Course Outline

The syllabus includes training objectives, details of modules and a recommended reading list:

The latest syllabus

1. Information Security Management Principles

  • Identify definitions, meanings and use of concepts and terms across information security management.
  • Explain the need for, and the benefits of information security

2. Information Risk

  • Outline the threats to and vulnerabilities of information systems
  • Describe the processes for understanding and managing risk relating to information systems - strategic, tactical, operational

3. Information Security Framework

  • Explain how risk management should be implemented in an organisation
    • The organisation’s management of information security
    • Organisational policy, standards and procedures
    • Information security governance
    • Information security implementation
    • Security incident management
  • Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management
  • Common, established standards and procedures that directly affect information security management

4. Security Lifecycle

  • The importance and relevance of the information lifecycle
  • The stages of the information lifecycle
  • The design process lifecycle including essential and nonfunctional requirements (architecture frameworks, Agile development, Service continuity and reliability)
  • The importance of appropriate technical audit and review processes, of effective change control and of configuration management
  • The risks to security brought about by systems development and support

5. Procedural/People Security Controls

  • The risks to information security involving people (Organisational culture of security)
  • User access controls that may be used to manage those risks

6. Technical Security Controls

  • Technical controls that can be used to help ensure protection from Malicious Software
  • Information security principles associated with the underlying networks and communications systems
    • Entry points in networks and associated authentication techniques
    • The role of cryptography in network security
  • Information security issues relating to value-added services that use the underlying networks and communications systems
  • Information security issues relating to organisations that utilise cloud computing facilities
  • Operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure

7. Physical and Environmental Security Controls

  • Physical aspects of security in multi-layered defences
  • Environmental risks

8. Disaster Recovery and Business Continuity Management

  • Differences between and the need for business continuity and disaster recovery

9. Other Technical Aspects

  • Understanding of the principles and common practices, including any legal constraints and obligations, so they can contribute appropriately to investigations
  • The role of cryptography in protecting systems and assets, including awareness of the relevant standards and practices

 

Note: This is the four day course which adds one additional day to the standard delivery to provide more time for exam preparation and practice exercises.

 

NobleProg is a BCS Accredited Training Provider.

This course will be delivered by an expert NobleProg trainer approved by BCS.

The price includes delivery of the full course syllabus by an approved BCS trainer and the BCS CISMP exam (which can be taken remotely in your own time and is invigilated centrally by BCS). Subject to successfully passing the exam (multiple choice, requiring a score of at least 65% to pass) participants will hold the accredited BCS Foundation Certificate in Information Security Management Principles (CISMP).

Requirements

There are no formal entry requirements however, the candidate should have basic working IT knowledge and an awareness of the issues involved with the security control activities.

  28 Hours
 

Testimonials (3)

Related Courses

CISA - Certified Information Systems Auditor

  28 Hours

Related Categories