Digital Threat Digest Insights Careers Let's talk

Certificate in Information Security Management Principles (CISMP)

Our British Computer Society (BCS) Accredited Training will help professionals develop their knowledge of the core concepts relating to information security and enable their organisation to be prepared for the changes that are happening in the cyber security world now and in the future.


This understanding can be used to gain the internationally recognised BCS Foundation Certificate in Information Security Management Principles qualification – the exam is typically taken on the final day of the training course.

The certificate supports those who would like to work in information security while equally supporting those who need an overview of information security within their role that may not be specific to the industry. This enables those taking the exam to become either an informed customer or use it as a steppingstone to start their information security career.

BCS certifications set candidates on a professional development pathway aligned to industry standards – RITTech, CITP and SFIAplus – enabling them to gain the professional recognition they deserve for their experience and expertise.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.


By the end of this training, you will have gained a clear understanding of information security management issues including risk management, security standards, legislation, and business continuity.


IT professionals seeking to understand information security knowledge or new information/cyber security practitioners who need an overview of information security within their role that may not be specific to the industry. Example roles might include:

  • New Cyber Security Practitioners
  • Security Consultants
  • Information/Cyber Security Managers
  • Cyber Security Engineers
  • Cyber Security Technicians
  • IT/Cyber security practitioners with responsibilities in governance, risk and/or compliance.
  • Practitioners in IT, Financial Services, Insurance Services, Communications, Facilities, etc.
Example learning outcomes

Knowledge and understanding of:

  • Risk assessment, mitigation, and management methods.
  • Relevant information security aspects of legislative and regulatory requirements, relating to ethics and privacy.
  • Principles of information security and privacy.
  • Information security related threats and vulnerabilities.
  • Likely operational impact on an organisation of information security breaches.
  • Information security authentication, authorisation, and access control methods.
  • Information security defense and vulnerability assessment tools and their capabilities.
  • Encryption algorithms, their relative strengths and weaknesses and appropriate selection criteria.
  • Cryptography and cryptographic key management concepts.
  • Information security aspects of business continuity and disaster recovery planning and including testing.
  • Host and network access control mechanisms.
  • Information security controls and privacy requirements for the management of risks relating to data.
  • Information security and privacy principles as they apply to software development.
  • Best practices for incident response and incident management.
  • Information security and privacy principles and organisational requirements.
  • Policy-based and risk adaptive access controls.
  • System and application security threats and vulnerabilities.
  • Aspects of system lifecycle management.
  • Systems testing and evaluation methods.
  • Components of a network attack and their relationship to threats and vulnerabilities.
  • Best practices for supply chain risk management.
  • Information security threats, risks and issues posed by new technologies and malicious actors.
  • Supply chain risk management standards, processes, and practices from a cybersecurity perspective.
  • Effective risk and threat assessment methods.
  • Cloud service models and how those models can limit incident response.
  • Data security standards relating to the sector in which an organisation operates.
  • Best practice IT risk management methodologies.
  • Systems security testing and evaluation methods.
  • Access authentication methods.
  • Information security risk management and mitigation strategies.
  • What constitutes a threat to network security.
  • Controls related to the use, processing, storage, and transmission of data.

Skills in:

  • Applying core information security principles.
  • Assessing security controls based on information security principles and tenets.
  • Performing information security related impact and risk assessments.
  • Applying information security and privacy principles to organisational requirements.
  • Using risk scoring to inform performance-based and cost-effective approaches to help an organisation manage its information security risk.
  • Identifying information security and privacy issues relating to connections with internal and external third parties and their supply chain.
  • Determining the security control requirements of information systems and networks.
  • Applying appropriate information security controls.
  • Developing, deploying, and integrating policies that meet organisational system information security objectives.
  • Reviewing corporate strategies or applicable legal, regulatory or policy documents to identify issues requiring clarification or action.
  • Creating and maintaining information security policies aligned with the organisation’s privacy objectives.

To be successful in completing this training and attempting to achieve the certificate, knowledge of security technologies and a high level of understanding of where information is stored within an organisation is advised, as well as additional knowledge of:

  • Processes for reporting information security incidents.
  • An organisation’s core business processes and how information security affects them.
  • Information security policies, procedures, and regulations.
  • Relevant legislative and regulatory requirements.
  • Data security standards relating to personally identifiable information.
  • Procedures for reporting compromise of data. 
  • Cyber security defense and vulnerability assessment tools and their capabilities.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

  • Web and mobile security
  • Risk management and governance
  • Human factors
  • Secure software lifecycle
  • Operating systems and virtualisation
  • Adversarial behaviours
  • Network security
  • Security operations and incident management
  • Software security
  • Exam preparation
  • BCS exam
BCS Membership

Those who successfully pass the CISMP exam are eligible for free Associate membership of BCS, the Chartered Institute for IT, worth £88. The candidate will receive free BCS membership for 1 year which provides a host of benefits such as:

Professional recognition: Tools to gain recognition within the industry include post nominal letters AMBCS, and a defined path to Chartered status via Professional membership.

Career development: To plan and track progression, members use BCS’ Personal Development Plan (PDP), the CPD portal and gain full access to Browse SFIAplus, the online tool that allows you to explore the industry framework for IT skills, training and development.

Networking: Top people, great ideas, and the latest thinking locally, nationally and online – BCS’ global networking opportunities are unrivalled and include branches, specialist groups and the Member Network.

Knowledge and best practice: From the latest industry news to NCS massive online library, the Institute’s information services keep members up to date with best practice, and at the cutting edge of IT.

Exclusive discounts and offers: Adding even more value to membership, BCS discounts and free services enable members to enjoy savings both at work and at home

Please visit Springboard BCS Membership on YouTube to watch the Introduction to Springboard to review benefits provided with their Associate Membership.

Information about Associate membership

Introduction to Springboard – YouTube