Recent News & Events



2022.03.25 Big Sale for WFH VPN User with Thales SAS (Cloud) 2-Factor Authentication

Good News!! As WFH becomes normal due to the presence of COVID-19. However, it does not secure enough to access the company's IT infrastructure without using 2-Factor Authentication. Therefore, UDS is now having a promotion program for token of Thales OTP 110 + SAS software license for 2FA of SSL VPN / VPN. This solution can support different VPNs that contains RADUIS settings including Sangfor, Hillstone, Paloalto, Checkpoint, Pulse Secure, Sophos, SonicWall, WatchGuard, etc. And Sangfor has provided a great support to our program.



Question:

1.) What are Thales OTP 110 and SAS Software Subscription licenses?

ANS: For Thales OTP 110, it is a One Time Password authentication device with LCD display, battery, and OTP generation button.

For Thales SafeNet Authentication Service (SAS) is a cloud-based authentication platform making authentication easy and cost-effective to implement and manage. Our approach has been to design a solution that takes away many of the traditional pain points in authentication.

2.) Why do I need the OTP?

ANS: It provides a Two-Factor Authentication to enhance the VPN Security to access the company's IT infrastructure and prevent hacking from Man-in-Middle-Attack.

3.) How secure is the SAS?

ANS: Only Admin can login the Console Using OTP Token to generate 6-digit code. Or Using Mobile Token to generate 6-digit code in 'Mobile Pass' Application.


From now, customers can enjoy a special price as shown below.

Order Quantity
Price for OTP 110 + SAS for 3 Years(HKD per unit)

(Included remote SAS installation)

[Original price: HKD1,500.00 per OTP 110 + 3 Years SAS license + 3 Years Limited Hardware Maintenance without installation]
25-49
HKD 1,000 (1 unit OTP 110 + 3 Years SAS license + 3 Years Limited Hardware Maintenance + remote installation), Average HKD333.33 per user per year
50+
HKD 900 (1 unit OTP 110 + 3 Years SAS license + 3 Years Limited Hardware Maintenance + remote installation), Average HKD300.00 per user per year


The promotion is valid to Jul 31, 2022. If you have any inquiries about the program, please contact Daniel Tai (email: danieltai@udshk.com; Tel: 2851 0271)




2022.03.15   Work From Home Cause Data Leakage?



Data Leakage?

Due to the COVID 19 situation, more and more company will have their staff to work from home (WFH). Most of the companies have already applied protection on their confidential data in their whole enterprise network and working environment but not for WFH situation. Staffs are using Remote Desktop, VPN, VDI method to access the corporation network, However, what they pain for is the content showing on the screen. It’s a plain text without any encryption. Sensitive Data may be easy to be leaked by screen capture, or even using a mobile device to take a photo. More and more company is asking for solution to enhance the security of the content on the screen.





To solve this, Screen Watermark become an important part to enhance the data protection. xSecuritas Screen Watermark is designed to protect screen content and to claim ownership of an asset. With the xSecuritas product, you can enjoy below features.

  -  Display ScreenWatermark on target machine with traceable information
  -  Display Watermark depending on the location, Like Office or Out of Office?
  -  Display on the participant's screen when sharing the screen or only sharing content in video conferencing
  -  Supports Screen Watermark in VDI and RemoteApp of Microsoft, Citrix, VMWare Horizon, AWS Stream, Nutanix
  -  Support Screen Capture Blocking
  -  Compatible with Windows 7, 10,11, Windows Server 2012 R2, 2016, 2019 or above OS

Real Case Sharing

One of the Bank in Hong Kong deployed the solution before the COVID 19 to enhance their internal security on those VDI server. Recently, caused by the extreme condition of COVID 19. Most of their staffs are work from home with company laptop. They are aware that this may have a risk to spread out some confidential information or even bank customer information. They then start to implement the screen watermark solution to their staff’s laptop. The solution is running smooth with their expected result. For now, they have more than 1,000 users already using the solution to work from home.



Questions

Q. Can the watermarks display only when the user out of office?
A. Yes, We can apply based on the agent network location to display the watermark.

Q. Do I need to install any software in my environment?
A. Yes, you will need to install our agent on each machine. But no policy server is required, as our policy server is cloud based.






2022.02.25  UDS Data Systems is on Sub-Contractor of Standing Offer Agreement for Quality Professional Services 5 (SOA-QPS5)



OGCIO’s The Standing Offer Agreement for Quality Professional Services 5 (SOA-QPS5) enlarges the Government's delivery capacity for IT services and accelerates the delivery of IT solutions to support the increasing demand of digital government services. The contract period of SOA-QPS5 is from 31 January 2022 to 30 January 2026 covering three Categories of services:

  ●    Category A: Pre-implementation, programme/project management services, ongoing services, implementation and combined system development services;
  ●    Category B: Information security, privacy assessment and independent testing services; and
  ●    Category C: Deployment and maintenance of common services.

Categories A and C are further divided into Major and Minor Group. Minor Group covers work assignments of contract value not exceeding HK$3 million, while Major Group covers work assignments of contract value over HK$3 million but not exceeding HK$20 million.  For Categories B, there is no subdivision into Groups and the contract value of each work assignment shall not exceed HK$20 million.

UDS Data Systems Limited is now on the sub-contractor list of  QPS-5 Cat A, Cat B and Cat C.



For details, please refer to the below link
https://www.ogcio.gov.hk/en/our_work/business/business_window/doc/SOA-QPS5_subcontractors.pdf





2021.02.01  UDS represents SecIron products in Hong Kong



UDS welcomes SecIron (www.seciron.com)  joins our product family to enhance UDS’s mobile Mobile Application Security solutions.

SecIron is founded in 2010 by a team of specialist and experts in the field of Mobile Application Security across Asia. SecIron committed to creating a secured mobile future through innovation and development of Mobile Application Security technologies in safeguarding business and communities from cybercriminals and mobile threats.

From SecIron’s research & development center headquartered in Tokyo, Japan, her specialists continuously develop future-proof mobile application security solutions that are easy to implement through a code-less holistic approach, making mobile threats a thing of the past.

Product families

SecIRON Solutions For

➢ Financial Industry
➢ Retail & E-Commerce
➢ Mobile Gaming
➢ IoT Industry
➢ Public Services
➢ SaaS Industry
➢ Healthcare Industry




2021.12.21 Log4j Vulnerability and IT Security Vendors' Responses

What is the Log4j Vulnerability?



A flaw in widely used internet software known as Log4j has left companies and government officials scrambling to respond to a glaring cybersecurity threat to global computer networks.

The bug disclosed last week could enable potentially devastating cyberattacks that span economic sectors and international borders, according to security experts.

