BCS Foundation Certificate in Information Security Management Principles - Virtual Classroom

How does the Exam Pass Guarantee work?

We have found our Virtual Classroom training has provided higher pass rates, which has made us confident to offer an Exam Pass Guarantee, so you know we’ll support you until you are certified.

With our Exam Pass Guarantee, if you do not pass the exam after attending this training course with us, you will be eligible to attend the same training again for free.

All we ask is that you:

•    Attend all class days and complete all assignments
•    Take the exam within 30 days of completing your Virtual Classroom training
•    Request your course re-enrolment within 30 days of the failed exam attempt

Please Note:

Students retaking the course are required to use any materials or books distributed to them in their original course session. Failure to provide these materials will result in the student being charged for replacement materials.

*Exam Pass Guarantee does not include the resit exam; this would need to be purchased at an additional cost.

Is the BCS Foundation Certificate in Information Security Management Principles course suitable for me? 

This course is suitable for anyone who has an interest in information security, either for general business knowledge to enhance your current skill set, or to work towards a career change into this area. This training certificate will provide you with a firm foundation of knowledge, which other qualifications can be built on, to progress into more senior job roles. 

Those who already work in this sector, will be able to enhance or refresh their current knowledge and gain an industry recognised qualification, demonstrating the level of knowledge gained.

What jobs can I apply for after my Foundation Certificate in Information Security Management Principles training? 

Typically, our delegates go on to work in the following job roles:

•    Information Security Analyst - £44k
•    Information Security Officer - £47k
•    Information Security Consultant - £50k
•    Information Security Specialist - £53k
•    Information Security Manager - £55k

(Source: Payscale)

Foundation Certificate in Information Security Management Principles Syllabus

Learning Outcomes

Delegates will be able to demonstrate knowledge and understanding of Information Security Management Principles in the following areas:

•    Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures).
•    Understanding of the relevant current legislation and regulations which impact upon information security management.
•    Comprehension of the relevant current national and international standards, frameworks and organisations which facilitate the management of information security.
•    Knowledge of the environments in which information security management must operate.
•    Understanding of the categorisation, operation, and effectiveness of controls of different types and characteristics.

Information Security Management Principles (10%)

•    Identify definitions, meanings and use of concepts and terms across information security management.
•    Information security
•    Asset and asset types
•    Asset value and asset valuation
•    Threat, vulnerability, impact, and risk, and more.

Information Risk (10%)

•    Threats and vulnerabilities lead to risks
•    Threats and vulnerabilities apply specifically to IT systems
•    Operational types of controls – physical, procedural (people) and technical
•    The purpose of and approaches to impact
•    Identifying and accounting for the value of information assets

Information Security Framework (15%)

•    Explain how risk management should be implemented in an organisation.
•    The organisation’s management of information security
•    Information security roles in an enterprise

Security Lifecycle (10%)

•    Demonstrate an understanding of the importance and relevance of the information lifecycle
•    Use of architecture frameworks e.g. SABSA, TOGAF
•    Agile development i.e. DevOps, DevSecOps and potential conflict with security
•    Sharing of information by design
•    Service continuity and reliability, and more.

Procedural/People Security Controls (15%)

•    Explain the risks to information security involving people.
•    Organisational culture of security
•    Employee, contractor, and business partner awareness of the need for security
•    Security clearance and vetting
•    Role of contracts of employment

Technical Security Controls (25%)

•    Outline the technical controls that can be used to help ensure protection from Malicious Software.
•    Types of malicious software – Trojans, botnets, viruses, worms, active
•    Different ways systems can get infected (e.g. phishing, spear-phishing, click-bait, third party content)
•    Methods of control
•    Security by design, security by default and configuration management
•    Entry points in networks and associated authentication techniques
•    The role of cryptography in network security
•    Controlling third party access

Physical and Environmental Security Controls (5%)

•    Outline the physical aspects of security available in multi-layered
•    General controls and monitoring of access to and protection of physical sites, offices, secure areas, cabinets, and rooms
•    Protection of IT and non-IT equipment
•    Need for processes to handle intruder alerts, deliberate or accidental physical events, etc.
•    Clear screen and desk policy
•    Procedures for the disposal of equipment with digital-data retention facilities

Disaster Recovery and Business Continuity Management (5%)

•    Relationship with risk assessment and impact analysis
•    Resilience of systems and infrastructure
•    Approaches to writing and implementing plans
•    Need for documentation, maintenance and testing of plans
•    Relationship with security incident management
•    Compliance with standards

Other Technical Aspects (5%)

•    Common processes, tools, and techniques for conducting investigations, including intelligence sharing platforms
•    Legal and regulatory guidelines for disclosures, investigations, forensic readiness and evidence preservation
•    Need for relations with law enforcement, including specialist computer crime units and security advice
•    Issues when buying-in forensics and investigative support from third parties
•    Describe the role of cryptography in protecting systems and assets
•    Basic cryptographic theory, techniques and algorithm types

Information Security Management Principles Exam Details 

Exam Type - Multiple-choice.

Number of questions - 100.

Duration - 120-mins.

Supervised - Yes.

Open book - No.

Pass mark – 65/100 (65%).