Module 1 - Information Security Management Principles
This Course introduces the core concepts and definitions used in information security and will provide you with an important foundation for the rest of the Course. It then builds on that knowledge by outlining how information security contributes to achieving the objectives of an organisation through strong governance, risk management, and compliance.
The objectives of this Course are to provide you with and understanding of:
- What security means
- The core concepts and definitions used in information security
- The key business drivers and how they shape the organisation’s approach to governance, risk management and compliance
- The benefits of information security
- The role information security plays in an organisation
- How an organisation can make information security an integral part of its business
This Course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.
There are no specific pre-requisites to study this Course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.
We welcome all feedback and suggestions - please contact us at firstname.lastname@example.org if you are unsure about where to start or if would like help getting started.
Welcome to the Information Security Management Principles Learning Path.
As you progress through your career in information security, you’ll start to get the hang of the jargon and acronyms. However, as you’ll see, information security is an issue for the entire organization, so it’s your job to ensure the language is accessible to everybody.
This means you need to understand the key terms so you can explain them clearly and concisely.
Many of the terms used in information security – like 'risk' and 'integrity' – are also used in everyday business, but they’ll often have different definitions for information security. So, we need to have standard definitions of these terms and concepts.
This learning path has two videos:
- The first introduces the core concepts and definitions used in information security and will provide you with an important foundation for the rest of the course
- The second video builds on this by outlining how information security contributes to achieving the objectives of an organization through strong governance, risk management and compliance
The videos are supported by quizzes for you to check your understanding as you work through them.
Fred is a trainer and consultant specializing in cyber security. His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics. However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking. From networking it was a natural progression to IT security and cyber security more generally. As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.