U.S. officials say that hundreds of millions of devices are at risk, while researchers and major technology companies warn that hackers linked to foreign governments and criminal ransomware groups are already probing how to exploit the vulnerability within targets’ computer systems.

CISA (Cybersecurity and Infrastructure Security Agency) published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community on 12/22/2021. This tool is intended to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities. This repository provides a scanning solution for the log4j Remote Code Execution vulnerabilities (CVE-2021-44228 & CVE-2021-45046).

CISA Log4j Scanner Download:

https://github.com/cisagov/log4j-scanner

What is Log4j?



Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Distributed free by the nonprofit Apache Software Foundation, Log4j has been downloaded millions of times and is among the most widely used tools to collect information across corporate computer networks, websites and applications. The software is maintained by Apache volunteers.

How can hackers take advantage of Log4j's vulnerability?

The Log4j flaw, disclosed by Apache on , allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control. Some cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure.

Security experts are particularly concerned that the vulnerability may give hackers enough of a foothold within a system to install ransomware, a type of computer virus that locks up data and systems until the attackers are paid by victims. Security company F-Secure Oyisaid its analysts have observed some ransomware variants being deployed via the flaw already, along with malware that is often deployed as a precursor to a ransomware strike.

The above information is retrieved from the WALL STREET JOUNRNAL. For further information, please go to https://www.wsj.com/articles/what-is-the-log4j-vulnerability-11639446180

2 CVEs for the Log4j vulnerabilities disclosed by Apache


SECURITY VULNERABILITY CVE-2021-44228 SECURITY VULNERABILITY CVE-2021-45046
Addressed in Log4j 2.12.2 and Log4j 2.16.0 Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up
Summary Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack.

The above information is retrieved from Apache official website. For further information, please go to https://logging.apache.org/log4j/2.x/security.html

How IT Security Vendors handle the Log4j Vulnerabilities?

Many IT Security Vendors have traced attempted attacks that exploit the this vulnerabilities. Each has released the security patch or signatures and provide the recommendation on how to against this attack to protect their customer business.

Please click on the Vendors’ logo for further information on their responses.




















2021.12.03  Congratulations to our staff achieving the CSPA 2021 award

Congratulations to our Director, Mr. Frankie Leung, Director of Security Services, Mr. Paul Chow, and Technical Manager, Mr. Eric Moy for achieving the CSPA (Cyber Security Professionals Award) 2021 award.

Mr. Frankie Leung, Mr. Paul Chow and Mr. Eric Moy were nominated to Cyber Security Professionals Awards (CSPA). They were selected by the judges for two Merit awards and one Silver award in the Government Departments & Public Bodies – Management category and the Information and Communications Technology – Practitioner category from 200 participants in each category.  The organizer (Cyber Security and Technology Crime Bureau of the Hong Kong Police Force) and supporting organizations believed their contributions and practices have demonstrated the highest degree of excellence in the field of cyber security.

To recognise our excellence work, Cyber Security and Technology Crime Bureau of the Hong Kong Police Force invited our awarded members to join the awards presentation ceremony on 2 December 2021 (Thursday), at the Hong Kong Science and Technology Park, Shatin.

















2021.10.25  UDS join Palo Alto Networks’s Partner Executive Luncheon and got Excellence in Cortex XSOAR FY21 Award



On Oct 12, Palo Alto Networks’s Partner invited UDS Data Systems Ltd to join the Partner Executive Luncheon start at Sushi Kuu Japanese Restaurant at Central, Hong Kong.
The top executive of Palo Alto Networks presented the topic of  “We’ve got Next”. which were covering:

   - Palo Alto Networks strategy and roadmap
   - Award presentation to celebrate our partner success in FY21
   - Social Networking how we may work together

Mr. Frankie Leung (Director of UDS) represented UDS to get the Excellence in Cortex XSOAR FY21 Award from the Top Management of Palo Alto Networks. UDS is focusing the SIEM and SOAR solution in the security market. UDS works with Palo Alto Networks to win a few cases of Palo Alto Networks’s XSOAR in Hong Kong market in 2021.



One integrated platform for security operations – Cortex XSOAR
Shift from dozens of siloed SOC tools to Cortex and unleash the power of analytics, AI and automation to secure what’s next:

    - Collect all your security data in one place for full visibility and faster investigations
    - Reclaim your nights and weekends by automating manual SOC tasks
    - Stitch together network, endpoint, cloud and identity data to accurately detection threats
    - Get a single source of truth for all your public-facing assets and synchronize findings with other tools
    - Ensure all your IT and security tools play well together with hundreds of out-of-the-box integrations



2021.06.27 UDS has joined the Palo Alto Virtual Cybersummit 2021

 Palo Alto organized the Virtual Cybersummit 2021 with the theme ‘Better safeguard networks from cyberattackers’ from June 21-25, 2021. UDS joined this great event by holding an online booth which presented our capabilities on providing security services and solutions, especially our capabilities on CortexTM XSOAR such as Playbook design and implementation.
 
SOAR (Security Orchestration, Automation, and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. CortexTM XSOAR, a single platform that orchestrates actions across your entire security product stack for faster and more scalable incident response, has cooperated with us for several years. With this, our team has accumulated professional experiences and knowledge on handling the different situations for XSOAR. We believe that we can provide excellent services to the customers and fulfill their requirements.



If you are interested in XSOAR or other security products/services, please visit our website or contact us (email: info@udshk.com / Tel: +852 2851 0271).






2021.6.1 The latest version of DriveLock

The latest version of DriveLock is now available. It mainly provides five different services for the customer to enjoy a more comprehensive service as shown in the graph below:

The Five Feature for DriveLock



1.) Centralized and modularized licensing -> DriveLock’s new license modularisation is optimally adapted to customers’ needs.

2.) Microsoft Defender Firewall Management -> With DriveLock, you can specify precise rules for any group of people, computer or network environment, as well as the particular time of day. Our ‘fine-tuning’ is now also available for Microsoft Defender's firewall rules - simply disable port sharing for computers in home offices (it’s only required in the corporate network), or restrict communication to encrypted connections.

3.) Security rules for local users and groups -> DriveLock 2021.1 comes with extra protective features, allowing you to rename accounts and provide them with the ability to change and randomize passwords.

4.) Automatic reports in DriveLock Operations Center

5.) Restrict Bluetooth connections -> DriveLock 2021.1 now allows detailed settings for connecting devices via Bluetooth.

 If you still want to figure out more about the latest version of the news, it is recommended to attend the webcast on 8th June 2021. Andreas Fuchs (Director Product Management in DriveLock) will briefly discuss the news update and will also answer your question with his expertise. The registration link will be shown below.


