Information Security Management Principles Foundation

• Professionals interested in information security management
• IT Managers
• Senior Managers

Information Security Management Principles Foundation course material provided

Candidates can achieve this certification after passing the following exam(s).

• CISMP: BCS Foundation Certificate in Information Security Management Principles

The certification exam can be registered and attempted within 3 months of course/module completion at Logitrain training centre on weekdays during business hours (excludes public holidays).

• Information Security Management Principles
• Information Risk
• Information Security Framework
• Security Lifecycle
• Procedural/People Security Controls
• Technical Security Controls
• Physical and Environmental Security Controls
• Disaster Recovery and Business Continuity Management
• Other Technical Aspects

This course is likely to add to the employment-related skills of the participants. The skills developed are likely to be used in the course of being an employee or working in a business.

• Identify definitions, meanings and use of concepts and terms across information security management
• Explain the need for, and the benefits of information security
• Threats and vulnerabilities lead to risks
• Threats and vulnerabilities apply specifically to IT systems
• The business must assess the risks in terms of the impact suffered by the organisation should the risk materialise
• To determine the most appropriate response to a risk and the activities required to achieve the effective management of risks over time
• Explain how risk management should be implemented in an organisation
• The organisation’s management of information security
• Organisational policy, standards and procedures
• Information security governance
• Information security implementation
• Security incident management
• Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management covering a broad spectrum from the security implications on compliance with legal requirements affecting business (e.g. international electronic commerce) to laws that directly affect the way information can be monitored and copied.
• Describe the number of common, established standards and procedures that directly affect information security management
• Demonstrate an understanding of the importance and relevance of the information lifecycle
• Identify the following stages of the information lifecycle.
• Outline the following concepts of the design process lifecycle including essential and non-functional requirements
• Demonstrate an understanding of the importance of appropriate technical audit and review processes, of effective change control and of configuration management
• Explain the risks to security brought about by systems development and support
• Explain the risks to information security involving people
• Describe user access controls that may be used to manage those risks
• Identify the importance of appropriate training for all those involved with information
• Outline the technical controls that can be used to help ensure protection from Malicious Software
• Identify information security principles associated with the underlying networks and communications systems
• Recognise the information security issues relating to value-added services that use the underlying networks and communications systems
• Recall the information security issues relating to organisations that utilise cloud computing facilities. Cloud computing is location independent computing providing off-site resources, (e.g. services, applications and storage facilities)
• Define the following aspects of security in information systems, including operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure
• Outline the physical aspects of security available in multi-layered defences and explain how the environmental risks to information in terms of the need, for example, for appropriate power supplies, protection from natural risks (fire, flood, etc.) and in the everyday operations of an organisation
• Describe (K1/2) the differences between and the need for business continuity and disaster recovery
• Demonstrate understanding of the principles and common practices, including any legal constraints and obligations, so they can contribute appropriately to investigations