BCS Foundation Certificate in Information Security Management Principles (CISMP) 4 day ( bcscismp4 | 28 hours )

There are no formal entry requirements however, the candidate should have basic working IT knowledge and an awareness of the issues involved with the security control activities.

Who is it for:

Anyone with an interest in information security, whether as a career or for general business knowledge.

This certificate is relevant to anyone requiring an understanding of Information Security Management Principles as well as those with an interest in information security either as a potential career or as an additional part of their general business knowledge. It is very much a firm foundation on which other qualifications can be built or which provides a thorough general understanding to enable organisations to begin to ensure their information is protected appropriately.

What will I learn:

Candidates should be able to demonstrate: 

• Knowledge of the concepts relating to information security management. 
• Understanding of current national legislation and regulations which impact upon information security management. 
• Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security.  
• Understanding of the current business and common technical environments in which information security management must operate. 
• Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics. 

Note: This is the four day course which adds one additional day to the standard delivery to provide more time for exam preparation and practice exercises.

The syllabus includes training objectives, details of modules and a recommended reading list:

The latest syllabus

1. Information Security Management Principles

• Identify definitions, meanings and use of concepts and terms across information security management.
• Explain the need for, and the benefits of information security

2. Information Risk

• Outline the threats to and vulnerabilities of information systems
• Describe the processes for understanding and managing risk relating to information systems - strategic, tactical, operational

3. Information Security Framework

• Explain how risk management should be implemented in an organisation
  • The organisation’s management of information security
  • Organisational policy, standards and procedures
  • Information security governance
  • Information security implementation
  • Security incident management
• Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management
• Common, established standards and procedures that directly affect information security management

4. Security Lifecycle

• The importance and relevance of the information lifecycle
• The stages of the information lifecycle
• The design process lifecycle including essential and nonfunctional requirements (architecture frameworks, Agile development, Service continuity and reliability)
• The importance of appropriate technical audit and review processes, of effective change control and of configuration management
• The risks to security brought about by systems development and support

5. Procedural/People Security Controls

• The risks to information security involving people (Organisational culture of security)
• User access controls that may be used to manage those risks

6. Technical Security Controls

• Technical controls that can be used to help ensure protection from Malicious Software
• Information security principles associated with the underlying networks and communications systems
  • Entry points in networks and associated authentication techniques
  • The role of cryptography in network security
• Information security issues relating to value-added services that use the underlying networks and communications systems
• Information security issues relating to organisations that utilise cloud computing facilities
• Operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure

7. Physical and Environmental Security Controls

• Physical aspects of security in multi-layered defences
• Environmental risks

8. Disaster Recovery and Business Continuity Management

• Differences between and the need for business continuity and disaster recovery

9. Other Technical Aspects

• Understanding of the principles and common practices, including any legal constraints and obligations, so they can contribute appropriately to investigations
• The role of cryptography in protecting systems and assets, including awareness of the relevant standards and practices

Note: This is the four day course which adds one additional day to the standard delivery to provide more time for exam preparation and practice exercises.

NobleProg is a BCS Accredited Training Provider.

This course will be delivered by an expert NobleProg trainer approved by BCS.

The price includes delivery of the full course syllabus by an approved BCS trainer and the BCS CISMP exam (which can be taken remotely in your own time and is invigilated centrally by BCS). Subject to successfully passing the exam (multiple choice, requiring a score of at least 65% to pass) participants will hold the accredited BCS Foundation Certificate in Information Security Management Principles (CISMP).