For more information, you can visit https://www.drivelock.com/ or content us (email: info@udshk.com / Tele: +852 2851 0271).





2021.04.10 Teramind software joined UDS Security Solution Offering as their authorized partner in Hong Kong


Teramind (Found in 2014) is a software solution that leading in monitoring employees, user behavior analytics, insider threat detection, forensics, and data loss prevention software solution. With the specialty in detecting, recording, and preventing malicious user behavior in addition to enhancing the productivity and efficiency of the teams. Until now, over 2,000 organizations in finance, legal, retail, manufacturing, energy, technology, healthcare, and government have cooperated with Teramind.

Feature of Teramind

1.) Employee Monitoring

•    Identify uncover potential threats in real-time
2.) User Behavior Analytics

•    Identify uncover potential threats in real-time
3.) Data Loss Prevention

•    Leverage Teramind’s industry-defining DLP feature

4.) Forensics

•    Identifying and alerting the user to non-complicit action through compliance or audit   
5.) Insider Threat Prevention

•    Automate risk detection and block unwanted users’ behavior.

Teramind DLP: Data Loss Prevention, User Activity Monitoring and Insider Threats Detection in a Single Platform especially in WORK FROM HOME environment.


Gartner peerinsights - Enterprise Data Loss Prevention (DLP) Reviews and Ratings

Gartner had rated two products of Teramind (Termind DLP and Teramind UAM with 4.1 and 4 out of 5) to praise Teramind’s award-winning platform.



For more information, you can visit https://www.teramind.co/ or content us (email: info@udshk.com / Tele: +852 2851 0271).





2021.05.17 QI-ANXIN(奇安信) appointed UDS Data Systems as their authorized partner in Hong Kong



             
QI-ANXIN Technology Group Inc. (hereinafter referred to as QI-ANXIN, China Main board stock code 688561) was founded in 2014 and specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses. With its continuous commitment to R&D innovation and security capabilities centered on actual offensive and defensive, the company has grown to be a domestic leading cybersecurity provider with its strength built on big data, artificial intelligence and security operation technology. QI-ANXIN is the Official Cyber Security Services and Anti-Virus Software Sponsor of the Olympic and Paralympic Winter Games Beijing 2022. The company has also established business presence outside Chinese mainland, such as in Hongkong, Indonesia, Singapore, Canada etc.




QI-ANXIN  is one of the largest cybersecurity enterprises in China. It is known for its groundbreaking achievements in the fields of big data and security intelligence, terminal security protection, security operation and emergency response. It has long been committed to providing business-level cybersecurity technology, products and services to governments, enterprises and education & financial institutions, and safeguarding the cybersecurity of government, corporate and individual users in an all-round manner.



Effective from Sept of 2020, UDS carries full range of QI-ANXIN cybersecurity products, solutions and services. “We believed QI-ANXIN, not only brings us the product and services, but also the Mainland China made state of art arts cybersecurity experience and end to end solutions to our value customers in Hong Kong” said by Frankie Leung, Director of UDS Data Systems Ltd.






2021.05.10 Our Director of Security Services, Mr. Paul Chow delivers a talk in Cybersec Infohub about Mobile Apps - Secure by Design


             




Cybersec Infohub is going to organize an online Technical Professional Workshop on 28 May 2021 (Fri) titled "Secure and Protect Your Customer-facing Applications" to share latest attack and protection toward website and mobile apps.
 
Cybersec Infohub Technical Professional Workshop - Secure and Protect Your Customer-facing Applications
 
Organizer: The Office of the Government Chief Information Officer (OGCIO)/ Hong Kong Internet Registration Corporation Limited (HKIRC)
 
Date: 28 May 2021 (Fri)
Time: 15:00 - 16:00
Format: Zoom Webinar
Language: Cantonese
Target audience: Technical staff such as security professionals, application developers, application administrators, project manager etc.

Time
Topic
Guest Speaker
15:00 – 15:20
Importance of Regular Health Check of Your Web Application
•    Demo on vulnerability scanning

HKIRC
15:20 – 15:40
Latest Attack Targeting Web Application
-           Demo on latest attack tactics / exploit vulnerabilities
-           Most common issues on web applications
Mobile Apps - Secure by Design
-           Points to note on security by design
-           Mobile app security testing / hacking demo
UDomain Web Hosting Company Limited (TBC)
15:40 – 16:00 Mobile Apps - Secure by Design
-           Points to note on security by design
-           Mobile app security testing / hacking demo
Paul CHOW
CISSP, CEH, OSWP, CDPSE
Security Researcher
Mobile Security Research Lab (an UDS Security Research Lab)

About Cybersec Infohub

Cybersec Infohub is a partnership programme jointly administered by the Office of the Government Chief Information Officer (OGCIO) and the Hong Kong Internet Registration Corporation Limited (HKIRC) to promote closer collaboration among local information security stakeholders of different sectors to share cyber security information and jointly defend against cyber attacks.



2021.03.18 UDS strengthen its Mobility Portfolio by adding Zello Push-to-Talk Solution
                                                                                                                                                   


The Leading Push-to-Talk App. Zello is the highest rated push-to-talk app, connecting 150 Million users globally, empowering frontline workers, teams, and communities through instant and crystal-clear voice messaging.



UDS Data Systems Limited (UDS) is proud to announce that we are now the Distributor of Zello Push-to-Talk (PTT) Business Solution in Hong Kong, Macau & China targeting the Government and Enterprise market. Zello PTT solution is available on both On-Premises and Cloud.

About Zello

Zello is the leading push-to-talk(PTT) voice messaging app for teams and businesses worldwide, turning iOS, Android, and Windows devices into walkie-talkies that also record messages, track location, and send emergency alerts. Account administrators add, remove, and group together teams through a centralized, web-based management console. Channels are flexible to suit the needs of each customer, especially those in the hospitality, manufacturing, construction, transportation, and retail industries. Zello is ideal for businesses with deskless workers, field workers, remote workers, and lone workers. Use cases in this category include hotels with various staff members, construction crews on noisy job sites, and retail salespeople on the sales floor. Join the millions of Zello users who communicate in real-time over any wireless or data network to share updates, connect in emergencies, and solve problems.

Zello serves thousands of businesses and has more than 150 million users worldwide. Current customers include Honda, Restoration Hardware, Starwood/Marriott Hotels, Uniqlo, Waste Management (WM), and YRC Freight. Zello is recognized as a reliable communication solution by reputable sources like the Wall Street Journal, the New York Times, CBS, CNBC, USA Today, and TechCrunch. In Hong Kong, there are more than 400K active users using Zello Push-to-Talk App to communicate especially in the Taxi Industry.

