Information Security Training | Information Security Management

The Knowledge Academy BCS CISMP (Certificate in Information Security Management Principles) 5 day course covers the following topics:

Introduction

The BCS Certificate in Information Security Management Principles (CISMP) is an established and internationally-regarded foundation-level qualification which demonstrates a good knowledge and understanding of the key subject areas associated with information security management.

The course focuses on the need for management and technical solutions to tackle the information related risks which can jeopardise an organisation's ability to achieve its business objectives. It provides a comprehensive overview of how organisations should select and implement controls based on the security risks they face. It should be stressed this is not a technical course and whilst technical controls (amongst other controls) are discussed, it is from an overview and principles perspective.

Course Audience

The course will benefit members of information security management team, IT managers, security/systems administrators and co-ordinators, internal auditors, staff with a local security co-ordination role, staff responsible for legal and corporate governance, staff responsible for information assets and systems.

Course Pre-Requisites

There are no formal requirements for entry to the course but we advise the following:

A knowledge of IT would be advantageous but not essential Candidates are advised that Photo ID must be brought to the examination (Driving License, Passport and named work ID badges are all acceptable). This is a BCS requirement and delegates will be turned away from the examination if ID is not produced. An understanding of the general principles of information technology security would be useful Awareness of the issues involved with security control activity would be advantageous To sit the BCS exam, delegates will need 12 months' IT experience with at least 6 months in a security contol environment.

What will you learn?

• Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc)
• Understanding of current national legislation and regulations which impact upon information security management;
• Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security;
• Understanding of the current business and common technical environments in which information security management has to operate;
• Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.

Course Agenda The need for, and benefits of, information security: Corporate Governance.

Information risk management.

Information security organisation & responsibilities: Legal and regulatory obligations.

Policies, standards & procedures: Delivering a balanced ISMS. Security procedures.

Information security governance: Policy reviews. Security audits.

Security incident management: Objectives and stages of incident management.

Information security implementation: Getting management buy-in.

Legal framework: Processing personal data. Employment issues. Computer misuse. Intellectual property rights. Data Protection Act.

Security standards & procedures: ISO/IEC 27002 and ISO/IEC 15408.

Threats to, and vulnerabilities of, information systems.

People security: Organisational culture. Acceptable use policies.

Systems development & support: Linking security to whole business process. Change management process. Handling security patches.

Role of cryptography: Common encryption models.

Protection from malicious software: Methods of control.

User access controls: Authentication and authorisation mechanisms.

Networks & communications: Partitioning networks. Role of cryptography. Controlling 3rd party access. Intrusion monitoring. Penetration testing, cloud computing.

External services: Protection of Web servers and e-commerce applications.

IT infrastructure: Operating, network, database and file management systems.

Testing, audit & review: Strategies for security testing of business systems.

Training: The purpose and role of training. Promoting awareness.

Physical & environmental security: Controlling access and protecting physical sites and assets.

Disaster recovery & business continuity management: Relationship between risk assessment and impact analysis.

Investigations & forensics: Common processes, tools and techniques. Legal and regulatory guidelines.

*Please note the following book must be purchased: ISBN 978-1-78017-175-3.

BCS Membership

Included in your professional certification; one year’s free BCS, The Chartered Institute for IT, Associate membership.

Upon passing your examination, make the most of your professional certification and continue your career development with BCS Associate membership. Whether you’re looking for career support through the BCS global skills, training and development framework, SFIAplus, seeking promotion or a network of new contacts, we’re here to support you. BCS membership provides exclusive access to resources, content and opportunities that will enrich your career.

BCS Membership allows you to give back to society. Some of the industry’s challenges are around personal data, health, education, and IT capabilities. By becoming part of our professional community you can get involved and do your bit to make IT good for society.