CISSP Exam Preparation Course


The Certified Information Systems Security Professional (CISSP) certification is a vendor neutral certification offered by the International Information Systems Security Certification Consortium (ISC2) It is designed for experienced professionals in the computer or security field who are responsible for developing the information security policies, standards, and procedures and managing their implementation across an organization.


Feature of the workshop

  • Experienced and qualified trainer, Danny Ha, with 27-year practical industrial experience in the IT, information systems audit, security and business risk management industry, holding designations of CISA, CISM, CISSP, CPM, FCRP, CRT, PMP, MBA, ISLA ISC2. For his bio, please visit Comprehensive coverage of course material and past exam questions discussion

  • Precise and clear presentation slides with live audit experience sharing

  • In depth revision and explanation to help students passing the examination

  • Exam techniques sharing


Course Contents: (30 hours)

  • Access Controls
    Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use and content of a system.

  • Telecommunications & Network Security
    This domain encompasses the structures, transmission methods, transport formats and security measures used to provide integrity, availability, authentication and confidentiality for transmissions over private and public communications network and media.

  • Security Management
    Security management entails the identification of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.

  • Applications Security
    Applications and systems development security refers to the controls that are included within systems and applications software, including agents, applets, databases, data warehouses and knowledge-based systems. The steps used in their development will also be included.

  • Cryptography
    The Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. Basic concepts of encryption, including public and private key algorithms, algorithm constructions, digital signature will be studied.

  • Security Architecture
    The Security Architecture and Models domain contains the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, integrity and availability.

  • Operations Security
    Operations security is used to identify the controls over hardware, media and the operators with access privileges to any of these resources. Audit and monitoring is the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group or process.

  • Business Continuity Planning
    The Business Continuity Planning and Disaster Recovery Planning domain address the preservation of the business in the face of major disruptions to normal business operations. The preparation, testing and updating of specific actions to protect critical business processes from the effect of major system and network failures are involved.

  • Law, Investigations & Ethics
    This domain addresses computer crime laws and regulations, the investigative measures and techniques which can be used to determine if a crime has been committed, methods to gather evidence if it has, as well as the ethical issues and code of conduct for the security professional.

  • Physical Security
    The Physical Security domain addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information. These resources include people, the facility in which they work and the data, equipment, support systems, media and supplies they utilize.



Mr. Danny Ha

Holder of professional certificates of IT Service Management:- CF-ITIL, ISO2000 Auditor and Consultant; Business Risk & Crisis Management:- FCRP CCC CRT; ISO17024:- CISSP CISA CISM; CSSLP, CGEIT; Project Management:- CPM, PMP; CT-CLE-Supply-Chain; APSNY; President of ICRM; Member of PMI; Member of HKLA; Fellow Member of Hong Kong Computer Society (HKCS); MBA; B.Sc.(Hons.), and the Honoree of the Asia Pacific Information Security Leadership Award (ISLA) of ISC2 for security consulting, audit and training.

He is a Quality Reviewer of Government audit projects; External Examiner of CEF courses for HKU SPACE; Lecturer of HKU SPACE and PEAK VTC; Co-Author of the Exam scope CPPMOK for IAPPM of Certified Project Manager (CPM); Professional Exam, writer and reviewer for Risk Management topics, CISM Manual and ISACA Publications; the nominee for the Best Teacher of HKU SPACE, and the nominee for AESRM Excellence in Security Convergence and Enterprise Risk Management Award.

Danny Ha has extensive experience and proven record in professional training, information security assessment and audit, management skills coaching and business crisis and risk management over 26 years for various industries. He is a respected consultant and a frequent speaker at various seminars and conferences, and has been interviewed by number newspapers on subjects relating to his professional knowledge, skills and experiences. He also writes articles on specialized subjects for security, audit, governance, and risk management industries. He delivers a numerous courses at professional certification level, in graduate diploma courses, degree courses in social science (Enterprise Security and Risk Management), and executive management certificate courses at different universities, professional bodies and institutes in Hong Kong and China. He has conducted many training courses such as the ITIL Foundation Exam (IT Service Management) preparation course over 120 lecturing hours with over 250 audiences since 2006 for HK Government and MNC; CRM courses; project management and PMP course for private institutes and HKU SPACE; CISA Exam Preparation Courses with over 800 lecturing hours for over 500 audiences since 2003; and also the CISSP and CISM Exam Preparation Courses for over 1,000 audiences with over 2,000 lecturing hours since 2001. Here is one of the praises from the attendees.

Leading at the Sense of Security

Since I joined Mr. Danny Ha’s class, it deeply broadened my vision of the security, also inspired me in mapping to the whole business of the company. His excellent presentation skills with a wide range of security experience really impressed me so much. During the class, I learned much from his great sharing, such as different management ideas, risk management concept, incident response handling, crisis management… all of these are useful and practical for my career development. With his comprehensive materials and humorous guidance, it lets me complete the CISSP examination. You’re Great! Danny!!! <<< Cyrus Ho, IT Officer of Hong Kong Institute of Certified Public Accountants (previously worked for Deloitte Touche Tohmatsu), CISSP, CHFI, CEH, ITIL, MCSE/MCSA:Security Specialist, MCSE/MCSA/MCP, CCSE/CCSA, Oracle DBA, SCJP, Oct 2008.

Back to the top