The Zello Push-to-Talk Enterprise Solution Modules

Base Service Plan with Central Management Console:  Each Zello Business Customer will have a Centralize Cloud Management Console. Administrator can Manage your users, channels, setting and assign team members to channels from the web. The following are optional add-on modules:

Message Vault:  Message Vault is the Zello add-on feature that saves all user and channel communication to the cloud for up to two years. If your organization requires archival and retrieval of messages, you should consider adding the Message Vault feature to the base plan. You can perform these tasks within Message Vault:

  - Filter by date, recipients, individuals, channels, and type of message
  - Play voice messages, open images and read text alerts
  - Download voice messages/images or export metadata.

Emergency Alerts: The Emergency Alert add-on feature is meant to be used during emergency situations by users in distress. In an emergency, users can press a button to alert a group of people of their situation. All Zello contacts have this button available on each talk screen, and emergency calls will be managed from the designated emergency channel. When the emergency mode is triggered:

  - The channel will automatically record 10 seconds of uninterrupted audio for the user who presses the emergency button.
  - The location of the user who pressed the Emergency button will automatically be shared with the Emergency channel.
  - All other messages sent to anyone placed in Emergency mode will be marked as missed and placed in History.
  - Only the user who initiated the Emergency mode may end the Emergency mode.
  - Other users who may also find themselves in distress can initiate Emergency mode via a different channel or Ad-hoc channel and will be transferred into the         Emergency channel.

Premium Maps: Premium Maps is an optional add-on to your ZelloWork push-to-talk base plan allowing you to track your Android and iOS users from the Map in the Zello Management Console. Search for the location of specific team members by username, or select them directly from the map. Configure live location tracking update intervals to suit your needs – from five seconds to precisely track movements on foot, up to five minutes to save battery life. Quickly identify inactive team members with color-coded status indicators. Premium Maps includes:

  - Live Location
  - Location History with breadcrumbs
  - Real-time Traffic
  - Google Maps

Zello Enterprise Server: Zello PTT can work on-premise server solution operates even when Internet access is unavailable or unreliable. Zello with local intranet works well anywhere from an isolated warehouse to the outskirts of the city.

About UDS Data Systems Limited

UDS is an IT solutions provider specialized in Big Data, Value Added Cloud Services, Mobility Solutions & Information Technology Security. Our comprehensive end-to-end security solutions and professional services help enterprises to build their next-generation systems securely. Beside Information Technology Security, we are also well known by our customers and our Telecom & IT partners on our expertise on Apple iOS, Android, EMM/MDM (Mobile Device Management) products & related solutions. Since 2008, our Mobility Products/Solutions Team has successfully helped many Corporations and Government Departments in Hong Kong, Macau and China to implement Mobile Solutions on more than 100,000 Devices.

SEE Zello Push-to-Talk in Action


Please contact our Product/Solution Director Norman Chan (Mobile #: +(852)-90724718 or Email: normanchan@udshk.com) if you are interested in learning more about the Zello ways to improve your Communications, Productivity and Management.





2021.02.19 UDS provides supporting service for Courses of Cyber Range Training Centre that adopting HKGov programme – IT-Lab

We are pleased to announce that UDS Data Systems Ltd. provides consulting service on how to adopt information technology for education sectors, providing the IT-Lab courses that fulfills the requirements that are eligible to apply for funding under HKGOV initiative, “IT Innovation Lab in Secondary Schools” (IT Innovation Lab) initiative under the existing scheme "Enriched IT Programme in Secondary Schools” (EITP).

For IT-Lab courses outline that providing by Cyber Range trainer center, please check the links below:

URL: https://cyberrange.hk/IT-Innovation-Lab-IT-Lab/

· Cybersecurity Essential
· Introduction to CTF
· IOT Security
· IOT Lab




Enquiry / Registration:
Please contact us at (852) 28510271 for further details.



22020.12.18 
Secure Your Everything: Recommendations on recent incident from SolarWinds




1. Reset passwords of local SolarWinds users and follow all updates released from SolarWinds as the first step
2. Make sure you have updated your software patch with the latest version, click here to learn more on our response to SolarWinds supply chain attack
3. If you want to check on the security level of your organization, contact Check Point’s Incident Response (IR) Team through UDS Data Systems Ltd. and conduct a "Compromise Assessment Service"





2020.12.03 UDS provides service that adopting several programme – D-Biz, TVP, RTTP

We are pleased to announce that UDS Data Systems Ltd. provides consulting service on how to adopt information technology for business, that fulfills the requirements that are eligible to apply for funding under the Distance Business (D-Biz) Programme, Technology Voucher Programme (TVP) . For Reindustrialisation and Technology Training Programme(RTTP), UDS registered as a qualified course provider. For more detail, please check the links below:

a)    Distance Business Programme D-Biz
Each eligible enterprise may receive total funding of up to HK$300,000 to undertake a project to be implemented within six months.

b)    Technology Voucher Programme TVP
Each eligible applicant may receive a cumulative funding ceiling per enterprise/organisation: HK$600,000 for a maximum of six projects.

c)    Reindustrialisation and Technology Training Programme RTTP
Each eligible company may be subject to a funding ceiling of HK$500,000 in each financial year for training their staff in advanced technologies.



Enquiry / Registration:
Please contact us at (852) 28510271 for further details.



2020.11.10 Cyber Range Training Centre  Training Courses and Workshops

Cyber Range Training Centre (CRTC), powered by Cyberbit Limited, the world’s leading incident response platform widely adopted by enterprises, governments, academic institutions and MSSPs around the world, is the first IT security defense training centre equipped with the latest and largest scale of simulation system in Hong Kong.

Besides hyper-realistic Blue Team training courses, CRTC regularly offers a series of IT security certification training courses and workshops at its centre. These courses can even be tailor-made to meet your business needs. Please check out our latest courses and schedule at https://cyberrange.hk/schedule/. CRTC and UDS Data Systems Limited collaborates to apply RTTP Training Programs such as Security Awareness Training – Anti Phishing Workshop. More and more courses will be under the RTTP funding in future.

Course: Business Continuity Professional Essential (BCPE)
Description: Business Continuity Planning (BCP) is critical to the success of businesses and Industry 4.0 adoption. BCP is used to create and validate a practiced plan for how an organization will recover and restore partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption. The Coronavirus (COVID-19) virus outbreak is impacting businesses all over the world. Whether the operations might already greatly affect, or the impacts are yet to be felt, a business continuity plan is essential to ensure that it can be as resilient as possible in this global health crisis. This course will cover this topic and will provide the method to archive Business Continuity in Industrial 4.0.

