BCS Certificate in Information Security Management Principles Total Learning

QA Total Learning™ is our newest and most effective way to learn.

This course is for security professionals who want to begin their certification journey within the Information Security field by attaining a BCS accredited qualification in Information Security Management Principles.

Learners will be Security Professionals who are looking to begin their certification and badging journey in the Cyber Security field. Alternatively, learners may be looking to begin their career in Cyber Security by learning about Information Security principles and practices.

In this Total Learning course, learners will have the best of both digital and live learning to learn the fundamental skills needed to secure information whilst also preparing themselves for official certification. The digital learning component (either exam- or skills-focused), involves sample exam questions, quizzes, and combination of video and written content.

At the end of this course, the learner will be able to:

• Recognise why information security is required.
• Identify Information Security Management System (ISMS) concepts and definitions
• Define information risk management
• Recognise corporate governance and organisational responsibilities, policies, standards, and procedures
• Specify relevant ISO and IEC standards
• Recognise information security controls
• Appreciate incident management and legal frameworks
• Identify areas of cryptography
• Investigate data communications and networks, physical security and security auditing, training, and awareness
• Recognise business continuity and disaster recovery
• Identify areas of testing, audit and review and system development
• Examine security investigations and forensics

There are no specific prerequisites for this course. It is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners, and employees with legal compliance responsibilities.

This Total Learning course consists of three key stages, all explained during a 1-hour virtual kick off session, which includes a Q&A session:

• Digital stage: 25 hours structured digital self-paced learning, completed over a minimum of 4 weeks.
• Live stage: 3 day virtual event.
• Exam: A two-hour, online multiple-choice exam.

The Digital Stage

The Digital Learning is valid for 3 months from the date of the kick off session

The Digital stage provides learners with the Foundational knowledge that is developed later in the Live stage. It is a self-paced, online learning experience, supplemented by videos to highlight key areas from industry experts. Regular review questions help learners judge and measure their progress and understanding.

The Digital stage is divided into seven Learning Paths:

• Learning Path 1: An introduction to information risk management
• Learning Path 2: Information security framework
• Learning Path 3: Security Lifecycle
• Learning Path 4: Procedural and people security
• Learning Path 5: Technical and Security Controls
• Learning Path 6: Introduction to Cryptography
• Learning Path 7: Physical and Environmental Controls

These Learning Paths cover:

• Information Risk Management
• Risk Management Lifecycle & Treatment
• Introduction to the Information Security Framework
• Security Strategy and Legislation
• Information Assurance & Standards
• Information Lifecycle & Testing
• Testing, Audit and Review
• Procedural and People Security Controls
• Protection from Malware
• Network Communications
• External Services
• Virtualisation and Cloud Computing
• IT Infrastructure Security
• Cryptography
• Physical & Environmental Controls
• Security Incident Management
• Business Continuity Management and Disaster Recovery
• Preparing for the Exam

Live Event

In the Live event, a facilitator supports learners, as they explore case studies and scenarios to develop and deepen the knowledge and skills they gained in the Digital stage.

The Live event is highly collaborative, and learners interact with one another and the facilitator using Miro, an online collaboration tool. Learners will also complete daily quizzes to help consolidate what they learn.

The Live event will also help learners prepare for the CISMP exam: a mock exam provides exam day practice, and the facilitator will share tips and techniques to build exam day confidence.

Day 1 Exercises

• Cyber Kill Chain scenario
• Recap Confidentiality. Integrity and availability
• Threat Management and Conduct scenario
• Mobile phone security scenario
• Security Architecture scenario
• Supply Chain security scenario
• Common Criteria scenario (ISO15408)
• Recap Data Classification
• Intellectual property Rights (Patent, Trademark, Trade secret and copyright) scenario
• New Database Scenario

Day 2 Exercises

• Insider threat Scenario
• Permission Creep Scenario
• DDOS attack activity
• Threat Vector (offensive/defensive) Scenario
• Training Plan for a Security Operations centre Scenario
• Virus Containment Scenario
• Recap Cyber- Firewalls/Honeypots/AI/Machine Learning
• Recap Cryptography
• Disposal of equipment Scenario
• Forensic Readiness Plan

Day 3 Exercises

• Ransomware scenario (Based on a real-world example)
• ‘White Tailed Eagle’ scenarios (threats/Vulnerabilities/ISO 27001/Business Impact Assessment/risk assessments/ Information assurance/end user code of practice)
• Q&A
• Mock exam quiz to help delegates prepare for their CISMP exam.

The BCS CISMP Exam

The course will prepare leaners for the BCS Certificate in Information Security Management Principles (BCS CISMP) through practical learning and mock exam preparation.

The exam consists of 100 multiple-choice questions to be completed in a 2-hour exam, with learners needing 65% (65/100) to attain certification.

The exam is to be booked and taken outside of the Live event to allow learners to adequately prepare before taking the exam.