Course Introduction
Course Introduction

We begin with an introduction to the course and what you can expect from the videos and quizzes in this learning path.

Learning Objectives

The objectives of this course are to provide you with and understanding of:

  • What information security means
  • The structure and components of each of the nine courses
  • Hints and tips for getting the most out of this Learning Path

Intended Audience

This course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.


There are no specific prerequisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.


We welcome all feedback and suggestions - please contact us at if you are unsure about where to start or if would like help getting started.



Welcome to the Certificate in Information Security Management Principles course.


This course is aimed at anybody wanting to achieve the British Computer Society’s Foundation Certificate in Information Security Management Principles qualification, as well as anybody who has an interest in information security – either to start their career in information assurance or simply to learn more about this important field. 


The BCS Foundation Certificate in Information Security Management Principles is the foundation on which other information assurance qualifications can be built. There are no specific pre-requisites for studying this course or sitting the examination.


The course is aligned to version 8.2 of the British Computer Society syllabus and covers many of the principles found in the BCS textbook, Information Security Management Principles: second edition.

Before we look at the structure of this course, let’s look at what information security means.


This field has been given many labels over recent years as the technologies and security challenges they create have evolved. Initially it was called computer security, which related to the technology used to secure products, applications and operating systems. 


Later, the term information security was introduced, which is defined as:


“…protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.”


This illustrates that the purpose of security is to actually protect information and data rather than just protecting the systems. 


However, information isn’t just stored on computer systems, it can be printed out or kept on removable media. So, more recently, the term information assurance has been introduced; it broadens the definition by including process security and policy writing.


Most recently, the term cyber security has become more prevalent. This is really a reinvention of computer security, with an emphasis on security operations and threat management. Cyber security can also include industrial control system security but typically excludes governance, risk and compliance. Nevertheless, the overuse of this term has seen many people now refer to all aspects of information assurance as cyber security. 


For the purposes of this course it’s important to remember that there are subtle differences in the definitions. The term information assurance is the most accurate in describing the work of the modern information security professional.


This course is structured into 10 Learning Paths which together provide the knowledge you need to achieve the BCS Foundation Certificate in Information Security Management Principles.


 • The first learning path looks at information management security principles. It introduces the core concepts and common definitions, and outlines how the security objectives of an organization can be achieved through strong governance, risk management and compliance.


 • The second learning path is about risk management, which is the foundation of information assurance. It provides an understanding of what risk management is and how it affects an organisation, before investigating the four stages of the risk management cycle and risk analysis approaches.


 • The third learning path covers the information security framework. This covers a range of areas including:

   o Where the information security function sits within an organization and the legal framework it operates in;

   o The process to develop information assurance policies, standards and procedures;

   o Information security governance and stakeholder management; and

   o Implementing the organization’s information security programme.


 • The fourth learning path looks at procedural, people and security controls by highlighting the importance of a security culture, investigating how user access controls can be integrated within IT systems, and the role of security awareness and training.


 • The fifth learning path is about technical security controls and covers:

   o Types of malware and their impact on an organization;

   o The methods through which networks are accessed and security risks are controlled;

   o The security issues relating to networking services;

   o The different models and deployment structures for cloud computing; and

   o The security requirements of an IT infrastructure.


 • The sixth learning path covers software development, testing and audit. It introduces the development lifecycle and describes how robust development practices can reduce security-related vulnerabilities. It then builds on this by looking into different test strategies and approaches.


 • The seventh learning path looks at physical and environmental security controls, including procedural controls, securely moving and disposing of property and maintaining security in delivery areas.


 • The eighth learning path is about business continuity management and disaster recovery. It provides an understanding of what business continuity management is, why it’s important and how it can be implemented within the overall risk management process. Then it looks specifically at disaster recovery systems, planning and documentation.


 • The ninth learning path provides a basic understanding of cryptography and how it works through symmetric ciphers, hash functions, asymmetric ciphers and digital signatures.


 • Then, the final learning path contains a mock exam paper to help you prepare for the BCS Foundation Certificate in Information Security Management Principles examination.


Each learning path delivers the essential knowledge you’ll need through video lectures and reference guides. These are supported, where appropriate, by other resources, links to further information and quizzes.

The quizzes are included after each video lecture to help you check your understanding of the knowledge contained in the video. You’ll be given feedback after each question so you can check how well you’re doing and revisit any areas you feel you need to.


You can attempt the quizzes as many times as you like.


You’ll have your own approach to learning. However, these tips might help you get the most from this course:

 • Try to complete the course within three months – that way, what you learn at the beginning of the course will still be fresh in your mind when you take the exam.

 • In any single learning session, try to complete an entire learning path – or, failing that, a complete video lecture and quiz.

 • Try to complete the quiz for the videos as you go – they’ll help you build and consolidate your knowledge.


One final thing…


Feedback on our courses is valuable to us as and any students that need to take the same course in the future. If you have any feedback – positive or negative – please let us know. 


Thank you and we hope you enjoy the course.



About the Author
Learning Paths

Fred is a trainer and consultant specializing in cyber security.  His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics.  However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking.  From networking it was a natural progression to IT security and cyber security more generally.  As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.