Course: Certified Ethical Hacker (CEH)
Description: A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. This course will immerse you into the hacker’s mind-set so that you will be able to defend against future attacks. The security mind-set in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.

Course: Certified Information Systems Auditor (CISA)
Description: The Certified Information Systems Auditor (CISA) is a globally recognized standard of achievement among information systems (IS) audit, control and security professionals. For Cyber Security professionals who are interested in the field of audit, CISA certification by ISACA is the leading credential to achieve. In order to face the dynamic requirements of meeting enterprise vulnerability management challenges, this course covers the auditing process, in-depth, to ensure that you have the ability to analyse the state of your organization and make changes where needed.

Course: Certified Information Systems Security Professional+ (CISSP+)
Description: The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP+ validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. After completing this course, student will be able to handle the exam of CISSP.

Course: Certified Information Security Manager (CISM)
Description: The Certified Information Security Manager (CISM) is an advanced certification that provides validation for individuals who have demonstrated they possess the knowledge and experience required to develop and manage an enterprise information security program. Recent studies consistently rank CISM as one of the highest paying and sought after IT certifications. Our course can help with your professional development and also provides executive management with assurance that you have the required experience to provide effective security management and consulting services. Our intensive training is based on the ISACA framework, which has five domain areas that relate to the role of a CISM. You will learn about each of these domains in detail, giving you the knowledge and skills to develop and manage a resilient information security program.

Workshop: Anti-Phishing Workshop
Description: This is an interactive anti-phishing workshop that helps you understand how phishing attacks work, the tactics that cyber criminals employ, how to spot and avoid a potential attack and most importantly you’ll be improve yourself and less vulnerable to phishing attacks.

With the vision of being recognised as the first choice for security training by our clients, CRTC’s professional training programmes are instructed by our elite experts in cyber security industry with various certifications, qualifications and experience.

Trainer: Mr. Eric Moy


Trainer: Mr. Frankie Leung


Trainer: Mr. Michael Chow


Trainer: Mr. Paul Chow


Enquiry / Registration:
Please contact Mr. Bread Wong at bwong@cyberrange.hk or (852) 28510271 for further details.






2020.11.09 Cyber Range Training Centre & UDS jointly support RTTP Training Program – Anti-Phishing Workshop

 

 



Cyber Range Training Centre and UDS Data Systems Ltd. jointly support RTTP Training Program by launching Security Awareness Training – Anti Phishing Workshop. The objective of the workshop is to help candidates understand how phishing attacks work, the tactics that cyber criminals employ, how to spot and avoid a potential attack and most importantly you’ll be improving yourself and less vulnerable to phishing attacks.



Date: 9th Nov 2020

Time:
9:30am – 12:30pm

Workshop of Delivery:
Online Instructor-Led deliver thru Zoom video conferencing platform

Prerequisites:  Prepare your own smartphone/ laptop/ using internet / email service experience

Suggested Course Fee: HK$1200/person (By applied RTTP training grant, HK$400/person ONLY)

Quiz will be provided as a knowledge check that allows re-take if needed. Award of Certificate will be provided as a kind of qualification to enlighten a candidate's career portfolio.

Click here for download workshop detail (pdf/836KB)           

Training grant


Companies interested in applying for a training grant for their employee(s) to attend registered public courses should submit the application via online system at least two weeks before course commencement. A list of registered public courses is available for reference. For tailor-made courses, companies should apply for course approval and training grants in one go.

Click here for FAQ of RTTP(pdf/19KB)
Click here for Training grant detail






2020.09.10   Next-Generation Blue Team Workshop











EVENT DETAILS

 
Date:
16 Sep 2020 (Wed)
or
14 Oct 2020 (Wed)
 
Time:
9:00AM – 6:00PM
 
Venue:
ACW Office
Room 2108, Island Place Tower
510 King's Road
North Point
 
Medium of Instruction:
Cantonese with
English terminology
 
Trainers:
 
Eric Moy

Technical Manager of UDS and
Range Instructor of Cyber
Range Training Centre Limited     
 
Paul Chow
 
Senior Consultant
UDS Data Systems Ltd
 
Matthew Wan
 
Channel Systems Engineer
Palo Alto Networks



Confirmation email with details will be sent after successful registration.



This Next-Generation Blue Team (NGBT) training workshop provides a unique experience for the participants to learn individually and as a team by actually battling an adversary in real time, in a technical terrain emulating a realistic enterprise environment.
 
Under various attack scenarios, the participants will get hands-on experience working with various tools to analyze and respond to cyberattacks happening in the environment. Our instructors will direct the blue team step by step in uncovering the attacker’s techniques and footprints, and then work to eradicate the adversary from the compromised system. Moreover, participants will have firsthand experience with the latest security operations (SecOps) technologies like SOAR*, which can be utilized to take incident response to the next level.

* Security Orchestration, Automation and Response
 
Objectives
 
Through real-time attack scenarios like “web defacement” and ransomware, we will demonstrate how cyberattack incidents should be handled.
 
During this workshop, participants will:
 
    •    Learn the standard incident response (IR) process
    •    Find out how to respond when an incident occurs
    •    Share knowledge and responsibilities within a team
    •    Advance their skills on servers and network forensics
    •    Gain hands-on experience with brute-force, web defacement, ransomware, etc.
    •    Understand how to use tools like Cortex™ XSOAR improve the (IR) process
     
Agenda:
 
AM Session:
 
    •    Introduction by CyberRange
    •    Web defacement & ransomware showcase
    •    Product Introduction of Palo Alto Networks
      
PM Session:

    •    Hands-on Lab with XSOAR playbook design

 Should you have any questions, please feel free to contact us 28510271, thanks.





2020.07.02   UDS carries xSecuritas Products

About xSecuritas


               




xSecuritas, Inc. is a company that develops systems related to security. Most security programs are targeted at the enterprise, but xSecuritas wants to distribute the best security programs to its small business or personal as well.



Screen Watermarks
Display a Watermark in your PC DISPLAY and SCREEN. Your confidential documents and internal applications will have the screen watermark. Even when people taking video or photos of the screen, the Watermark is still shown up. You can display the desired watermark on the screen. This screen watermark does not affect operation of other programs.



