MASTER CLASS INFORMATION SECURITY MANAGEMENT PRINCIPLES

TRAINING OVERVIEW

The BCS Foundation Certificate in Information Security Management Principles (CISMP) is an introductory-level program focused on information security, devoid of technical complexities. Delivered over five days, this course aims to equip individuals with the necessary competencies to oversee information security, information assurance, and risk-based processes effectively.

CISMP certification furnishes participants with in-depth comprehension of key information security concepts such as confidentiality, integrity, availability, vulnerability, threats, risks, and countermeasures. Moreover, it instils an awareness of pertinent legislation and regulations governing information security management. Certified individuals will adeptly apply the practical principles learned during the course to fortify and enhance the security of their routine business operations.

Aligned with the latest BCS syllabus, the course readies participants for the BCS examination, which comprises multiple-choice questions. The examination fee is covered within the course fee, and participants have the flexibility to take the exam remotely at their convenience.

TRAINING TOPICS

• Information security management principles
• Security lifecycle
• Procedural / people security controls
• Technical security controls
• Physical and environmental security controls
• Disaster recovery (DR) and business continuity management (BCM)
• Technical aspects

By the end of this training course, delegates will be able to

• Understand the current business and common technical environments in which information security must operate.
• Recognize current national and international standards, frameworks, and organizations which facilitate the management of information security.
• Explain the fundamental concepts relating to information security management.
• Describe the categorization, operation, and effectiveness of controls of different types and characteristics.
• Understand current legislation and regulations which impact upon information security management.

 TRAINING IS TAILORED TO

• Members of information security management teams
• IT managers
• Security and systems managers
• Information asset owners
• Employees with legal compliance responsibilities

TARGET COMPETENCIES

• Information security concepts
• Information security risk management
• Information security governance
• Business continuity management and disaster recovery
• Understanding of technical security controls

TRAINING METHODOLOGY

Training Methodology: The Certificate in Information Security Management Principles training by DixonTech is structured around a comprehensive and interactive approach designed to maximize participant engagement and knowledge retention. Our training methodology incorporates a blend of theoretical learning, practical exercises, case studies, group discussions, and real-world scenarios to ensure a holistic understanding of information security management principles. Throughout the four rigorous modules, participants will benefit from expert-led sessions, hands-on activities, and peer-to-peer collaboration, fostering a dynamic learning environment. Emphasizing practical application, our methodology enables participants to develop critical skills and competencies essential for effectively managing information security within their organizations. With a focus on experiential learning and continuous improvement, DixonTech's training methodology ensures that participants are well-equipped to navigate the complexities of modern information security challenges.

DAY 1:

INFORMATION SECURITY MANAGEMENT PRINCIPLES

• Concepts and Definitions

INFORMATION RISK

• Threats
• Vulnerabilities
• Risk Management

INFORMATION SECURITY FRAMEWORK

• Organizations and responsibilities
• Organizational policy, standards, and procedures
• Information security governance
• Information assurance program implementation
• Security incident management
• Legal frameworks
• Security standards and procedures

DAY 2:

SECURITY LIFECYCLE

• The information life cycle
• Testing, audit, and review
• Systems development and support

PROCEDURAL / PEOPLE SECURITY CONTROLS

• General controls
• People security
• User access controls
• Training and awareness

DAY 3:

TECHNICAL SECURITY CONTROLS

• Technical security
• Protection from malicious software
• Networks and communications
• Operational Technology
• External services
• Cloud computing
• IT infrastructure

PHYSICAL AND ENVIRONMENTAL SECURITY CONTROLS

• Physical Security
• Different uses of controls

DAY 4:

DISASTER RECOVERY (DR) AND BUSINESS CONTINUITY MANAGEMENT (BCM)

• Relationship between DR/BCP, risk assessment and impact analysis
• Resilience and redundancy
• Approached to writing plans and implementing plans
• The need for documentation, maintenance, and testing
• The need for links to managed service provision and outsourcing
• The need for secure off-site storage of vital material
• The need to involve personnel, suppliers, and IT systems providers
• Relationship with security incident management
• Compliance with standards

DAY 5:

OTHER TECHNICAL ASPECTS

• Investigations and forensics
• Role of cryptography