2015年10月2日星期五

ISO 27001 Lead Auditor 認證的價值

ISO 27001 Lead Auditor 認證的價值

ISO 27001 Lead Auditor 一直是我們的皇牌課程,是有以下原因的:

1.      PECB 的 ISO 27001 Lead Auditor Certificate 是經 ANSI 17024 認可的,擁有廣泛的認受性。


2.      報讀課程可取得 32 CPD (Continuing Professional Development), 可用作滿足 CISSP, CISA, CISM, CEH, PMP 等認證持續進修的要求。
3.      課程內容廣泛,除了關於 ISMS (Information Security Management System) 的知識外,更包含了 CISA 課程沒提及的 IT Audit 實戰內容,如 Audit Principles, Procedures Documentation 等。令學員可從另一角度看 ISMS, IT Security 有更全面的瞭解。
4.      最重要是 ISO 27001 標準廣為企業應用,而 ISO 27001 Clause 9.2 注明 Internal audit 的重要:The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system. 所以 ISO 27001 Lead Auditor Certificate 已被企業列為入職 IT Security Professional 的條件,擁有相關認證當可令學員增加就業的機會。


2015年9月17日星期四

有關 ISO 認證

ISO (International Organization for Standardization) 1947 年成立以來,已推出超過 19,000 種標準,可是很多人對 ISO 仍有不同的誤解。

1.      ISO 只是有關品質管理
事實:ISO 推出不同的標準如:
ISO/IEC 27001 Information Security Management System 的標準
ISO/IEC 20000 Information Technology Service Management 的標準
ISO 14001 Environmental Management System 的標準
誤解的原因可能是有關 Quality Management System(QMS) ISO 9001太過深入民心。

2.      ISO 所有的標準均有相關的認證
事實:不對。ISO/IEC 27001 有相關的認證,而 ISO/IEC 27003 (ISMS Implementation Guide) 就沒有其認證的。

現在介紹 ISO 認證可分以下兩大類。

1.      頒給組織或公司的管理系統認證 (Management System Certificate)
某公司根據一種管理系統標準 ( ISO 9001 為例) 成立、運作、及持續改善其 QMS,再申請某認證機構 (Certification Body) 進行外部審計,若能通過 ISO 9001 列出的要求,認證機構便會頒發 ISO 9001 認證給申請的公司。



2.      頒給個人專業認證 (Personal Professional Certificate)
有不同的種類,Foundation, Lead Auditor, Implementer, Consultant, Practitioner, Professional, Manager等。
頒發此類認證機構有 PECB, APMG, IRCA等。



下次再詳細跟大家介紹 ISO Personal Certificate


我們的 ISO認證課程可參考http://www.greatlearning.edu.hk/ISO.html

2015年9月11日星期五

PMP RDS 與 ISO

相信正在準備 PMP考試的朋友都有點猶疑,於今年內趕舊范圍的考試,還是等明年一月才參加新 RDS 版的 PMP 考試。給大家一點提示:新版 RDS 考試內容只增加了以下幾樣任務:

Initiating

Task 2 Identify key deliverables based on the business requirements in order to manage customer expectations and direct the achievement of project goals.

Task 7 Conduct benefit analysis with relevant stakeholders to validate project alignment with organizational strategy and expected business value.

Task 8 Inform stakeholders of the approved project charter to ensure common understanding of the key deliverables, milestones, and their roles and responsibilities.

Planning

Task 13 Develop the stakeholder management plan by analyzing needs, interests, and potential impact in order to effectively manage stakeholders' expectations and engage them in project decisions.

Executing

Task 6 Manage the flow of information by following the communications plan in order to keep stakeholders engaged and informed.

Task 7 Maintain stakeholder relationships by following the stakeholder management plan in order to receive continued support and manage expectations.

Monitoring and Controlling

Task 6 Capture, analyze, and manage lessons learned, using lessons learned management techniques in order to enable continuous improvement.

Task 7 Monitor procurement activities according to the procurement plan in order to verify compliance with project objectives.

所以大家可放心用舊課程內容來溫習,RDS內容其實只是一些小修改!但為何 PMI不等下一版 PMBOK才一次過修改考試大綱?原來 PMP 認證是有 ISO 認證的!甚麼???




