BCS Certificate in Information Security Management Principles - CISMP

Developed with QA
OverviewStepsAuthor
QA
This content is developed in partnership with QA
DifficultyBeginner
AVG Duration14h
Students775
Ratings
4.6/5
starstarstarstarstar-half
Content
11526

Description

Learning Path Overview 

The BCS Certificate in Information Security Management Principles (CISMP) course is designed to provide you with the knowledge and skills required to manage information security,
information assurance and information risk-based processes. It is aligned with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 & 27001; the code of practice and standard for information security.  

The CISMP course follows the latest BCS syllabus and will prepare you for the BCS examination. This qualification provides you with detailed knowledge of the concepts relating to information security; (confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures), along with an understanding of current legislation and regulations which impact information security management.   

Intended Audience 

Although perceived as an IT issue, information security is, in fact, a subject relevant to all business units. The CISMP course is relevant to anyone requiring an understanding of information security management as well as those with an interest in information security, either as a potential career, or as an additional part of their general business knowledge, including members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities.  

 The course acts as a foundation for more advanced managerial or technical qualifications and provides a thorough general understanding to enable businesses to ensure their information is protected appropriately.  

Prerequisites of the Certifications 

There are no specific pre-requisites to study the CISMP course or for entry to the examination. However, the following knowledge would be advantageous:  

  • A basic knowledge of IT 
  • An understanding of the general principles of information technology security 
  • An awareness of the issues involved with security control activity 

 Learning Objectives 

The CISMP course follows the latest BCS syllabus and covers the following areas: 

  • The need for information security 
  • Information Security Management System (ISMS) concepts and definitions 
  • Information risk management 
  • Corporate governance 
  • Organisational responsibilities 
  • Policies, standards and procedures 
  • Relevant ISO and IEC standards 
  • Information security controls 
  • Incident management 
  • The legal framework 
  • Cryptography 
  • Data communications and networks 
  •  Physical security 
  •  Security auditing 
  • Training and awareness 
  • Business continuity and disaster recovery 
  • Security investigations and forensics 

 Agenda 

This Learning Path contains videos, quizzes and other resources for nine courses, together with the associated course Introduction and mock examination. Each course has exam quizzes for you to test your knowledge as you work through the Learning Path. 

Course Introduction 

We begin with an introduction to the course and what you can expect from the videos and quizzes in this Learning Path. This introduction allows you to gain further insight into: 

  • What information security means 
  • The structure and components of each of the nine courses  
  • Hints and tips for getting the most out of this Learning Path

 Module 1 - Information Security Management Principles 

  • What security means 
  • The core concepts and definitions used in information security 
  • The key business drivers and how they shape the organization’s approach to governance, risk management and compliance. 
  • The benefits of information security  
  • The role information security plays in an organization 
  • How an organization can make information security an integral part of its business. 

Module 2 - Information Risk Management 

  • What risk means, how it arises and the likelihood of it impacting an organization.  
  • The effect big data, the Internet of Things and social media have on the risk landscape. 
  • Management techniques used by organizations to understand the risks they face 
  • Risk treatment and risk reduction methods 
  • The risk management lifecycle, illustrating how risks are identified, analysed, treated and monitored 
  • Qualitative and quantitative methods of risk analysis 
  • How assets can be classified to help manage risk 

Module 3 - Information Security Framework 

  • Where the security function fits within the organizational structure 
  • The role of the Information Security Officer 
  • Developing information security policies, standards and procedures 
  • The principles of information security governance 
  • How to carry out a security audit 
  • Implementing an information assurance programme and the importance of stakeholder engagement 
  • The incident management process and the role of digital forensics  
  • The legal information security framework  
  • Information assurance standards and how they should be applied within an organization 

Module 4 - Procedural and People Security Controls 

  • The people threats facing organizations and the importance of a security culture 
  • Practical people controls, including employment contracts, service contracts, codes of conduct and acceptable use policies  
  • Access controls, including authentication and authorization, passwords, tokens and biometrics 
  • The importance of data ownership, privacy; access points, identification and authentication mechanisms, and information classification. 
  • How organizations can raise security awareness and the different approaches to deliver security-related training.  

