Course Outline
The syllabus includes training objectives, details of modules and a recommended reading list:
1. Information Security Management Principles
- Identify definitions, meanings and use of concepts and terms across information security management.
- Explain the need for, and the benefits of information security
2. Information Risk
- Outline the threats to and vulnerabilities of information systems
- Describe the processes for understanding and managing risk relating to information systems - strategic, tactical, operational
3. Information Security Framework
- Explain how risk management should be implemented in an organisation
- The organisation’s management of information security
- Organisational policy, standards and procedures
- Information security governance
- Information security implementation
- Security incident management
- Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management
- Common, established standards and procedures that directly affect information security management
4. Security Lifecycle
- The importance and relevance of the information lifecycle
- The stages of the information lifecycle
- The design process lifecycle including essential and nonfunctional requirements (architecture frameworks, Agile development, Service continuity and reliability)
- The importance of appropriate technical audit and review processes, of effective change control and of configuration management
- The risks to security brought about by systems development and support
5. Procedural/People Security Controls
- The risks to information security involving people (Organisational culture of security)
- User access controls that may be used to manage those risks
6. Technical Security Controls
- Technical controls that can be used to help ensure protection from Malicious Software
- Information security principles associated with the underlying networks and communications systems
- Entry points in networks and associated authentication techniques
- The role of cryptography in network security
- Information security issues relating to value-added services that use the underlying networks and communications systems
- Information security issues relating to organisations that utilise cloud computing facilities
- Operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure
7. Physical and Environmental Security Controls
- Physical aspects of security in multi-layered defences
- Environmental risks
8. Disaster Recovery and Business Continuity Management
- Differences between and the need for business continuity and disaster recovery
9. Other Technical Aspects
- Understanding of the principles and common practices, including any legal constraints and obligations, so they can contribute appropriately to investigations
- The role of cryptography in protecting systems and assets, including awareness of the relevant standards and practices
Note: This is the four day course which adds one additional day to the standard delivery to provide more time for exam preparation and practice exercises.
NobleProg is a BCS Accredited Training Provider.
This course will be delivered by an expert NobleProg trainer approved by BCS.
The price includes delivery of the full course syllabus by an approved BCS trainer and the BCS CISMP exam (which can be taken remotely in your own time and is invigilated centrally by BCS). Subject to successfully passing the exam (multiple choice, requiring a score of at least 65% to pass) participants will hold the accredited BCS Foundation Certificate in Information Security Management Principles (CISMP).
Requirements
There are no formal entry requirements however, the candidate should have basic working IT knowledge and an awareness of the issues involved with the security control activities.
Testimonials (2)
1. The BCS test exam questions were often incoherent or not related to the syllabus - which appears to be a trait of BCS course and exams 2. the subject matter was taught reading powerpoint slides full of text - the BCS should be providing at least some diagrammatic content and other visual aids especially as many people learn in very different ways - more than just reading text.
john - UKHO
Course - BCS Practitioner Certificate in Information Assurance Architecture (CIAA)
The report and rules setup.