BCS Certificate in Information Security Management Principles — A 5 day course
This intensive and highly practical 5-day course has been accredited by BCS Professional Certifications. By the end of this course, delegates will have a clear understanding of all the key components of information security best practice.
The course focuses on the need for management and technical solutions to tackle the information related risks which can jeopardise an organisation's ability to achieve its business objectives. It provides a comprehensive overview of how organisations should select and implement controls based on the security risks they face.
The course has been designed to provide the necessary information and guidance in order for delegates to be able to fulfil their roles as information security officers or information risk decision takers.
The course will enable delegates to confidently sit the 2 hour multiple choice BCS Certificate in Information Security Management Principles (CISMP) exam which is taken on the final afternoon of the course.
On completion of this course delegates will be able to:
- Specify the business case for information security
- Understand the challenges posed in managing information risk
- Address the business issues relating to legislation, regulation and corporate governance as it affects information security
- Understand the issues and risks relating to information and have a clear insight into the controls needed to manage them
- Understand how the different concepts of information security interrelate with each other
- Confidently sit the CISMP exam
Information Security Concepts & Definitions
- What is information security?
- Management System (ISMS) concept
The Need For, and Benefits of, Information Security
- Corporate Governance
Information Risk Management
Information Security Organisation & Responsibilities
- Legal and regulatory obligations
Policies, Standards & Procedures
- Delivering a balanced ISMS
- Security procedures
Information Security Governance
- Policy reviews
- Security audits
Security Incident Management
- Objectives and stages of incident management
Information Security Implementation
- Getting management buy-in
- Processing personal data
- Employment issues
- Computer misuse
- Intellectual property rights
- Data Protection Act
Security Standards and Procedures
- ISO/IEC 27002 and ISO/IEC 15408
Threats To, and Vulnerabilities of, Information Systems
- Organisational culture
- Acceptable use policies
Systems Development & Support
- Linking security to whole business process
- Change management process
- Handling security patches
Role of Cryptography
- Common encryption models
Protection from Malicious Software
- Methods of control
User Access Controls
- Authentication and authorisation mechanisms
Networks & Communications
- Partitioning networks
- Role of cryptography
- Controlling 3rd party access
- Intrusion monitoring
- Penetration testing
- Protection of Web servers and e-commerce applications
- Operating, network, database and file management systems
Testing, Audit & Review
- Strategies for security testing of business systems
- Purpose and role of training
- Approaches to training and promoting awareness
Physical and Environmental Security
- Controlling access and protecting physical sites and assets
Disaster Recovery and Business Continuity Management
- Relationship between risk assessment and impact analysis
Investigations & Forensics
- Common processes, tools and techniques
- Legal and regulatory guidelines
Publicly scheduled dates, locations, and prices
A schedule of dates for this subject is not currently available. Please call 0333 210 0140 or use our contact form to enquire about places and availability.
The course will benefit: members of information security management team, IT managers, security/systems administrators and coordinaters, internal auditors, staff with a local security co-ordination role, staff responsible for legal and corporate governance, staff responsibile for information assets and systems.
It is recommended that attendees have a minimum of one year's experience in an IT function
The course fee includes BCS Examination fees for the Certificate in Information Security Management Principles.
At the end of the course delegates will be able to sit a 2 hour examination set by BCS Professional Certifications. The examination comprises of 100 multiple choice questions.
Students will need to obtain a pass mark of at least 65% to pass the examination and distinctions are awarded to candidates achieving a score of 80% or higher.