 Module 5 - Technical Security Controls  

  • The different types of malware and the impact each one can have on an organization’s computer systems 
  • Methods of accessing networks and how related security risks can be controlled 
  • The security issues related to networking services, including mobile computing, instant messaging and voice over IP 
  • Cloud computing deployment models and the security implications of cloud services  
  • The security requirements of an organization’s IT infrastructure and the documentation required to support this. 

Module 6 - Software Deployment and Lifecycle  

  • The software development lifecycle 
  • The role of testing and change control in reducing security related vulnerabilities in a production system 
  • How the risks introduced by third-party and outsourced developments can be mitigated 
  • Test strategies and test approaches, including vulnerability testing, penetration testing and code analysis 
  • The importance of reporting, and how reports should be structured and presented to stakeholders 
  • The principles of auditing and the role played by digital forensics.  

 Module 7 - Physical Security

  • Physical, technical and procedural controls, including good environment design and premises security 
  • Clear screen and clear desk policies 
  • Reducing risks when moving property 
  • Securely disposing of property 
  • Maintaining security in delivery areas 

 Module 8 - Business Continuity and Disaster Recovery

  • The value of business continuity management to an organization 
  • The business continuity management process 
  • The impact of business disruption on an organization and how long disruption should be tolerated 
  • The business continuity implementation process and implementation planning 
  • Disaster recovery strategy and the importance of disaster recovery planning 
  • Different standby systems and how these relate to recovery time 
  • The importance of robust documentation and testing of the plan.  

Module 9 - Cryptography 

  • What cryptography is 
  • How cryptography works through symmetric ciphers, hash functions, asymmetric ciphers and digital
    signatures 
  • Key exchange and management 
  • Models of protection 
  • Cryptanalysis

 Preparing for the Examination 

The final module provides guidance on the structure, format and scoring mechanisms of the BCS Foundation Certificate in Information Security Management Principles examination and provides some hints and tips to help you succeed. 

 It contains a full mock examination that replicates the structure of the CISMP exam to help you prepare. Feedback is provided for each question so you can target your revision. 

Feedback 

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting
started. 

