First introduced in 1999, the BCS (formerly ISEB) Certificate in Information Security Management Principles (CiSMP) is a trusted foundation-level qualification, which is ideally suited for those new to the subject before they progress onto more advanced practitioner-level programmes in specialised areas. The current version of the BCS syllabus (v9.0) was refreshed and reformatted in 2020. The CiSMP training covers a broad range of topics and is closely aligned with ISO/IEC 27001, the international standard for information security. Award holders will develop an understanding of key concepts in information security, risk management, business continuity as well as related data governance and regulatory compliance areas.


Book Icon
3 Icon
online sessions
Whiteboard Icon
Flexible live
interactive training
Checklist Icon
In course
exam preparation
Examination Icon
2 hour BCS


Code Course Start Duration Location Booking
FC-ISMP BCS Foundation Certificate Information Security Management principles 28 Nov 22 5 X 4hr Sessions Online Book now
13 Feb 22 5 X 4hr Sessions Online Book now

BCS Foundation Certificate Information Security Management principles (FC-ISMP)

Starts: 28 Nov 22

Duration: 5 X 4hr Sessions

Location: Online

Book now

BCS Foundation Certificate Information Security Management principles (FC-ISMP)

Starts: 13 Feb 22

Duration: 5 X 4hr Sessions

Location: Online

Book now

Course Overview

Like data protection compliance, information security management is a business issue that affects the entire organisation. Whereas data protection addresses the legal (and ethical) obligations placed on organisations relating to personal data, information security is concerned with reducing the risks to all data assets. In order for an organisation to maintain its ability to operate, a comprehensive information security management structure should be implemented, which includes responsibilities for all employees, particularly those performing governance, risk and compliance, security, or IT roles, along with anyone in appropriate management and leadership positions.

As a foundation level course, the BCS certificate in information security management principles is an ideal entry point for individuals who require practical knowledge of the concepts and techniques around information security, risk management, business continuity, relevant legal and regulatory requirements, as well as international standards and frameworks. At its core, the BCS CiSMP training is aligned with ISO/IEC 27001, the international standard for information security.

Due to the COVID-19 pandemic, this accredited course, which is traditionally taught in a classroom setting over 3-days, is now provided safely across a secure WebEx platform with all the support and interactivity found in the classroom. Delegates can gain a recognised foundation level workplace qualification at home or from their desk by attending five x 4 hour live online sessions across one week. The course follows the latest BCS Syllabus (v9.0) and prepares participants for the 2-hour multiple-choice BCS Exam, which is administered separately via Questionmark through online remote proctoring.

Learning outcomes

By obtaining the BCS Foundation Certificate Information Security Management Principles, award holders will be able to demonstrate:

  • Knowledge of core information security concepts (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures)
  • Understanding of the legislation and regulations that impact information security management
  • Awareness of relevant national and international standards and frameworks
  • Knowledge of the business and technical environments in which information security management must operate
  • Understanding of the categorisation, operation and effectiveness of controls of different types and characteristics

Who should attend?

The BCS CiSMP training will benefit anyone where information security impacts upon their role. The course is an ideal entry point providing a foundation for other qualifications to build on. Individuals working in the following areas or roles will benefit the most:

  • Information & Cyber Security
  • Business Continuity
  • Information Risk
  • Privacy & Data Protection compliance
  • Data Protection Officers
  • Information Governance
  • Information Assurance
  • IT Managers
  • Software Engineering
  • Test Managers & QA Engineers
  • Project Managers


The BCS Foundation Information Security Management Principles (CiSMP) is currently only available online and is delivered over 5-days, with one 4-hour live module each day.

The following schedule is intended as a guide:

Module 1 Introductions, Learning outcomes:
— Exam details & techniques
Information security management principles, definitions, terms and concepts:
— The importance and benefits of information security
— Different business models and their impact
— Effects of rapidly changing information and business environment
— Balancing cost and impact against the reduction of risk
— Information security policy, standards and procedures, security as an enabler
Information Risk, Threats and Vulnerabilities of information systems:
— Type of threats and threat categorisation
— Vulnerability categorisation
— Understanding and managing risk relating to information systems
— Risk management process
— Types of controls to manage risk
— Impact assessments
Information security framework:
— How risk management should be implemented
— Organisations management of information security
Module 2 Information security framework continued:
— Organisational policies
— Procedures and standards
— Organisational policies
— Information security governance and implantation
— Security incident management
Principles of law, legal jurisdiction and relevant topics that affect information security management, including:
— Data protection
— Intellectual property rights
— Record retention
— Contractual safeguards
— Cryptography technology restrictions
Common established standards and procedures directly relating to information security management:
— National and international standards
— Industry specific standards
— Technical standards
— Certification of information security management systems
The information lifecycle:
— The importance and relevance of the information lifecycle
— Stages of the information lifecycle
— Concepts of the design process lifecycle
Module 3 The information lifecycle continued:
— Security Lifecycle
— Technical audit and review processes
— Change control and configuration management
— Risks to security brought about by systems development and support
Information Security risks and measures involving people:
— User access controls
— Authentication
— Management and reviews of controls
— The importance of appropriate information security training
Module 4 Technical security controls:
— Protecting against malicious software
Communications and networks systems:
— Entry points
— Partitioning
— Secure network management
— Value added services
— Cloud computing
Module 5 Physical and environmental security controls:
— General controls and the protection of both IT and not IT equipment and assets
Disaster Recovery and Business Continuity:
— Risk assessment and impact analysis
— Documentation and compliance with relevant standards
Other technical aspects:
— Common practices and principles
— Legal restraints and obligations
— Investigations and forensics
— The role of cryptography in protecting assets and systems
— Awareness of relevant standards and practices
— Common practical applications

BCS Syllabus

BCS Foundation Certificate Information Security Management Principles (CiSMP)
Syllabus version 9.0
June 2020

Download the syllabus (PDF)

This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.