BCS - Certificate in Information Security Management Principles

This certification is accredited by the Information Systems Examination Board, ISEB a division of the British Computer Society. The course will provide you with the knowledge and understanding of the main principals required to be an effective member of an information security team with security responsibilities as part of your day to day role. It will also prepare individuals who are thinking of moving into information security or related functions.

The achieved qualification will prove that the holder has a good knowledge and basic understanding of the wide range of subject areas that make up information security management

• Knowledge of the concepts relating to information security management (confidentiality, availability, vulnerability, threats, risks and countermeasures etc.)

• Understanding of current legislation and regulations which impact upon information security management in the UK; Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security;

• Understanding of the current business and technical environments in which information security management has to operate;

• Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.

CISMP provide to:

• Individuals who need to gain a qualification, recognised by the industry
• Individuals who have information security responsibilities as part of their day to day role
• Individuals who are thinking of moving into an information security or related function
• Project managers and IT support personnel responsible for incorporating security measures within their IT systems and need to appreciate the many business requirements for security.

A minimum of 12 months experience in any IT job. Each delegate will also need to submit a candidate application form before doing the examination. No technical skill or Security background is required, although this will be an advantage.

A. Information Security Principles (10%)

Concepts and Definitions
The need for, and benefits of, Information Security

B. Information Risk (15%)

Threats to, and Vulnerabilities of information systems
Risk Management

C. Information Security Framework (35%)

Information Security Management
Organisation & responsibilities
Policy, standards & procedures
Information Security Governance
Security Incident Management including Investigations and Forensics
Information Security Implementation
Legal Framework
Security Standards and Procedures

D. Information Security Controls (40%)

Protection from Malicious Software
People
User Access Controls
Networks and Communications
External Services
IT Infrastructure
Testing, Audit & Review
Systems Development and Support
Role of Cryptography
Training
Physical & Environmental Security
Business Continuity Management