Information Security courses are available at various centres throughout the UK. These courses can be delivered onsite upon request.
The Course
This intensive and highly practical 5 day course has been accredited by the Information Systems Examination Board (ISEB) of the British Computer Society (BCS). The course has been designed to provide the necessary information and guidance in order for delegates to be able to fulfil their roles as information security officers or information risk decision takers.
The course will enable delegates to confidently sit the 2 hour multiple choice BCS/ISEB Certificate in Information Security Management Principles (CISMP) exam which is taken on the final afternoon of the course.
Who Should Attend
The course will benefit: members of information security management team, IT managers, security/systems administrators and coordinators, internal auditors, staff with a local security co-ordination role, staff responsible for legal and corporate governance, staff responsible for information assets and systems.
Delivery Format
The CISMP course is a mixture of traditional classroom training, syndicate exercises, mock exams and group discussions. Delegates are encouraged to participate throughout the course and are presented with draft policies and worked examples for discussion. There is a small amount of evening work which is mainly the revision of the comprehensive courseware notes.
Pre-requisites
The recommended pre-requisite for attending this course and sitting the exam is a minimum of one year's experience in an IT function.
Outline
- Information security concepts & definitions: Information Security Management System (ISMS) concept.
- The need for, and benefits of, information security: Corporate Governance.
- Information risk management.
- Information security organisation & responsibilities: Legal and regulatory obligations.
- Policies, standards & procedures: Delivering balanced ISMS. Security procedures.
- Information security governance: Policy reviews. Security audits.
- Security incident management: Objectives and stages of incident management.
- Information security implementation: Getting management buy-in.
- Legal framework: Processing personal data. Employment issues.
- Computer misuse. Intellectual property rights. Data Protection Act.
- Security standards & procedures: ISO/IEC 27002 and ISO/IEC 13335.
- Threats to, and vulnerabilities of, information systems.
- People security: Organisational culture. Acceptable use policies.
- Systems development & support: Linking security to whole business process. Change management process. Handling security patches.
- Role of cryptography: Common encryption models.
- Protection from malicious software: Methods of control.
- User access controls: Authentication and authorisation mechanisms.
- Networks & communications: Partitioning networks. Role of cryptography.
- Controlling 3rd party access. Intrusion monitoring. Penetration testing.
- External services: Protection of Web servers and e-commerce applications.
- IT infrastructure: Operating, network, database and file management systems.
- Testing, audit & review: Strategies for security testing of business systems.
- Training: The purpose and role of training. Promoting awareness.
- Physical & environmental security: Controlling access and protecting physical sites and assets.
- Disaster recovery & business continuity management: Relationship between risk assessment and impact analysis.
- Investigations & forensics: Common processes, tools and techniques.
- Legal and regulatory guidelines
Download Course Outline Now