This 2 day follow-on course to Information Security Essentials (HL945S), provides the information you need to prepare for the Certified Information Security Management Principals (CISMP) certification by BCS, the chartered Institute for IT.

Course Description

This courses focuses on application of ISO 27001 and regulations in specific areas of the information security lifecycle. You will learn legal requirements that affect your security program, software development practices that support integrating security requirements, best practices in handling a security incident, preparing for an audit and more.

Accredited Training

This course when combined with the 3-day Information Security Essentials (HL945S) course provides the 5-day accredited training for the CISMP by BCS.


  • Information Security Essentials HL945S


  • IT Managers or members of Information Security Management Teams who will primarily operate from the ISO 27000 series of standards.
  • Security and Systems Managers who need to understand information security practices for BCS, the Chartered Institure for IT or operations in the UK.
  • Anyone working toward the BCS Certificate in Information Security Management Principles (CISMP) certification.
  • Security practitioners who want more depth about what constitutes a good security governance strategy.


Module 1: Information Security Governance

  • List the checks and balances between organizational needs and security governance
  • Describe a holistic organizational approach to governance
  • Communicate the importance of board level support for information security
  • Show how information security needs percolate through tiers of management and implementation
  • List the organizational roles related to information security
  • Describe the policy development process

Module 2: Legal Framework

  • List applicable privacy legislation in different regions
  • Describe typical elements of privacy legislation
  • Identify potential privacy related offenses
  • Describe how companies with multiple locations can comply with differing legal requirements
  • List key organization responsibilities in monitoring employees

Module 3: Relevant Standards

  • List key standards bodies for various regions
  • Recognize ISO Standards and their relationships
  • List the steps in the ISMS cycle
  • List the elements of the ISMS document
  • Identify levels of assurance evaluation
  • Recognize certified products
  • Recognize key elements of NIST lineage
  • Describe the importance of encryption standards

Module 4: Software Design for Security

  • Describe software development best practices to ensure security

Module 5: Security Audit

  • Define key audit related terms
  • Overview the audit process
  • List objectives for audits
  • List types of audit
  • Describe the auditor's role
  • List the elements of audit documentation

Module 6: Incident Management

  • Describe the steps to take during a security incident
  • List the elements of a security incident report
  • Describe the process to collect evidence related to an incident

Please complete this form and we'll be in touch

Hide form
Please enter a date or timescale
Please type in a preferred location or region...