Certificate

Your certificate for this learning path
lock

Training Content

1
Course - Beginner - 7m
Course Introduction
This introductory course explains what you can expect from the learning path BCS Foundation Certificate in Information Security Management Principles - CISMP.
2
Course - Beginner - 22m
Module 1 - Information Security Management Principles
This course introduces the core concepts and definitions used in information security and will provide you with an important foundation for the learning path.
3
Exam - 25m
Knowledge Check: Core Concepts
Knowledge Check: Core Concepts
4
Exam - 25m
Knowledge Check: Benefits of Information Security
Knowledge Check: Benefits of Information Security
5
Course - Beginner - 36m
Module 2 - Information Risk Management
This course provides a strong risk management foundation by investigating what risk is and how it affects an organization.
6
Exam - 25m
Knowledge Check: Understanding Risk
Knowledge Check: Understanding Risk
7
Exam - 25m
Knowledge Check: Risk Management
Knowledge Check: Risk Management
8
Course - Beginner - 1h 35m
Module 3 - Information Security Framework
This course looks at where the security function and the role of the Information Security Officer in developing information security policies, standards, and procedures.
9
Exam - 25m
Knowledge Check: Organization Responsibilities
Knowledge Check: Organization Responsibilities
10
Exam - 25m
Knowledge Check: Policies, Standards, and Procedures
Knowledge Check: Policies, Standards, and Procedures
11
Exam - 25m
Knowledge Check: Information Security Governance
Knowledge Check: Information Security Governance
12
Exam - 25m
Knowledge Check: Implementing Information Security
Knowledge Check: Implementing Information Security
13
Exam - 25m
Knowledge Check: Security Incident Management
Knowledge Check: Security Incident Management
14
Exam - 25m
Knowledge Check: The Legal Framework
Knowledge Check: The Legal Framework
15
Exam - 25m
Knowledge Check: Standards and Procedures
Knowledge Check: Standards and Procedures
16
Course - Beginner - 37m
Module 4 - Procedural and People Security Controls
This course looks at ways in which the threats and vulnerabilities associated with the people who use IT systems can be mitigated.
17
Exam - 25m
Knowledge Check: People Security
Knowledge Check: People Security
18
Exam - 25m
Knowledge Check: User Access Controls
Knowledge Check: User Access Controls
19
Exam - 20m
Knowledge Check: Training and Awareness
Knowledge Check: Training and Awareness
20
Course - Beginner - 1h 36m
Module 5 - Technical Security Controls
This course defines the different types of malware and outlines the impact that each one can have on an organization’s computer systems.
21
Exam - 25m
Knowledge Check: Protection from Malicious Software
Knowledge Check: Protection from Malicious Software
22
Exam - 25m
Knowledge Check: Networks and Communications
Knowledge Check: Networks and Communications
23
Exam - 25m
Knowledge Check: External Services
Knowledge Check: External Services
24
Exam - 25m
Knowledge Check: Cloud Computing
Knowledge Check: Cloud Computing
25
Exam - 25m
Knowledge Check: IT Infrastructure
Knowledge Check: IT Infrastructure
26
Course - Beginner - 28m
Module 6 - Software Deployment and Lifecycle
This course introduces the development lifecycle and describes how robust development practices can considerably reduce security-related vulnerabilities in a production system.
27
Exam - 30m
Knowledge Check: Software Development
Knowledge Check: Software Development
28
Exam - 25m
Knowledge Check: Testing, Audit, and Review
Knowledge Check: Testing, Audit, and Review
29
Course - Beginner - 1m
Module 7 - Physical Security
This course provides you with an understanding of the key areas of physical security.
30
Resource - Beginner - 10m
Module 7 - Physical, Technical and Procedural Controls
Physical, Technical and Procedural Controls - PDF resource
31
Resource - Beginner - 10m
Module 7 - Clear Screen and Desk Policy
Clear Screen and Desk Policy - PDF resource
32
Resource - Beginner - 10m
Module 7 - Moving Property
Moving Property - PDF resource
33
Resource - Beginner - 10m
Module 7 - Secure Disposal
Secure Disposal - PDF resource
34
Resource - Beginner - 10m
Module 7 - Security in Delivery Areas
Security in Delivery Areas - PDF resource
35
Exam - 25m
Knowledge Check: Physical Security
Knowledge Check: Physical Security
36
Course - Beginner - 30m
Module 8 - Business Continuity and Disaster Recovery
This course looks at what business continuity management is, why it’s important and how it can be implemented within the overall risk management process, before reviewing the disaster recovery process.
37
Exam - 25m
Knowledge Check: Business Continuity Management
Knowledge Check: Business Continuity Management
38
Exam - 20m
Knowledge Check: Disaster Recovery
Knowledge Check: Disaster Recovery
39
Course - Beginner - 35m
Module 9 - Cryptography
This course provides a basic understanding of what cryptography is and how it works through symmetric ciphers, hash functions, asymmetric ciphers, and digital signatures.
40
Exam - 25m
Knowledge Check: Cryptography
Knowledge Check: Cryptography
41
Course - Beginner - 4m
Preparing for the Examination
The final module provides guidance on the structure, format and scoring mechanisms of the BCS Foundation Certificate in Information Security Management Principles examination.
42
Exam - 2h
Cert Prep: Certificate in Information Security Management Principles (CISMP)
Cert Prep: Certificate in Information Security Management Principles (CISMP)
About the Author
Students1660
Courses11
Learning paths3

Fred is a trainer and consultant specializing in cyber security.  His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics.  However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking.  From networking it was a natural progression to IT security and cyber security more generally.  As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.