Five Day – BCS Foundation Certificate in Information Security Management Principles

Online Certificate Course

5 Days


6hrs / Day

March 6-10, 2023

Cyber Security Center of Excellence


 Knowledge of the concepts relating to information security management
 Understanding of current national legislation and regulations which impact upon information security management
 Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security
 Understanding of the current business and common technical environments in which information security management must operate
 Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.

The BCS Certificate in Information Security Management Principles (CISMP) course is designed to provide you with the knowledge and skills required to manage information security,

information assurance and information risk-based processes. It is aligned with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 & 27001; the code of
practice and standard for information security.  
The CISMP course follows the latest BCS syllabus and will prepare you for the BCS examination.
This qualification provides you with detailed knowledge of the concepts relating to information security; (confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures),
along with an understanding of current legislation and regulations which impact information security management.

Course Content:

Session 1 – Information Security Management Principles 
 What security means 
 The core concepts and definitions used in information security 
 The key business drivers and how they shape the organization’s approach to governance, risk management and compliance. 
 The benefits of information security  
 The role information security plays in an organization 
 How an organization can make information security an integral part of its business. 
Session 2 – Information Risk Management 
 What risk means, how it arises and the likelihood of it impacting an organization.  
 The effect big data, the Internet of Things and social media have on the risk landscape. 
 Management techniques used by organizations to understand the risks they face. 
 Risk treatment and risk reduction methods 
 The risk management lifecycle, illustrating how risks are identified, analysed, treated and monitored.
 Qualitative and quantitative methods of risk analysis. 
 How assets can be classified to help manage risk 
Session 3 – Information Security Framework 
 Where the security function fits within the organizational structure 
 The role of the Information Security Officer 
 Developing information security policies, standards and procedures 
 The principles of information security governance 
 How to carry out a security audit 
 Implementing an information assurance programme and the importance of stakeholder engagement 

 The incident management process and the role of digital forensics  
 The legal information security framework  
 Information assurance standards and how they should be applied within an organization 
Session 4 – Procedural and People Security Controls 
 The people threats facing organizations and the importance of a security culture 
 Practical people controls, including employment contracts, service contracts, codes of conduct and acceptable use policies  
 Access controls, including authentication and authorization, passwords, tokens and biometrics 
 The importance of data ownership, privacy; access points, identification and authentication mechanisms, and information classification. 
 How organizations can raise security awareness and the different approaches to deliver security-related training.  
Session 5 – Technical Security Controls  
 The different types of malware and the impact each one can have on an organization’s computer systems 
 Methods of accessing networks and how related security risks can be controlled 
 The security issues related to networking services, including mobile computing, instant messaging and voice over IP 
 Cloud computing deployment models and the security implications of cloud services  
 The security requirements of an organization’s IT infrastructure and the documentation required to support this. 
Session 6 – Software Deployment and Lifecycle  
 The software development lifecycle 
 The role of testing and change control in reducing security related vulnerabilities in a production system 
 How the risks introduced by third-party and outsourced developments can be mitigated 
 Test strategies and test approaches, including vulnerability testing, penetration testing and code analysis 
 The importance of reporting, and how reports should be structured and presented to stakeholders 
 The principles of auditing and the role played by digital forensics.  
Session 7 – Physical Security
 Physical, technical and procedural controls, including good environment design and premises security 
 Clear screen and clear desk policies 
 Reducing risks when moving property 
 Securely disposing of property 
 Maintaining security in delivery areas 
Session 8 – Business Continuity and Disaster Recovery
 The value of business continuity management to an organization 

 The business continuity management process 
 The impact of business disruption on an organization and how long disruption should be tolerated 
 The business continuity implementation process and implementation planning 
 Disaster recovery strategy and the importance of disaster recovery planning 
 Different standby systems and how these relate to recovery time 
 The importance of robust documentation and testing of the plan.  
Session 9 – Cryptography 
 What cryptography is 
 How cryptography works through symmetric ciphers, hash functions, asymmetric ciphers and digital signatures 
 Key exchange and management 
 Models of protection 
 Cryptanalysis

Testimonials from organisations & delegates

The course pulled together all the aspects of what is expected of the SIRO and more. It provided a sensible level of detail and depth to enable a SIRO to engage with a board and with technical teams with improved confidence.

The knowledge and experience of the course instructor was second to none. He was able to provide highly relevant personal insight across all the course content and to expand around all the course topics with real world examples.

Immensely informative, a real eye opener for some as to our current position and cannot fault the templar team at all for their hard work and commitment to us throughout the whole process.