BCS Foundation Certificate in Information Security Management Principles

Book Now

An internationally recognised qualification from the BCS that
demonstrates a core understanding of information security


First introduced in 1999, the BCS (formerly ISEB) Certificate in Information Security Management Principles (CISMP) is a trusted foundation-level industry qualification ideally suited for those new to the subject before they progress onto more advanced practitioner-level programmes in specialised areas. The current version of the BCS syllabus (v9.0) was refreshed and reformatted in 2020. The CISMP covers a broad range of topics and is closely aligned with ISO/IEC 27001, the international standard for information security. Award holders will develop an understanding of key concepts in information security, risk management, business continuity as well as related data governance and regulatory compliance areas.



online sessions

Flexible live
interactive training

In course
exam preparation

2-hour online
BCS examination


Code Course Start Duration Location Booking
FC-ISMP BCS Foundation Certificate Information Security Management principles 29 Jan 24 5 X 4hr Sessions Online Book now

BCS Foundation Certificate Information Security Management principles (FC-ISMP)

Starts: 29 Jan 24

Duration: 5 X 4hr Sessions

Location: Online

Book now

Course Overview

Like data protection compliance, information security management is a business issue that affects the entire organisation. Whereas data protection addresses the legal (and ethical) obligations placed on organisations relating to personal data, information security is concerned with reducing the risks to all data assets. In order for an organisation to maintain its ability to operate, a comprehensive information security management structure should be implemented, which includes responsibilities for all employees, particularly those performing governance, risk and compliance, security, or IT roles, along with anyone in appropriate management and leadership positions.

As a foundation-level course, the BCS certificate in information security management principles is an ideal entry point for individuals who require practical knowledge of the concepts and techniques around information security, risk management, business continuity, relevant legal and regulatory requirements, as well as international standards and frameworks. At its core, the BCS CISMP training is aligned with ISO/IEC 27001, the international standard for information security.

The course is delivered online for convenience and for the significant environmental and sustainability benefits it offers. Delegates can gain a recognised foundation-level workplace qualification at home or from their desk by attending five consecutive 4-hour live online sessions across one week. The course follows the latest BCS Syllabus (v9.0) and prepares participants for the 2-hour multiple-choice BCS Exam, administered separately via Questionmark through online remote proctoring.

Learning outcomes

By obtaining the BCS Foundation Certificate Information Security Management Principles, award holders will be able to demonstrate:

  • Knowledge of core information security concepts (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures)
  • Understanding of the legislation and regulations that impact information security management
  • Awareness of relevant national and international standards and frameworks
  • Knowledge of the business and technical environments in which information security management must operate
  • Understanding of the categorisation, operation and effectiveness of controls of different types and characteristics

Who should attend?

The BCS CiSMP training will benefit anyone where information security impacts upon their role. The course is an ideal entry point providing a foundation for other qualifications to build on. Individuals working in the following areas or roles will benefit the most:

  • Information & Cyber Security
  • Business Continuity
  • Information Risk
  • Privacy & Data Protection compliance
  • Data Protection Officers
  • Information Governance
  • Information Assurance
  • IT Managers
  • Software Engineering
  • Test Managers & QA Engineers
  • Project Managers


The BCS Foundation Information Security Management Principles (CISMP) is currently only available online and is delivered over 5-days, with one 4-hour live module each day.

The following schedule is intended as a guide:

Module 1
Introductions, Learning outcomes:
- Exam details & techniques data
Information security management principles, definitions, terms and concepts:
- The importance and benefits of information security
- Different business models and their impact
- Effects of rapidly changing information and business environment
- Balancing cost and impact against the reduction of risk
- Information security policy, standards and procedures, security as an enabler
Information Risk, Threats and Vulnerabilities of information systems:
- Type of threats and threat categorisation
- Vulnerability categorisation
- Understanding and managing risk relating to information systems
- Risk management process
- Types of controls to manage risk
- Impact assessments
Information security framework:
- How risk management should be implemented
- Organisations management of information security
Module 2
Information security framework continued:
- Organisational policies
- Procedures and standards
- Organisational policies
- Information security governance and implantation
- Security incident management
Principles of law, legal jurisdiction and relevant topics that affect information security management, including:
- Data protection
- Intellectual property rights
- Record retention
- Contractual safeguards
- Cryptography technology restrictions
Common established standards and procedures directly relating to information security management:
- National and international standards
- Industry specific standards
- Technical standards
- Certification of information security management systems
The information lifecycle:
- The importance and relevance of the information lifecycle
- Stages of the information lifecycle
- Concepts of the design process lifecycle
Module 3
The information lifecycle continued:
- Security Lifecycle
-Technical audit and review processes
- Change control and configuration management
- Risks to security brought about by systems development and support
Information Security risks and measures involving people:
- User access controls
- Authentication
- Management and reviews of controls
- The importance of appropriate information security training
Module 4
Technical security controls:
- Protecting against malicious software
Communications and networks systems:
- Entry points
- Secure network management
- Value added services
- Cloud computing
Module 5
Physical and environmental security controls:
- General controls and the protection of both IT and not IT equipment and assets
Disaster Recovery and Business Continuity:
- Risk assessment and impact analysis
- Documentation and compliance with relevant standards
Other technical aspects:
- Common practices and principles
- Legal restraints and obligations
- Investigations and forensics
- The role of cryptography in protecting assets and systems
- Awareness of relevant standards and practices
- Common practical applications

BCS Syllabus

BCS Foundation Certificate Information Security Management Principles (CISMP)
Syllabus version 9.0
June 2020

Download the new syllabus (PDF)

This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or SQA.


Duration and Format of the Examination

The BCS Foundation Information Security Management Principles (CISMP) exam format is a two-hour multiple-choice examination. The exam is closed book, i.e. no materials can be taken into the examination room.

Format of the Examination
Type Multiple-choice, 100 Questions (1 mark each)
Duration 2 Hour.
Supervised Yes
Open Book No
Pass Mark 65/100 (65%)
Distinction Mark None
Calculators No, calculators cannot be used during this examination
Delivery Digital or paper-based
Additional time for candidates requiring Reasonable Adjustments

Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.

Course Cost

Get this BCS Foundation Information Security Management Principles (CISMP) course for:


  • Receive a 15% online discount for multiple bookings onto public courses
  • Onsite courses can be delivered for teams of 6 or more
BCS CISMP training package includes:
  • 5 x 4-hour live online sessions across 1-week, or
  • 3-days for a traditional classroom setting
  • Entrance to the 2-hour, multiple-choice online BCS Examination
  • 1-2-1 coaching and support
  • 1st year BCS Associate membership
Courseware: a complete CISMP manual
  • Detailed 100+ page training manual comes in an A4 bound folder + an editable electronic version
  • Includes free lifetime updates (electronic version), which means it will never go out of date
  • Electronic copy of the full course PowerPoint
  • Exercises & revision materials
  • Sample exam questions

10% OFF


Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.


Code Course Start Duration Location Booking
CISMP BCS Foundation Certificate Information Security Management principles 29 Jan 24 5 X 4hr Sessions Online Book now

BCS Foundation Certificate Information Security Management principles (CISMP)

Starts: 29 Jan 24

Duration: 5 X 4hr Sessions

Location: Online

Book now

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.