Functions
  •  • Displays watermark on the monitor.
  •  • Dual monitor support
  •  • The watermark displayed on the monitor has no effect on existing programs, ie there is no restriction on operations such as mouse clicks.
  •  • Supports watermark font, size, colour, transparency, location, etc.
  •  • Watermark support
  •      • Up to 4 text watermarks
  •      • Up to 4 image watermarks

Screen Watermarks Enterprise Edition
 • Policy concept add to the Screen function. 
 • The administrator creates screen watermark policies to be distributed to groups or users using Web Console. (You can create multiple watermark policies)
 • The same policy can be applied to all users, or each policy can be applied to each group or user.
 • Even if the agent program is running, the watermark may not be displayed by the policy.
 • The administrator can set the policy applied when logging on to AD, SSO, or agent programs. The administrator can also set the policy applied when logging off.

For more information
You can visit https://www.xsecuritas.com/screen-watermark/ or contact CC Chau (ccchau@udshk.com) for further information.




2020.03.23 Certified EC-Council Instructor

 
Congratulations to Mr. Eric Moy.  He received the Certified EC-Council Instructor (CEI) from EC-Council from Mar 2020. 



    

The Certified EC-Council Instructor (CEI) program is designed for individuals who want to become certified to deliver EC-Council's suite of professional certification programs. The CEI program provides resources for individuals to become industry-recognized trainers specializing in the field of information security.


    


The International Council of Electronic Commerce Consultants is a professional organization that certifies individuals in various e-business and information security skills. The EC-Council is headquartered in Albuquerque, New Mexico. In 2003, EC-Council was founded by Haja Mohideen and Jay Bavisi.


The International Council of Electronic Commerce Consultants is a professional organization that certifies individuals in various e-business and information security skills. The EC-Council is headquartered in Albuquerque, New Mexico. In 2003, EC-Council was founded by Haja Mohideen and Jay Bavisi.







2020.02.16
Ways to improve your network architecture ROI and network visibility



    

A compelling ROI analysis is the difference between a successfully funded IT project, and one that gets cancelled. This is especially true for relatively new technologies that are not well understood by IT management.


 

By reading the e-book, you’ll learn five different ways you can use network packet brokers (NPBs) to improve your network architecture ROI:

1.    Saving total cost of ownership
2.    Expedite troubleshooting
3.    Detect breaches faster
4.    Reduce the processing burden on your existing tools
5.    Extend tool life after a network upgrade
6.    Streamline regulatory compliance

IXIA Network visibility solutions are a powerful way to optimize your network monitoring architecture and strengthen your network security. There are many use cases that can be deployed to solve or enhance issues that IT monitoring and security engineers face. The key point is to implement a visibility architecture that creates the fundamental capture and sharing of the valuable data that is needed.


Use cases based upon a visibility architecture will allow you to do the following:

   *  Access the data you need, when you need it, across the network to properly diagnose problems
   *  Add/remove security, forensic, and monitoring tools at will for inline and out-of-band monitoring architectures
   *  Decrease mean time to repair
   *  Provide a rapid response to crises
   *  Conduct advanced threat analysis
   *  Eliminate most, if not all, Change Board approval processes and crash carts for monitoring effort
   *  Reduce the cost of a breach by connecting tools to the network faster and decreasing the associated MTTR
   *  Reduce your tool (and SPAN) port programming effort and costs
   *  Create an architecture that allows you to deploy new inline and out-of-band monitoring solution

Should you have any questions, please feel free to contact us 28510271 or Bread Wong ( breadwong@udshk.com). Thanks.




2020.02.10 Illumio, a cybersecurity leader delivering segmentation solutions, prevents the spread of breaches inside data center, container and cloud environments


     

The Illumio ASP delivers segmentation to prevent the spread of breaches, and to meet regulatory compliance standards such as SWIFT, PCI, and GDPR. Because the perimeter doesn’t stop all bad actors from getting inside data center and cloud environments – or even through to your containers - segmentation from Illumio restricts access to critical systems to only authorized entities. 

Gain visibility and control of containers. Illumio’s ASP delivers a full range of segmentation for containerized hosts:



          ·    Centralize visibility of containers alongside other compute environments – gain a single view across containerized workloads and bare metal, virtual machines, private and public cloud - because you can’t protect what you can’t see.
 
          ·    Enforce uniform policy across containers – and everything else – segment containers along with the rest of your overall data estate, with unified policy, regardless of the environment.

See how to secure your containerized applications running in OpenShift or Kubernetes using Illumio's Adaptive Security Platform.

Demo video example: https://www.illumio.com/resource-center/product-demo-illumio-for-containers?hsLang=en
 
Should you have any questions, Please feel free to contact Bread Wong ( breadwong@udshk.com ) for more information.







2019.01.16 Thales Vormetric Transparent Encryption for Splunk Repositories, Databases, Files and Disks

 
With advanced persistent threats (APTs) now common, hackers are actively seeking to steal credit card data, personally identifiable information (PII), critical intellectual property (IP), and other legally protected information to sell to the highest bidder. Some of the most effective tools for fighting these attacks are the security intelligence and threat detection capabilities of SIEM solutions, such as Splunk.


Here there is a recommended solution for you to consider.


Vormetric Transparent Encryption (VTE) delivers data-at-rest encryption with centralized key management, privileged user access control, and detailed data access audit logging that helps organizations meet compliance and best practice requirements for protecting data, wherever it resides. The FIPS 140-2 level 1 validated VTE agent resides at the operating file-system or device layer on a server that has Splunk software installed, and encryption and decryption is transparent to all applications that run above it. VTE provides rich access controls, which allow organizations to determine who can access data, when they can access it, and what type of access they have.





Vormetric Transparent Encryption agents are distributed and optimized for specific file system and encryption acceleration hardware across servers, resulting in very low latency and overhead. Agents employ logic and fine-grained policies defined by the DSM to evaluate attempts to access protected data, and then grant or deny access; all activities taking place around the protected data are logged. The agents have been deployed in tens of thousands of servers, making them the right solution for Splunk Enterprise Big Data requirements.


For more details, please contact UDS Data Systems Ltd at (852) 2851 0271 or email to breadwong@udshk.com






2020.01.07 Switch to Sophos Intercept X Advanced




By combining cutting-edge technologies including deep learning and endpoint detection and response, Intercept X delivers unmatched protection against unknown malware, exploits, and ransomware.          
    
•    Proven protection: Intercept X consistently receives top marks in third-party endpoint protection tests.     
           
•    Unmatched defenses: With Sophos, you get features not available with other vendors, including:    
    •    CryptoGuard, which uses behavioral analysis to stop never-before-seen ransomware     
    •    Exploit prevention, blocking more exploit techniques than anyone else    
           
•    Easier management: You can manage and protect all your devices through a single, cloud-native console.



Offer 2 comes with one year of Network Protection and Enhanced Support.
 
