ABOUT THIS COURSE
First introduced in 1999, the BCS (formerly ISEB) Certificate in Information Security Management Principles (CiSMP) is a trusted foundation-level qualification, which is ideally suited for those new to the subject before they progress onto more advanced practitioner-level programmes in specialised areas. The current version of the BCS syllabus (v9.0) was refreshed and reformatted in 2020. The CiSMP training covers a broad range of topics and is closely aligned with ISO/IEC 27001, the international standard for information security. Award holders will develop an understanding of key concepts in information security, risk management, business continuity as well as related data governance and regulatory compliance areas.
WHAT'S INCLUDED
COURSE DATES
Course Overview
Like data protection compliance, information security management is a business issue that affects the entire organisation. Whereas data protection addresses the legal (and ethical) obligations placed on organisations relating to personal data, information security is concerned with reducing the risks to all data assets. In order for an organisation to maintain its ability to operate, a comprehensive information security management structure should be implemented, which includes responsibilities for all employees, particularly those performing governance, risk and compliance, security, or IT roles, along with anyone in appropriate management and leadership positions.
As a foundation level course, the BCS certificate in information security management principles is an ideal entry point for individuals who require practical knowledge of the concepts and techniques around information security, risk management, business continuity, relevant legal and regulatory requirements, as well as international standards and frameworks. At its core, the BCS CiSMP training is aligned with ISO/IEC 27001, the international standard for information security.
Due to the COVID-19 pandemic, this accredited course, which is traditionally taught in a classroom setting over 3-days, is now provided safely across a secure WebEx platform with all the support and interactivity found in the classroom. Delegates can gain a recognised foundation level workplace qualification at home or from their desk by attending five x 4 hour live online sessions across one week. The course follows the latest BCS Syllabus (v9.0) and prepares participants for the 2-hour multiple-choice BCS Exam, which is administered separately via Questionmark through online remote proctoring.
Learning outcomes
By obtaining the BCS Foundation Certificate Information Security Management Principles, award holders will be able to demonstrate:
- Knowledge of core information security concepts (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures)
- Understanding of the legislation and regulations that impact information security management
- Awareness of relevant national and international standards and frameworks
- Knowledge of the business and technical environments in which information security management must operate
- Understanding of the categorisation, operation and effectiveness of controls of different types and characteristics
Who should attend?
The BCS CiSMP training will benefit anyone where information security impacts upon their role. The course is an ideal entry point providing a foundation for other qualifications to build on. Individuals working in the following areas or roles will benefit the most:
- Information & Cyber Security
- Business Continuity
- Information Risk
- Privacy & Data Protection compliance
- Data Protection Officers
- Information Governance
- Information Assurance
- IT Managers
- Software Engineering
- Test Managers & QA Engineers
- Project Managers
Itinerary
The BCS Foundation Information Security Management Principles (CiSMP) is currently only available online and is delivered over 5-days, with one 4-hour live module each day.
The following schedule is intended as a guide:
| Module 1 | Introductions, Learning outcomes: |
| — Exam details & techniques | |
| Information security management principles, definitions, terms and concepts: | |
| — The importance and benefits of information security | |
| — Different business models and their impact | |
| — Effects of rapidly changing information and business environment | |
| — Balancing cost and impact against the reduction of risk | |
| — Information security policy, standards and procedures, security as an enabler | |
| Information Risk, Threats and Vulnerabilities of information systems: | |
| — Type of threats and threat categorisation | |
| — Vulnerability categorisation | |
| — Understanding and managing risk relating to information systems | |
| — Risk management process | |
| — Types of controls to manage risk | |
| — Impact assessments | |
| Information security framework: | |
| — How risk management should be implemented | |
| — Organisations management of information security | |
| Module 2 | Information security framework continued: |
| — Organisational policies | |
| — Procedures and standards | |
| — Organisational policies | |
| — Information security governance and implantation | |
| — Security incident management | |
| Principles of law, legal jurisdiction and relevant topics that affect information security management, including: | |
| — Data protection | |
| — Intellectual property rights | |
| — Record retention | |
| — Contractual safeguards | |
| — Cryptography technology restrictions | |
| Common established standards and procedures directly relating to information security management: | |
| — National and international standards | |
| — Industry specific standards | |
| — Technical standards | |
| — Certification of information security management systems | |
| The information lifecycle: | |
| — The importance and relevance of the information lifecycle | |
| — Stages of the information lifecycle | |
| — Concepts of the design process lifecycle | |
| Module 3 | The information lifecycle continued: |
| — Security Lifecycle | |
| — Technical audit and review processes | |
| — Change control and configuration management | |
| — Risks to security brought about by systems development and support | |
| Information Security risks and measures involving people: | |
| — User access controls | |
| — Authentication | |
| — Management and reviews of controls | |
| — The importance of appropriate information security training | |
| Module 4 | Technical security controls: |
| — Protecting against malicious software | |
| Communications and networks systems: | |
| — Entry points | |
| — Partitioning | |
| — Secure network management | |
| — Value added services | |
| — Cloud computing | |
| Module 5 | Physical and environmental security controls: |
| — General controls and the protection of both IT and not IT equipment and assets | |
| Disaster Recovery and Business Continuity: | |
| — Risk assessment and impact analysis | |
| — Documentation and compliance with relevant standards | |
| Other technical aspects: | |
| — Common practices and principles | |
| — Legal restraints and obligations | |
| — Investigations and forensics | |
| Encryption: | |
| — The role of cryptography in protecting assets and systems | |
| — Awareness of relevant standards and practices | |
| — Common practical applications |
BCS Syllabus
BCS Foundation Certificate Information Security Management Principles (CiSMP)
Syllabus version 9.0
June 2020
This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.
