Online Certificate Course
5 Days
Rabat
6hrs / Day
March 6-10, 2023
Cyber Security Center of Excellence
Knowledge of the concepts relating to information security management
Understanding of current national legislation and regulations which impact upon information security management
Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security
Understanding of the current business and common technical environments in which information security management must operate
Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.
The BCS Certificate in Information Security Management Principles (CISMP) course is designed to provide you with the knowledge and skills required to manage information security,
information assurance and information risk-based processes. It is aligned with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 & 27001; the code of
practice and standard for information security.
The CISMP course follows the latest BCS syllabus and will prepare you for the BCS examination.
This qualification provides you with detailed knowledge of the concepts relating to information security; (confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures),
along with an understanding of current legislation and regulations which impact information security management.
Session 1 – Information Security Management Principles
What security means
The core concepts and definitions used in information security
The key business drivers and how they shape the organization’s approach to governance, risk management and compliance.
The benefits of information security
The role information security plays in an organization
How an organization can make information security an integral part of its business.
Session 2 – Information Risk Management
What risk means, how it arises and the likelihood of it impacting an organization.
The effect big data, the Internet of Things and social media have on the risk landscape.
Management techniques used by organizations to understand the risks they face.
Risk treatment and risk reduction methods
The risk management lifecycle, illustrating how risks are identified, analysed, treated and monitored.
Qualitative and quantitative methods of risk analysis.
How assets can be classified to help manage risk
Session 3 – Information Security Framework
Where the security function fits within the organizational structure
The role of the Information Security Officer
Developing information security policies, standards and procedures
The principles of information security governance
How to carry out a security audit
Implementing an information assurance programme and the importance of stakeholder engagement
The incident management process and the role of digital forensics
The legal information security framework
Information assurance standards and how they should be applied within an organization
Session 4 – Procedural and People Security Controls
The people threats facing organizations and the importance of a security culture
Practical people controls, including employment contracts, service contracts, codes of conduct and acceptable use policies
Access controls, including authentication and authorization, passwords, tokens and biometrics
The importance of data ownership, privacy; access points, identification and authentication mechanisms, and information classification.
How organizations can raise security awareness and the different approaches to deliver security-related training.
Session 5 – Technical Security Controls
The different types of malware and the impact each one can have on an organization’s computer systems
Methods of accessing networks and how related security risks can be controlled
The security issues related to networking services, including mobile computing, instant messaging and voice over IP
Cloud computing deployment models and the security implications of cloud services
The security requirements of an organization’s IT infrastructure and the documentation required to support this.
Session 6 – Software Deployment and Lifecycle
The software development lifecycle
The role of testing and change control in reducing security related vulnerabilities in a production system
How the risks introduced by third-party and outsourced developments can be mitigated
Test strategies and test approaches, including vulnerability testing, penetration testing and code analysis
The importance of reporting, and how reports should be structured and presented to stakeholders
The principles of auditing and the role played by digital forensics.
Session 7 – Physical Security
Physical, technical and procedural controls, including good environment design and premises security
Clear screen and clear desk policies
Reducing risks when moving property
Securely disposing of property
Maintaining security in delivery areas
Session 8 – Business Continuity and Disaster Recovery
The value of business continuity management to an organization
The business continuity management process
The impact of business disruption on an organization and how long disruption should be tolerated
The business continuity implementation process and implementation planning
Disaster recovery strategy and the importance of disaster recovery planning
Different standby systems and how these relate to recovery time
The importance of robust documentation and testing of the plan.
Session 9 – Cryptography
What cryptography is
How cryptography works through symmetric ciphers, hash functions, asymmetric ciphers and digital signatures
Key exchange and management
Models of protection
Cryptanalysis
The knowledge and experience of the course instructor was second to none. He was able to provide highly relevant personal insight across all the course content and to expand around all the course topics with real world examples.
Immensely informative, a real eye opener for some as to our current position and cannot fault the templar team at all for their hard work and commitment to us throughout the whole process.
The course pulled together all the aspects of what is expected of the SIRO and more. It provided a sensible level of detail and depth to enable a SIRO to engage with a board and with technical teams with improved confidence.