Our British Computer Society (BCS) Accredited Training will help professionals develop their knowledge of the core concepts relating to information security, which can be used to gain the internationally recognised Foundation Certificate in information Security Management Principles qualification.

The training allows participants to grasp a clear understanding of information security management issues including risk management, security standards, legislation and business continuity. The BCS Foundation Certificate in Information Security Management Principles exam will be undertaken on Day 5 of training.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.

  • Aim Show more Show less

    By the end of this training, you will be able to apply the information security management knowledge and principles you have learnt to enhance and secure business processes, inform on related organisational risk decisions and competently liaise with various stakeholders on any matter of cyber security governance, risk or compliance.

  • Audience Show more Show less

    Security professionals who would like to upskill or work in information security or cyber security industry or individuals who need an overview of information security within their role that may not be specific to the industry. Example roles might be:

    • Junior Security Consultants
    • Information Security Specialists
    • Information Security Officers
    • Information Security Managers
    • Head of Security
    • Data Protection Officers
    • Risk/Compliance/Governance practitioners
  • Learning outcomes Show more Show less

    • Understand key terms and concepts relating to both information and cyber security.
    • Consider technical and non-technical vulnerabilities related to cyber security in your organisation.
    • Learn the importance of risk management and the appropriate use of controls.
    • Evaluate reputational, operational or financial risks to your organisation, associated with cyber security.
    • Discover the role of incident management.
    • Recognise the purposes of auditing, change control and configuration management.
    • Determine the need for security policies, standards, operating procedures and guidelines.
    • Comprehend the general principles of law, legal jurisdiction, and how these affect information security management.
    • Demonstrate the differences between business continuity and disaster recovery.
    • Grasp the basic concepts and uses of cryptography.
    • Discuss concepts with various business stakeholders.
    • Learn of the importance of managing the supply chain.
  • Prerequisites Show more Show less

    • Knowledge and use of operational IT systems would be advantageous.
    • An awareness of any regularity or legislative requirements in your organisation.
    • Knowledge of IT security policies or processes used in your organisation.
    • Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
    • For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.
  • Syllabus Show more Show less

    This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

    Information Security Principles

    • Concepts and Definitions
    • The need for, and benefits of, Information Security


    Information Risk

    • Threats to, and vulnerabilities of, Information Systems
    • Risk Management


    Information Security Framework

    • Organization and Responsibilities
    • Organizational Policy, Standards and Procedures
    • Information Security Governance
    • Information Security Implementation
    • Security Incident Management
    • Legal Framework
    • Security Standards and Procedures


    Procedural and People Security Controls

    • People Security
    • User Access Controls
    • Training and Awareness


    Technical Security Controls

    • Protection from Malicious Software
    • Networks and Communications
    • External Services
    • Cloud Computing
    • IT Infrastructure


    Software Development and Lifecycle

    • Security Testing, Audit
    • Software, Development and Support


    Physical and Environmental Security

    • Physical, Technical and Procedural Controls
    • Protection of Equipment
    • Procedures for Secure Disposal
    • Security in Delivery Areas


    • Disaster Recovery and Business Continuity Management
    • Writing and Implementing plans
    • Documentation, Maintenance and Testing
    • Links to Managed Service Provision and Outsourcing
    • Secure off-Site storage of vital material
    • Involvement of personnel, suppliers and IT systems providers
    • Security Incident Management
    • Compliance with Standards
    • Other Technical Aspects
    • Investigations and Forensics
    • Role of Cryptography


    • BCS Practice Exam Preparation
    • PGI Assessment

Want to find out more?