Course description
BCS Foundation Certificate in Information Security Management Principles (CISMP)
The BCS Foundation Certificate in Information Security Management Principles online training course covers a range of approaches, concepts, and techniques within IT security.
After your training, you will be able to demonstrate your knowledge and understanding of these aspects, as specified in the learning objectives outlined below.
Do you work at this organisation and want to update this page?
Is there out-of-date information about your organisation or courses published here? Fill out this form to get in touch with us.
Upcoming start dates
Suitability - Who should attend?
If you require an understanding of information security management principles (including those who are responsible for information security as part of their day-to-day role), or those who are considering a career change into this field, this course would be ideal for you.
It also provides the opportunity for those already within these roles to enhance or refresh their knowledge and in the process gain an industry-recognised qualification, which demonstrates the level of knowledge gained.
Discover how to facilitate a switch to IT
Prerequisites
There are no formal entry requirements however, you should have basic working IT knowledge and an awareness of the issues involved with the security control activities.
Outcome / Qualification etc.
Accreditation: BCS - The Chartered Institute for IT
Learning Outcomes
You will be able to demonstrate knowledge and understanding of Information Security Management Principles in the following areas:
- Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures).
- Understand the relevant current legislation and regulations which impact information security management.
- Comprehension of the relevant current national and international standards, frameworks and organisations which facilitate the management of information security.
- Knowledge of the environments in which information security management must operate.
- Understand the categorisation, operation, and effectiveness of controls of different types and characteristics.
Training Course Content
Syllabus & weighting
Information Security Management Principles (10%)
- Identify definitions, meanings and use of concepts and terms across information security management.
- Explain the need for, and the benefits of information security.
Information Risk (10%)
- Gain an appreciation of risk assessment and management as it applies to information security.
- Outline the threats to and vulnerabilities of information systems.
- Describe the processes for understanding and managing risk relating to information systems.
Information Security Framework (15%)
- Explain how risk management should be implemented in an organisation.
- Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management covering a broad spectrum from the security implications on compliance with legal requirements affecting business.
- Describe the number of common, established standards and procedures that directly affect information security management.
Security Lifecycle (10%)
- Demonstrate an understanding of the importance and relevance of the information lifecycle.
- Identify the following stages of the information lifecycle.
- Outline the following concepts of the design process lifecycle including essential and non-functional requirements.
- Demonstrate an understanding of the importance of appropriate technical audit and review processes, of effective change control and of configuration management.
- Explain the risks to security brought about by systems development and support.
Procedural/People Security Controls (15%)
- Explain the risks to information security involving people.
- Describe user access controls that may be used to manage those risks.
- Identify the importance of appropriate training for all those involved with information.
Technical Security Controls (25%)
- Outline the technical controls that can be used to help ensure protection from malicious software.
- Identify information security principles associated with the underlying networks and communications systems.
- Recognise the information security issues relating to value-added services that use the underlying networks and communications systems.
- Recall the information security issues relating to organisations that utilise cloud computing facilities.
- Define the following aspects of security in information systems, including operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure.
Physical and Environmental Security Controls (5%)
- Outline the physical aspects of security available in multi-layered defences and explain how the environmental risks to information in terms of the need, for example, for appropriate power supplies, protection from natural risks (fire, flood, etc.) and in the everyday operations of an organisation.
Disaster Recovery and Business Continuity Management (5%)
- Describe (K1/2) the differences between and the need for business continuity and disaster recovery.
Other Technical Aspects (5%)
- Demonstrate understanding of the principles and common practices, including any legalconstraints and obligations, so they can contribute appropriately to investigations.
- Describe the role of cryptography in protecting systems and assets, including awareness of the relevant standards and practices.
Why choose e-Careers Ltd
We have successfully trained over 610,000 learners, from over 50 countries, and growing.
We are industry leaders, with multiple awards and over 10 years experience.
Our Trainers and Tutors are industry experts in their fields
Expenses
Tuition Fee: £ 549Inc. VAT
Continuing Studies
If you're considering a career in IT or information security, this training course will benefit your career goals.
Typical job roles you can apply for after this training include:
- Information Security Engineer
- IT Security Manager
- Information Systems Security Manager