BCS Foundation Certificate in Information Security Management Principles (CISMP) 4 day Training Course

Last updated

Course Code



28 hours (usually 4 days including breaks)


There are no formal entry requirements however, the candidate should have basic working IT knowledge and an awareness of the issues involved with the security control activities.


Who is it for:

Anyone with an interest in information security, whether as a career or for general business knowledge.

This certificate is relevant to anyone requiring an understanding of Information Security Management Principles as well as those with an interest in information security either as a potential career or as an additional part of their general business knowledge. It is very much a firm foundation on which other qualifications can be built or which provides a thorough general understanding to enable organisations to begin to ensure their information is protected appropriately.

What will I learn:

Candidates should be able to demonstrate: 

  • Knowledge of the concepts relating to information security management. 
  • Understanding of current national legislation and regulations which impact upon information security management. 
  • Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security.  
  • Understanding of the current business and common technical environments in which information security management must operate. 
  • Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics. 

Note: This is the four day course which adds one additional day to the standard delivery to provide more time for exam preparation and practice exercises.


BCS - The Chartered Institute for IT

To complement our core professional skills development NobleProg has been approved as a BCS Accredited Training Partner.

Delivered by our expert trainers we will be offering a number of in-demand BCS certifications.

Course Outline

The syllabus includes training objectives, details of modules and a recommended reading list:

The latest syllabus

1. Information Security Management Principles

  • Identify definitions, meanings and use of concepts and terms across information security management.
  • Explain the need for, and the benefits of information security

2. Information Risk

  • Outline the threats to and vulnerabilities of information systems
  • Describe the processes for understanding and managing risk relating to information systems - strategic, tactical, operational

3. Information Security Framework

  • Explain how risk management should be implemented in an organisation
    • The organisation’s management of information security
    • Organisational policy, standards and procedures
    • Information security governance
    • Information security implementation
    • Security incident management
  • Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management
  • Common, established standards and procedures that directly affect information security management

4. Security Lifecycle

  • The importance and relevance of the information lifecycle
  • The stages of the information lifecycle
  • The design process lifecycle including essential and nonfunctional requirements (architecture frameworks, Agile development, Service continuity and reliability)
  • The importance of appropriate technical audit and review processes, of effective change control and of configuration management
  • The risks to security brought about by systems development and support

5. Procedural/People Security Controls

  • The risks to information security involving people (Organisational culture of security)
  • User access controls that may be used to manage those risks

6. Technical Security Controls

  • Technical controls that can be used to help ensure protection from Malicious Software
  • Information security principles associated with the underlying networks and communications systems
    • Entry points in networks and associated authentication techniques
    • The role of cryptography in network security
  • Information security issues relating to value-added services that use the underlying networks and communications systems
  • Information security issues relating to organisations that utilise cloud computing facilities
  • Operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure

7. Physical and Environmental Security Controls

  • Physical aspects of security in multi-layered defences
  • Environmental risks

8. Disaster Recovery and Business Continuity Management

  • Differences between and the need for business continuity and disaster recovery

9. Other Technical Aspects

  • Understanding of the principles and common practices, including any legal constraints and obligations, so they can contribute appropriately to investigations
  • The role of cryptography in protecting systems and assets, including awareness of the relevant standards and practices


Note: This is the four day course which adds one additional day to the standard delivery to provide more time for exam preparation and practice exercises.


NobleProg is a BCS Accredited Training Provider.

This course will be delivered by an expert NobleProg trainer approved by BCS.

The price includes delivery of the full course syllabus by an approved BCS trainer and the BCS CISMP exam (which can be taken remotely in your own time and is invigilated centrally by BCS). Subject to successfully passing the exam (multiple choice, requiring a score of at least 65% to pass) participants will hold the accredited BCS Foundation Certificate in Information Security Management Principles (CISMP).

Related Categories

Related Courses

Course Discounts

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients

is growing fast!

We are looking to expand our presence in Ireland!

As a Business Development Manager you will:

  • expand business in Ireland
  • recruit local talent (sales, agents, trainers, consultants)
  • recruit local trainers and consultants

We offer:

  • Artificial Intelligence and Big Data systems to support your local operation
  • high-tech automation
  • continuously upgraded course catalogue and content
  • good fun in international team

If you are interested in running a high-tech, high-quality training and consulting business.

Apply now!

This site in other countries/regions