By the end of the course, participants will be able to:
Understand the current business and common technical environments in which information security must operate.
Recognize current national and international standards, frameworks and organizations which facilitate the management of information security.
Explain the fundamental concepts relating to information security management.
Describe the categorization, operation and effectiveness of controls of different types and characteristics.
Understand current legislation and regulations which impact upon information security management.
This course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities.
Information security concepts
Information security risk management
Information security governance
Business continuity management and disaster recovery
Understanding of technical security controls
BCS, The Chartered Institute for IT, formerly known as the British Computer Society until 2009, is a professional body and a learned society that represents those working in information technology (IT) and computer science, both in the United Kingdom and internationally. The BCS Foundation Certificate in Information Security Management Principles qualification enables candidates to gain a clear understanding of IS management issues including risk management, security standards, legislation and business continuity.
The Certificate in Information Security Management Principles exam takes place at the end of the course on the final day, the exam takes place online.
Information Security Management PrinciplesConcepts and Definitions
Information RiskThreatsVulnerabilitiesRisk Management
Information Security FrameworkOrganizations and responsibilitiesOrganizational policy, standards, and proceduresInformation security governanceInformation assurance program implementationSecurity incident managementLegal frameworksSecurity standards and procedures
Security LifecycleThe information life cycleTesting, audit, and reviewSystems development and support
Procedural / People Security ControlsGeneral controlsPeople securityUser access controlsTraining and awareness
Technical Security ControlsTechnical securityProtection from malicious softwareNetworks and communicationsOperational TechnologyExternal servicesCloud computingIT infrastructure
Physical and Environmental Security ControlsPhysical SecurityDifferent uses of controls
Disaster Recovery (DR) and Business Continuity Management (BCM)Relationship between DR/BCP, risk assessment and impact analysisResilience and redundancyApproached to writing plans and implementing plansThe need for documentation, maintenance, and testingThe need for links to managed service provision and outsourcingThe need for secure off-site storage of vital materialThe need to involve personnel, suppliers, and IT systems providersRelationship with security incident managementCompliance with standards
Other Technical AspectsInvestigations and forensicsRole of cryptographyThreat intelligence