Pre-course
reading
4-hour
online sessions
Flexible live
interactive training
In course
exam preparation
2-hour online
BCS examination
First introduced in 1999, the BCS (formerly ISEB) Certificate in Information Security Management Principles (CISMP) is a trusted foundation-level industry qualification ideally suited for those new to the subject before they progress onto more advanced practitioner-level programmes in specialised areas. The current version of the BCS syllabus (v9.0) was refreshed and reformatted in 2020. The CISMP covers a broad range of topics and is closely aligned with ISO/IEC 27001, the international standard for information security. Award holders will develop an understanding of key concepts in information security, risk management, business continuity as well as related data governance and regulatory compliance areas.
Pre-course
reading
4-hour
online sessions
Flexible live
interactive training
In course
exam preparation
2-hour online
BCS examination
Like data protection compliance, information security management is a business issue that affects the entire organisation. Whereas data protection addresses the legal (and ethical) obligations placed on organisations relating to personal data, information security is concerned with reducing the risks to all data assets. In order for an organisation to maintain its ability to operate, a comprehensive information security management structure should be implemented, which includes responsibilities for all employees, particularly those performing governance, risk and compliance, security, or IT roles, along with anyone in appropriate management and leadership positions.
As a foundation-level course, the BCS certificate in information security management principles is an ideal entry point for individuals who require practical knowledge of the concepts and techniques around information security, risk management, business continuity, relevant legal and regulatory requirements, as well as international standards and frameworks. At its core, the BCS CISMP training is aligned with ISO/IEC 27001, the international standard for information security.
The course is delivered online for convenience and for the significant environmental and sustainability benefits it offers. Delegates can gain a recognised foundation-level workplace qualification at home or from their desk by attending five consecutive 4-hour live online sessions across one week. The course follows the latest BCS Syllabus (v9.0) and prepares participants for the 2-hour multiple-choice BCS Exam, administered separately via Questionmark through online remote proctoring.
By obtaining the BCS Foundation Certificate Information Security Management Principles, award holders will be able to demonstrate:
The BCS CiSMP training will benefit anyone where information security impacts upon their role. The course is an ideal entry point providing a foundation for other qualifications to build on. Individuals working in the following areas or roles will benefit the most:
The BCS Foundation Information Security Management Principles (CISMP) is currently only available online and is delivered over 5-days, with one 4-hour live module each day.
The following schedule is intended as a guide:
Module 1 | Introductions, Learning outcomes: |
- Exam details & techniques data | |
Information security management principles, definitions, terms and concepts: | |
- The importance and benefits of information security | |
- Different business models and their impact | |
- Effects of rapidly changing information and business environment | |
- Balancing cost and impact against the reduction of risk | |
- Information security policy, standards and procedures, security as an enabler | |
Information Risk, Threats and Vulnerabilities of information systems: | |
- Type of threats and threat categorisation | |
- Vulnerability categorisation | |
- Understanding and managing risk relating to information systems | |
- Risk management process | |
- Types of controls to manage risk | |
- Impact assessments | |
Information security framework: | |
- How risk management should be implemented | |
- Organisations management of information security | |
Module 2 | Information security framework continued: |
- Organisational policies | |
- Procedures and standards | |
- Organisational policies | |
- Information security governance and implantation | |
- Security incident management | |
Principles of law, legal jurisdiction and relevant topics that affect information security management, including: | |
- Data protection | |
- Intellectual property rights | |
- Record retention | |
- Contractual safeguards | |
- Cryptography technology restrictions | |
Common established standards and procedures directly relating to information security management: | |
- National and international standards | |
- Industry specific standards | |
- Technical standards | |
- Certification of information security management systems | |
The information lifecycle: | |
- The importance and relevance of the information lifecycle | |
- Stages of the information lifecycle | |
- Concepts of the design process lifecycle | |
Module 3 | The information lifecycle continued: |
- Security Lifecycle | |
-Technical audit and review processes | |
- Change control and configuration management | |
- Risks to security brought about by systems development and support | |
Information Security risks and measures involving people: | |
- User access controls | |
- Authentication | |
- Management and reviews of controls | |
- The importance of appropriate information security training | |
Module 4 | Technical security controls: |
- Protecting against malicious software | |
Communications and networks systems: | |
- Entry points | |
- Secure network management | |
- Value added services | |
- Cloud computing | |
Module 5 | Physical and environmental security controls: |
- General controls and the protection of both IT and not IT equipment and assets | |
Disaster Recovery and Business Continuity: | |
- Risk assessment and impact analysis | |
- Documentation and compliance with relevant standards | |
Other technical aspects: | |
- Common practices and principles | |
- Legal restraints and obligations | |
- Investigations and forensics | |
Encryption: | |
- The role of cryptography in protecting assets and systems | |
- Awareness of relevant standards and practices | |
- Common practical applications |
BCS Foundation Certificate Information Security Management Principles (CISMP)
Syllabus version 9.0
June 2020
Download the new syllabus (PDF)
This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.
The BCS Foundation Information Security Management Principles (CISMP) exam format is a two-hour multiple-choice examination. The exam is closed book, i.e. no materials can be taken into the examination room.
Type | Multiple-choice, 100 Questions (1 mark each) |
Duration | 2 Hour. |
Supervised | Yes |
Open Book | No |
Pass Mark | 65/100 (65%) |
Distinction Mark | None |
Calculators | No, calculators cannot be used during this examination |
Delivery | Digital or paper-based |
Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.
Get this BCS Foundation Information Security Management Principles (CISMP) course for:
£1,395+VAT
10% OFF
Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.
Freevacy has been shortlisted in the Best Educator category. The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.