* Terms and Conditions of Offer 1 and 2:
>    Valid from 16th December 2019 to 29th February 2020.
>    Valid for a three-year subscription of Sophos Intercept X Advanced only.
>    In offer 2, the free XG appliance, Network Protection, and Enhanced Support are part of a one-year license. This license will commence simultaneously with the start of the Intercept X Advanced license.
>    Not applicable for renewals.
>    Valid for Hong Kong and Macau only.
>    ACW Distribution reserves the right to change this offer at any time without notice.


http://www.acw-group.com.hk/acw_distribution/promotions/SO_201912EPE_UDS.html
     
For more details, please contact UDS Data Systems Ltd at (852) 2851 0271 or email to breadwong@udshk.com





2019.12.16 Demisto - a comprehensive Security Orchestration, Automation and Response (SOAR) Platform



    
Demisto, a Palo Alto Networks company, is a comprehensive Security Orchestration, Automation and Response (SOAR) Platform that combines orchestration, incident management and interactive investigation to serve security teams across the incident lifecycle with a seamless experience. With Demisto, security teams can standardize processes, automate repeatable tasks and manage incidents across their security product stack to improve response time and analyst productivity.
 
Demisto's orchestration engine automates security product tasks and weaves in human analyst tasks and workflows. Demisto Enterprise, powered by its machine learning technology, acquires knowledge from the real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. The platform (and you) get smarter with every analyst action. With Demisto, security teams build future-proof security operations to reduce MTTR, create consistent incident management processes, and increase analyst productivity.




KEY BENEFITS
 
1.Consistent, transparent, and documented processes
   •   Playbook-driven response actions and investigation queries.
   •   Auto-documentation of all investigations and historical searches.
   •   Automatic detection of duplicate investigations.
   •   Search across investigations, indicators, and evidence.

2.Quicker resolution times and better SOC efficiency
   •   Customizable playbook portfolio to automate redundant and repeatable steps.
   •   Virtual “War Room” for joint, real-time investigations.
   •   Granular tracking of incident and analyst metrics.

3.Improved analyst productivity and enhanced team learning
   •   Visual maps of related incidents for quick detection of duplicates.
   •   Real-time collaboration and unstructured investigation support.
   •   ML-powered insights for task-analyst matching, ownership, and response actions.
   •   Mobile application for on-the-go case management.

4.Flexible and scalable deployment
   •   Solution available as cloud-hosted or on premise deployment.
   •   Supports full multi-tenancy with data segregation and scalable architecture.
   •   Engine proxy to handle segmented networks.
   •   Multi-tier configurations for improved load management.

For further information about Dimasto, please contact Mr Bread Wong of UDS Data Systems Ltd (BreadWong@udshk.com, Tel  +852 2851 0271) for details.





2019.12.02 Android 'spoofing' bug helps targets bank accounts


 

The loophole was found when a security firm probed how bad apps stole cash.

A "major" security weakness in Google's Android software has let cyber-thieves craft apps that can steal banking logins, a security firm has found.

The bug lets attackers create fake login screens that can be inserted into legitimate apps to harvest data.

More than 60 financial institutions have been targeted by the technique, a survey of the Play store indicated.

Google said it had taken action to close the loophole and was keen to find out more about its origins.

"It targeted several banks in several countries and the malware successfully exploited end users to steal money," said Tom Hansen, chief technology officer of Norwegian mobile security firm Promon, which found the bug.

Lurking threat

The problem emerged after Promon analysed malicious apps that had been spotted draining bank accounts.

Called Strandhogg, the vulnerability can be used to trick users into thinking they are using a legitimate app but are actually clicking on an overlay created by the attackers.
"We'd never seen this behaviour before," said Mr Hansen.

"As the operating system gets more complex it's hard to keep track of all its interactions," he said. "This looks like the kind of thing that gets lost in that complexity."

Promon worked with US security firm Lookout to scan apps in Android's Play store to see if any were being abused via the Strandhogg bug.

They found that 60 separate financial institutions were being targeted via apps that sought to exploit the loophole. Lookout said it found criminals used variants of a well-known malicious money-stealing app known as bankbot.

In a statement, Google said: "We appreciate the researchers' work, and have suspended the potentially harmful apps they identified."

It added: "Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues."

Promon's chief technology officer welcomed Google's response, as he said many other apps were potentially exploitable via the spoofing bug. But he noted that it still remained possible to create fake overlay screens in Android 10 and earlier versions of the operating system.

Source: https://www.bbc.com/news/technology-50605455





2019.08.06 UDS Supporting RTTP Training Program – Anti-Phishing Workshop

 


UDS support RTTP Training Program by launching Security Awareness Training – Anti Phishing Workshop. The objective of the workshop is to help candidates understand how phishing attacks work, the tactics that cyber criminals employ, how to spot and avoid a potential attack and most importantly you’ll be improve yourself and less vulnerable to phishing attacks.



Date:
12th Sep 2019

Time: 2:30pm – 5:30pm

Venue: Theatre 2, 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong

Prerequisites:  Bring your own smartphone/ Using Internet / email service experience

Suggested Course Fee: HK$1200/person(By applied RTTP training grant, HK$400/person ONLY)
Quiz will be provided as knowledge check that allows re-take if needed. Award of Certificate will be provided as kind of qualification to enlighten candidate career portfolio.

Click here for download workshop detail (pdf/216KB)

Training grant
Companies interested in applying for training grant for their employee(s) to attend registered public courses should submit the application via online system at least two weeks before course commencement. A list of registered public courses is available for reference. For tailor-made courses, companies should apply for course approval and training grants in one go.

Click here for FAQ of RTTP (pdf/19KB)

Click here for Training grant detail



2019.08.06 好消息!  (Chinese Only)
 


好消息!

 

中國的註冊信息安全專業人员認證課程 Certified Information Security Professional (CISP)及註冊信息系統審計師課程China Certified Information System Auditor(CISP-A)將會在8月底首次在香港及深圳舉行,透過再工業化 及科技培訓計劃(RTTP),UDS Data Systems Ltd 聯同 Cyber Range Training Centre成功取得上述課程於香港政府RTTP計劃獲資助三分二的學費,原價港 幣24,000(包含考試費用),RTTP計劃資助港幣16,000,個 別課程實際學費為港幣8,000。UDS是這課程的代理。機會難逢,萬勿錯過!

甚麽是RTTP Reindustrialisation and Technology Training Program (RTTP)?

再工業化及科技培訓計劃 (RTTP) 是香港創新及科技基金下的一個資助計劃,以2:1的配對形式資助本地企業人員接受 高端科技與「工業4.0」有關的培訓。每間公司每一個財政年度的資助上限 為港幣五十萬元。Cyber Range Training Centre於2019年的課程中設有兩個課程CISP-A和CISP並獲得 RTTP資助。

甚麽是注册信息安全專業人员 (CISP)及註冊信息系統審計師 (CISP-A)?