大家可參考上圖 (https://www.ansica.org/wwwversion2/outside/ALLdirectoryDetails.asp?menuID=2&prgID=201&prgID1=201&orgID=106&status=4), PMP是經 ANSI ISO 17024 認證的。熟悉 ISO認證的朋友都知所有 ISO認證均須三年內續牌,而上一次 PMP RDS review也是為了 ISO續牌於 2013年進行。

明白了今次 RDS review的原因後,大家便可放心跟自己的計劃去應付 PMP考試了。下次向大家介紹 ISO個人認證。


2015年9月4日星期五

Great Learning 四項特色課程系列

看看上一篇文章的發布日期,實在有點慚愧。但回想這兩年,自己及公司團隊卻沒躲懶;單是今年內 Steve 已考取了超過二十張認證,而公司終於建立了以下四項全面及有特色的課程系列。希望以後能持續為大家分享有關 IT 及項目管理的知識與認證資訊。

1.      Project, Program, & Portfolio Management
l   Project Management Professional (PMP®)       
l   PRINCE2® Foundation and Practitioner 
l   MSP® Foundation and Practitioner (Managing Successful Programmes) 
l   MoP® Foundation and Practitioner (Management of Portfolios) 
l   P3O® Foundation and Practitioner (Project & Programme Support Offices)
l   PRINCE2 Agile™ Certification
l   APMG Agile Project Management (AgilePM®) Foundation and Practitioner
l   APMG Agile Programme Management (AgilePgM®) Foundation
l   Certified SCRUM Master
l   MoV® Foundation and Practitioner (Management of Value)
l   Stakeholder Engagement Certification

2.      IT Management & Governance
l   ITIL® Foundation
l   ITIL® Expert
l   ISO/IEC 20000 Foundation
l   ISO/IEC 20000 Practitioner
l   ISO/IEC 20000 Lead Auditor
l   Business Relationship Management Professional Foundation
l   SDI Service Desk Analyst
l   COBIT® 5 Foundation     
l   COBIT® 5 Assessor        
l   COBIT® 5 Implementation
l   ISO/IEC 38500 Governance Manager
l   Sourcing Governance Foundation  
l   Certified Outsourcing Manager

3.      IT Security & Security Management
l   CISSP®
l   CISA®
l   CISM®    
l   Certified Ethical Hacker (CEH)     
l   Certified Hacking Forensic Investigator (CHFI)
l   Certified Security Analyst (ECSA)  
l   ISO/IEC 27001 Foundation (Information Security Management System Standard)
l   ISO/IEC 27001 Lead Auditor
l   ISO 22301 Foundation (Business Continuity Management System Standard)
l   ISO 22301 Lead Auditor
l   ISO/IEC 24762 Disaster Recovery Manager
l   ISO/IEC 27005 Risk Manager
l   ISO/IEC 27002 Manager
l   Implementing the NIST Cybersecurity Framework using COBIT 5
l   Certified Lead Privacy Implementer
l   Fundamentals of Forensics Certificate

4.      ISO Courses
l   ISO 9001 Foundation Certification (Quality Management System Standard)      
l   ISO 9001 Lead Auditor Certification              
l   ISO 26000 Foundation Certification (Social Responsibility Program)   
l   ISO 26000 Lead Auditor Certification    
l   ISO 14001 Foundation Certification (Environmental Management System Standard)  
l   ISO 14001 Lead Auditor Certification
l   And many ISO Certification Self-study Packages, etc.


2013年5月30日星期四

ISO/IEC 27001 的啟示: 先找尋 Threat 還是 Vulnerability



從事 IT Security 的朋友,請想想以上的問題。

根據 ISO/IEC 27001 ,是先找 Vulnerability 再找 Threat。但為什麼?

讓我們分析,Threat 是外部的,而 Vulnerability 是內部的;物先腐而後蟲生:內有弱點,再加上外在威脅,才會造成破壞。

Steve ISO/IEC 27001 Foundation 課堂中與同學商討這問題,有同學提出一個很好的解釋。以一個 OS 為例,由於系統複雜,必定有大量的 bug,處理所有的 bug 幾成不可能的任務;若先找出外面的 Threat,再處理相應的 Vulnerability,則較易做到。在此多謝這同學分享的見解。

Steve 再推想,處理人生問題卻應將次序倒過來,人應先反省自己,改正自己的弱點,才能做到「苟日新,日日新,又日新」。 《六祖壇經》亦說:「若真修道人,不見世間過」。


2013年2月28日星期四

Traditional vs. Agile Project Management

It is the simplest graphics showing the difference between Traditional and Agile Project Management.



DSDM Atern is the most comprehensive Agile Project Management framework.

The two approaches are actually different perspectives on the project constraints.

Want to know more? Join our Agile Project Management Certifications Bundle Course.

http://www.greatlearning.edu.hk/PMI-ACP-scrum-agile.html

2013年1月2日星期三

New PMP Exam will be on 31 July 2013

PMBOK® v5 is finally released!



So what’s the impact for PMP® candidates?

- New exam syllabus will be effective on 31 July 2013 based on PMBOK® v5.
- New syllabus means uncertainty. For example, do you want to memorize one more knowledge area as the diagram?

Action NOW for taking PMP® exam sticking to the old and well-known syllabus. Great Learning will offer PMP® courses more frequently during this period. 

http://www.greatlearning.edu.hk/pmp.html