.1.2.1 Privacy Impact Assessment (PIA)
2.1.2.1.1 Overview
2.1.2.1.2 Methodologies
2.1.3 Privacy Training and Awareness
2.1.3.1 Content and Delivery
2.1.3.2 Training Frequency
2.1.3.3 Training Metrics
2.1.4 Threats and Vulnerabilities
2.1.4.1 Threats
2.1.4.2 Vulnerabilities
2.1.4.3 Method for Exploiting Vulnerabilities
2.1.4.3.1 Social engineering
2.1.4.3.2 Other Methods for Exploiting Vulnerabilities
2.1.4.4 Privacy Harms and Problems
2.1.5 Risk Response
2.2 COMPLIANCE
2.2.1 Privacy Frameworks
2.2.1.1 Privacy Principles vs Privacy Frameworks vs Privacy Standard vs Privacy Regulations
2.2.1.2 Governmental Frameworks
2.2.1.3 Industry Frameworks
2.2.2 Evidence and Artifacts
2.2.2.1 Methods of Gathering Evidence
2.2.2.2 Types of Evidence and Artifacts
2.2.3 Program Monitoring and Metrics
2.2.3.1 Key Performance Indicators (KPIs)
2.2.3.2 Key Risk Indicators (KRIs)
2.2.3.3 Key Control Indicators (KCIs)
2.2.3.4 Program Audit
2.2.3.4.1 Assurance vs Audit
2.2.3.4.2 Privacy Audit Program
2.2.3.4.3 Privacy Risk Categories based on ISACA Framework
3 DATA LIFE CYCLE MANAGEMENT
3.1 DATA COLLECTION AND PROCESSING
3.1.1 Data Inventory, Dataflow Diagram, and Classification
3.1.1.1 Data Inventory
3.1.1.2 Dataflow Diagram
3.1.1.2.1 Data Flow Diagrams (DFD)
3.1.1.2.2 Data Usage Diagrams
3.1.1.2.3 Data Lineage
3.1.1.3 Data Classification
3.1.2 Data Quality (e.g. Accuracy)
3.1.3 Data Use Limitation
3.1.4 Data Analytics (e.g., Aggregation, AI, Data Warehouse)
3.1.4.1 Data Science
3.1.4.2 Data Aggregation
3.1.4.3 AI in Data Analytics and FEAT
3.1.4.3.1 Data Warehouse
3.2 DATA PERSISTENCE AND DESTRUCTION
3.2.1 Data Minimization
3.2.2 Data Disclosure and Transfer
3.2.2.1 Data Disclosure
3.2.2.2 Data Transfer
3.2.2.3 Data Migration
3.2.2.4 Data Conversion
3.2.3 Data Storage, Retention, and Archiving
3.2.3.1 Data Storage
3.2.3.2 Data Retention
3.2.3.3 Data Archiving
3.2.4 Data Destruction
3.2.4.1 Data anonymization and Differential Privacy
4 PRIVACY ENGINEERING
4.1 TECHNOLOGY STACKS
4.1.1 Infrastructure and Platform Technology (e.g., legacy, cloud computing)
4.1.1.1 On-Premises vs. Cloud-Based Data Centers
4.1.1.2 Cloud Computing Deployment Models
4.1.1.3 Cloud Computing Service Models
4.1.2 Devices and Endpoints
4.1.2.1 Devices
4.1.2.2 Endpoints
4.1.2.3 Virtual Machines and Containers
4.1.2.4 Zero Trust Architecture
4.1.3 Connectivity
4.1.3.1 Virtual Private Network (VPN)
4.1.3.2 Desktop Sharing
4.1.4 Secure Development Life Cycle
4.1.5 APIs and Cloud-Native Services
4.1.5.1 API
4.1.5.2 Web Services
4.1.5.3 Cloud-Native Services
4.2 PRIVACY RELATED SECURITY CONTROLS
4.2.1 Asset Management
4.2.2 Identity and Access Management
4.2.2.1 Multifactor Authentication (MFA) and Single Sign-on
4.2.2.2 System Access Permission
4.2.2.3 Access Control
4.2.2.4 Privileged Access Management (PAM)
4.2.3 Patch Management and Hardening
4.2.3.1 Patch Management
4.2.3.2 Hardening
4.2.4 Communication and Transport Protocols
4.2.4.1 OSI Model and TCP/IP Model
4.2.4.2 Communication Protocols
4.2.4.3 Transport Layer Security (TLS)
4.2.5 Encryption and Hashing
4.2.5.1 Encryption
4.2.5.1.1 Overview
4.2.5.1.2 Symmetric Encryption Algorithm
4.2.5.1.3 Asymmetric Encryption
4.2.5.1.4 Homomorphic Encryption (HE)
4.2.5.1.5 Quantum Cryptography
4.2.5.1.6 Certificates
4.2.5.1.6.1 Background
4.2.5.1.6.2 Public Key Infrastructure (PKI)
4.2.5.2 Hashing
4.2.5.2.1 Digital Signatures
4.2.5.2.2 Digital Envelops
4.2.5.2.3 Tokenization
4.2.6 Monitoring and Logging
4.2.6.1 Monitoring
4.2.6.2 Logging
4.3 PRIVACY CONTROLS
4.3.1 Consent Tagging
4.3.2.1 Cookies
4.3.2.1.1 Categories by Duration
4.3.2.1.2 Categories by Provenance
4.3.2.1.3 Categories by Purpose
4.3.2.2 Tracking Pixels
4.3.2.3 Digital Fingerprinting
4.3.2.4 GPS
4.3.2.5 RFID (Radio Frequency Identification)
4.3.3 Anonymization and Pseudonymization
4.3.4 Privacy Enhancing Technologies (PETs)
4.3.5 AI/Machine Learning (ML) Considerations
4.3.5.1 Overview
4.3.5.2 AI Privacy Risks
5 MISCELLANEOUS TOPICS FOR THE EXAM
5.1 Domain 1
5.2 Domain 2
5.3 Domain 3
5.4 Domain 4