注册信息安全專業人员Certified Information Security Professional (CISP)為中國信息安全測評中心(CNTISEC)依據中國編辦批准開展“信 息安全人員培訓認證”之一, 其職能為實施信息安全專業人員的資質認定。CISP是國家對信息安全人員資質最高 認可。而CISP也可以說是國內版的CISSP認證。

註冊信息系統審計師China Certified Information System Auditor (CISP-A)

是由中國信息安全測評中心根據中央編辦授權,於2016年推出的國家註冊信息系統 審計師認證制度。信息系統審計是國家網絡空間安全保障戰略中的重要環節,是第三道 防線。將審計崗位和控制措施崗位獨立分開,是網絡安全策略中“職責分離”的重要要 求。國家註冊信息系統審計師的職責是執行審計以判斷信息系統控制措施的設計有效性 和執行有效性,並提供審計改進意見。持有信息系統審計師證書體現了證書持有者在信 息系統審計,安全與控制等方面的綜合實際能力。而CISP-A也可以說是國內版的 CISA認證。

為甚麼我們要需要這些認證?

隨著《中華人民共和國網絡安全法》的頒布實施,要求各相關機構定期對從業人員進行 網絡安全教育、技術培訓和技能考核”的義務。作為信息安全顧問或系統集成商,在國 內必須具備的是CISP和CISP-A。兩個認證都是由中國信息安全測評中心認 證,在國內安全行業與“一帶一路”的建設還是相對有很大優勢,尤其是乙方安 全從業者,項目投標首選證書,有一些中資機構在香港的辦事處或支部也 遵從國家的信息安全的標準,要求其從業員或供應商要具備CISP或CISP-A的 認證方可參與有關的資訊安全的項目。

為了配合各機構進行信息科技風險防範“三道防線”建 設,培養信息系統審計專業技術隊伍,提高信息系統審計人員執業能力,真正建立起 “關鍵信息基礎設施第三道防線”,中國信息安全測評中心自2017年開始,正式推 出“CISP-A註冊信息系統審計師”培訓考試制度,並於同年內推出了“信息系統 審計服務機構”資質認證制度。

中國信息安全測評中心(CNITSEC)是甚麼 機構?

中國信息安全測評中心是中國專門從事信息技術安全測試和風險評估的權威智能機構。 對信息安全專業人員的資質能力進行考核,評估和認定。信息安全人員測評與資質認 定,主要包括註冊信息安全專業人員(CISP), 及註冊信息系統審計師 (CISP-A), 信息安全意識培訓。

認證對象:國家信息安全測評機構、信息安全諮詢服務機構、社會各組 織、團體、企事業單位中從事信息安全服務或高級安全管理工作的人員、企業信息安全 主管、信息安全服務提供商、IT或安全顧問人員、IT審計人員、信息安全類講師或 培訓人員、信息安全事件調查人員、其他從事與信息安全相關工作的人員(如系統管理 員、程序員等)。

講師簡介 

CISP:张老师:信息安全領域資深高級講師/諮詢顧 問, 中國信息安全測評中心授權CISI講師. 為山西太原軟件協會、雲浮教育局、廣東藥監局、廣東省財政廳、南沙檢察院、深圳市 政府、深圳市網絡中心、深圳市科委、深圳信息技術學院、深圳農商銀行、東 莞電力、華南師範大學、廣州開放大學、北京師範大學珠海分校、第一創業證券、寶盈 基金、鼎和財保、國投瑞銀等多家企業、學校的信息安全管理理念、信息安全管理體 系、風險管理、信息安全意識宣貫培訓、網絡安全法解讀、業務連續性管理(BCM) 等課程設計、教材編寫和課程主講等工作。

CISP-A:廖老師:信息安全專業人員,副教授,北 京航空航天大學博士,中國信息安全測評中心特約講師,為中國人民銀行、交通部、國 家稅務總局、教育部、中國石化集團公司、國家電網公司、國家機關工委、中軟集團等 國家政府機構、大學國有企業提供各類安全諮詢服務和培訓項目。作為高級信息安全顧 問,主要負責諮詢信息安全類服務項目規劃、審計評估項目組織和執行、登記保護和信 息技術服務體系建設等。

授課語言

普通話,教材為簡體中文字。

註冊要求

1. 教育與工作經歷:碩士或研究生以上,具有1年工作經歷:或本科畢業,具有2年工作 經歷:或大專畢業,具有4年工作經歷。
2. 專業工作經歷:至少具備1年從事信息安全有關的工作經歷。
3. 培訓資格:在申請註冊前,成功地完成了CNITSEC或其授權培訓機構組織的註冊 信息安全專業人員培訓課程相應資質所需的分類課程,並取得培訓合格證書。
4.通過有CNITSEC舉行的註冊信息安全專業人員考試。

CISP考试模式
CISP及CISP-A考试题型為單選選擇題共100题,每题1分,得到70分或 以上為通過, 時間為三個小時。

培訓日程安排及教學內容(CISP)


日期

時間

課程

地點

1

2019831

09:00-12:00

14:00-18:00

信息安全保障

網絡安全監管

香港

2

201991

0900-12:00

14:00-18:00

信息安全管理

信息·安全支撐技術

3

201997

09:00-12:00

14:00-18:00

業務連續性

安全评估

4

201998

09:00-12:00

14:00-18:00

安全工程與運營

軟件安全開發

5

2019914

09:00-12:00

14:00-18:00

計算環境安全

物理環境與網絡通信安全(模擬考試,所有考試務必出席)

深圳南山

6

2019916

09:30-11:30

考試

深圳南山


日期

時間

課程

地點

1

2019831

09:00-12:00

14:00-18:00

信息安全管理基礎與管 理體系

信息安全風險管理

香港

2

201991

0900-12:00

14:00-18:00

密碼學基礎

安全漏洞與惡意代碼基 礎

3

201997

09:00-12:00

14:00-18:00

信息系統審計基礎

信息系統審計方法

4

201998

09:00-12:00

14:00-18:00

信息系統審計實務

信息系統安全審計實務

5

2019914

09:00-12:00

14:00-18:00

信息系統審計案例(模擬考試,務必出席)

深圳南山

6

2019916

09:30-11:30

考試

深圳南山


證書
由中國信息安全測評中心發出之認證

注册信息安全專業人员Certified Information Security Professional(CISP)

註冊信息系統 審計師China Certified Information System Auditor(CISP-A)