BCS Certificate in Information Security Management Principles (CISMP) - Including Exam [CISMP]

OVERVIEW

This course follows the latest BCS syllabus and prepares delegates for the BCS examination.

You will gain an understanding of the main principals required to be an effective member of an information security team with security responsibilities as part of your day to day role.

This qualification will prove that the holder has knowledge of the concepts relating to information security, along with an understanding of current regulations and legislation.

An exam voucher is included with this course

OBJECTIVES

After completing this course you should have:

• Knowledge of the concepts relating to information security management (confidentiality, availability, vulnerability, threats, risks and countermeasures etc.)
• An understanding of current legislation and regulations which impact upon information security management in the UK; Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security;
• An understanding of the current business and technical environments in which information security management has to operate;
• Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.

AUDIENCE

Anyone with an interest in information security, whether as a career or for general business knowledge.

CERTIFICATION

Recommended as preparation for the following exams:

• BCS Foundation Certificate in Information Security Principles

CONTENT

 1.  Information Security Management Principles – 10%

• 1.1 Concepts and definitions
• 1.2 The need for & benefits of Information Security

2.  Information Risk – 10%

• 2.1 Threats to & vulnerabilities of information systems
• 2.2 Risk Management

3.  Information Security Framework – 15%

• 3.1 Organisation and responsibilities
• 3.2 Legal framework
• 3.3 Security standards and procedures

4. Security Lifecycle – 10%

• 4.1 Importance and Relevance of Security Lifecyle
• 4.2 Stages of the Information Lifecyle
• 4.3 Lifecycle Design Process
• 4.4 Audit, Review and Change Control
• 4.5 Systems Development

5.  Procedural/people security controls – 15%

• 5.1 People
• 5.2 User access controls
• 5.3 Training

6.  Technical security controls – 25%

• 6.1 Protection from malicious software
• 6.2 Networks and communications
• 6.3 External services
• 6.4 Cloud computing
• 6.5 IT infrastructure

7. Physical and Environmental Security Controls – 5%

• 7.1 Physical and Environmental Considerations

8.  Disaster recovery and business continuity management  – 5%

• 8.1 Differences between Disaster Recovery and Business Continuity

9.  Other technical aspects – 5%

• 9.1 Investigations & forensics
• 9.2 Role of cryptography