CISMP Training

Enhance your security management career with our BCS Certificate in Information Security Management Principles.

What is CISMP Training?

The CISMP qualification is a globally recognised certification which teaches you about information security management and the need for it. This cyber security course will cover how companies may choose their controls depending on certain risks with information security. CISMP gives a useful insight into how businesses apply the appropriate security controls to minimise potential risks. The course essentially focuses on principles rather than the technological details. If completed, the CISMP certification enables access to further, more progressive training courses.

Who is the CISMP Training course for?

This course is highly useful for anyone within an information security management team or anyone who is an IT manager. People in IT security or auditor positions may also benefit from this course. Although anyone is permitted to enrol in this course, having IT and information security knowledge would be advantageous.

What elements will the CISMP training course cover?

Learning and developing information security management knowledge. Such aspects include vulnerability, integrity, confidentiality, and threats.
Acknowledgement of regulations and laws which affect information security management.
Awareness of national and international structures and expectations which determine the components of information security management.
Acknowledgement of the business environments in which information security management must adapt to.

Course Reading

You will be required to purchase the following book: ISBN 978-1-78017-175-3 which is the Information Security Management Principles book.

Evening Work

Studying and revising any of the material covered in the previous session will be highly advantageous in retaining the knowledge to prepare you for the exam.

Exams

The CISMP exam lasts for a total of 2 hours and contains 100 multiple choice questions. The exam will be sat on the final day of the course.

Course Objectives

Enhance your security management career with our BCS Certificate in Information Security Management Principles.

The CISMP qualification is a globally recognised certification which teaches you about information security management and the need for it. This course will cover how companies may choose their controls depending on certain risks with information security.

At the end of completing the CISMP course delegates will:

Gain knowledge on Information Security Management
Understand Information Security Management regulations and legislation
Gain awareness of the Information Security Management national/international standards

Who is this course for?

There are no formal requirements for entry to the course.

The need for, and benefits of, information security: Corporate Governance.
Information risk management.
Information security organisation & responsibilities: Legal and regulatory obligations.
Policies, standards & procedures: Delivering a balanced ISMS. Security procedures.
Information security governance: Policy reviews. Security audits.
Security incident management: Objectives and stages of incident management.
Information security implementation: Getting management buy-in.
Legal framework: Processing personal data. Employment issues. Computer misuse. Intellectual property rights. Data Protection Act.
Security standards & procedures: ISO/IEC 27002 and ISO/IEC 15408.
Threats to, and vulnerabilities of, information systems.
People security: Organisational culture. Acceptable use policies.
Systems development & support: Linking security to whole business process. Change management process. Handling security patches.
Role of cryptography: Common encryption models.
Protection from malicious software: Methods of control.
User access controls: Authentication and authorisation mechanisms.
Networks & communications: Partitioning networks. Role of cryptography. Controlling 3rd party access. Intrusion monitoring. Penetration testing, cloud computing.
External services: Protection of Web servers and e-commerce applications.
IT infrastructure: Operating, network, database and file management systems.
Testing, audit & review: Strategies for security testing of business systems.
Training: The purpose and role of training. Promoting awareness.
Physical & environmental security: Controlling access and protecting physical sites and assets.
Disaster recovery & business continuity management: Relationship between risk assessment and impact analysis.
Investigations & forensics: Common processes, tools and techniques. Legal and regulatory guidelines.