Hero Image

INFOSEC TRAINING

BCS Foundation Certificate in Information
Security Management Principles

An internationally recognised qualification from the BCS that
demonstrates a core understanding of information security

Book Now

Course Features

Pre-course reading

3.5-hour online sessions

Live, interactive Instructor-led training

Unlimited 1-2-1 coaching

Exam preparation

90-minute online BCS exam


Course Overview

In today's always-on, connected, digital economy, rapidly evolving technologies offer a wealth of opportunities for both individuals and organisations, but they also give rise to new, increasingly sophisticated cyberattacks. The widespread use of digital systems to store and share information comes with an increased vulnerability to attacks that can lead to severe consequences, including financial loss, reputational damage, and violations of personal privacy. 

Effective information security management is essential for protecting against these threats. It involves implementing robust measures that prevent unauthorised access, ensure the confidentiality, integrity, and availability of data, and help organisations satisfy their legal and ethical obligations.

First introduced in 1999, the BCS (formerly ISEB) Certificate in Information Security Management Principles (CISMP) is a trusted industry qualification for those who need to understand the fundamental concepts, technologies and principles of information security management. As an entry-level programme, the CISMP is the ideal foundation before progressing onto more advanced practitioner-level programmes in specialised areas. 

The BCS Certificate in Information Security Management Principles provides attendees with practical knowledge of key concepts and techniques in information security. These include risk management and security operations, as well as technical, physical, and environmental security. In addition, the CISMP covers relevant legal and regulatory requirements, business continuity and disaster recovery planning, and emerging technologies. The CISMP also aligns with several information security frameworks, including ISO/IEC 27001, the NIST Cybersecurity Framework, the CIS 18 Critical Security Controls, and Cyber Essentials and Cyber Essentials Plus.

The course follows the latest BCS Syllabus (v10.0) and prepares participants for the 1-hour multiple-choice BCS Exam, administered separately via Questionmark through online remote proctoring.

The course is delivered online, with in-company, onsite courses also available. Delegates can gain a recognised industry qualification by attending five consecutive 4-hour live online sessions across one week.

NOTE: We are only offering on-site courses for this course at this time. Contact for more information.

Course Costs

Attend the BCS Foundation Information Security Management Principles (CISMP) for:

£1,395.00 + VAT

  • 10% discount for subscribing to our PrivacyNewsfeed & Training Announcement Newsletters
  • 15% additional online saving for multiple bookings on public schedule courses
  • In-company options available for teams of 6 or more

BCS training package includes:

  • 5 x 4-hour live online sessions across 1 week, or
  • 3 days for a traditional classroom setting
  • Entrance to the 2-hour, multiple-choice online BCS Examination
  • 1-2-1 coaching and support
  • 1st year BCS Associate membership

Course materials:

  • Detailed eBook course manual (see here for eBook features & print options)
  • Includes free lifetime updates, which means it will never go out of date
  • Full course PowerPoint presentation
  • Exercises & revision materials
  • Sample exam questions

Book Now

Intended Audience

The BCS CISMP is suitable for those individuals with the following roles or responsibilities:

  • IT security, cybersecurity & information security management
  • Information risk
  • Business continuity
  • Data protection compliance
  • Data Protection Officers (DPOs)
  • Information governance
  • IT managers
  • Software engineering
  • Test managers & QA engineers
  • Project managers

Learning Outcomes

By obtaining the BCS Foundation Certificate in Information Security Management Principles (CISMP), award holders will:

  • Develop a fundamental understanding of the concepts and benefits associated with information security management, governance and assurance
  • Explore relevant international standards, frameworks, laws and regulations that impact information security
  • Understand the principles of risk management and key considerations of information lifecycles
  • Discover the models and technologies used in information security architecture
  • Explore common cyber threats, vulnerabilities and attacks
  • Discover the business and technical environments in which information security management must operate
  • Understand the categorisation, operation, effectiveness and characteristics of different types of controls and how they can be used to create a layered defence 
  • Explore the activities involved in planning and recovering from security incidents
  • Recognise the importance of establishing and nurturing a culture of security
Course Itinerary

The BCS Foundation Information Security Management Principles (CISMP) is currently only available online and is delivered over 5-days, with one 4-hour live module each day.

The following schedule is intended as a guide:

Module 1
Introductions, Learning outcomes:
- Exam details & techniques data
Information security management principles, definitions, terms and concepts:
- The importance and benefits of information security
- Different business models and their impact
- Effects of rapidly changing information and business environment
- Balancing cost and impact against the reduction of risk
- Information security policy, standards and procedures, security as an enabler
Information Risk, Threats and Vulnerabilities of information systems:
- Type of threats and threat categorisation
- Vulnerability categorisation
- Understanding and managing risk relating to information systems
- Risk management process
- Types of controls to manage risk
- Impact assessments
Information security framework:
- How risk management should be implemented
- Organisations management of information security
Module 2
Information security framework continued:
- Organisational policies
- Procedures and standards
- Organisational policies
- Information security governance and implantation
- Security incident management
Principles of law, legal jurisdiction and relevant topics that affect information security management, including:
- Data protection
- Intellectual property rights
- Record retention
- Contractual safeguards
- Cryptography technology restrictions
Common established standards and procedures directly relating to information security management:
- National and international standards
- Industry specific standards
- Technical standards
- Certification of information security management systems
The information lifecycle:
- The importance and relevance of the information lifecycle
- Stages of the information lifecycle
- Concepts of the design process lifecycle
Module 3
The information lifecycle continued:
- Security Lifecycle
-Technical audit and review processes
- Change control and configuration management
- Risks to security brought about by systems development and support
Information Security risks and measures involving people:
- User access controls
- Authentication
- Management and reviews of controls
- The importance of appropriate information security training
Module 4
Technical security controls:
- Protecting against malicious software
Communications and networks systems:
- Entry points
- Secure network management
- Value added services
- Cloud computing
Module 5
Physical and environmental security controls:
- General controls and the protection of both IT and not IT equipment and assets
Disaster Recovery and Business Continuity:
- Risk assessment and impact analysis
- Documentation and compliance with relevant standards
Other technical aspects:
- Common practices and principles
- Legal restraints and obligations
- Investigations and forensics
Encryption:
- The role of cryptography in protecting assets and systems
- Awareness of relevant standards and practices
- Common practical applications
BCS CISMP Syllabus

BCS Foundation Certificate Information Security Management Principles (CISMP)
Syllabus version 10.0
April 2025

Download the new syllabus (PDF)

This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.

BCS CISMP Examination
Duration and Format of the Examination

The BCS Foundation Information Security Management Principles (CISMP) exam format is a two-hour multiple-choice examination. The exam is closed book, i.e. no materials can be taken into the examination room.

Format of the Examination
Type40 multiple-choice questions
Duration1 Hour
SupervisedYes
Open BookNo
Pass Mark25/50 (65%)
CalculatorsNo, calculators cannot be used during this examination
DeliveryDigital or paper-based
Additional time for candidates requiring Reasonable Adjustments

Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.

Book Now

Our clients