Course: ISEB Information Security Management Principles

This intensive and highly practical 5-day course has been accredited by the Information Systems Examination Board  (ISEB) of the British Computer Society (BCS). The course has been designed to provide the necessary information and guidance in order for delegates to be able to fulfil their roles as information security officers or information risk  decision takers.

Delegates will be provided with a comprehensive understanding of the main concepts which underpin information security and how they relate to each other. The course covers such concepts as confidentiality, integrity and  availability, threats, risks and vulnerabilities, as well as a range of technical and management controls capable of  mitigating the risks.

Pre-requisites

The recommended pre-requisite for attending this course and sitting the exam is a minimum of one year's experience in an IT function.

BCS ISEB Examination

Delegates will sit the 2 hour examination, set by BCS ISEB, on Friday afternoon.  The examination will comprise 100 multiple choice questions. Students will need to obtain a pass mark of at least 65% to pass the exam. A Distinction is obtained by those achieving a score of 80% or higher.

Course style

The CISMP course is a mixture of traditional  classroom training, syndicate exercises, mock  exams and group discussions. Delegates are  encouraged to participate throughout the course and are presented with draft policies and worked  examples for discussion.

There is a small amount of evening work which is mainly the revision of the comprehensive courseware notes. Our consultants are on hand throughout the week,  including the evenings, to answer delegates' questions and queries.

Course topics

- Information security concepts & definitions

- Information Security Management System (ISMS) concept

- The need for, and benefits of, information security: Corporate Governance

- Information risk management

- Information security organisation & responsibilities: Legal and regulatory obligations

- Policies, standards & procedures: Delivering a balanced ISMS. Security procedure

- Information security governance: Policy  reviews. Security audits

- Security incident management: Objectives and stages of incident management

- Information security implementation: Getting management buy-in

- Legal framework: Processing personal data

- Employment issues. Computer misuse

- Intellectual property rights. Data Protection Act

- Security standards & procedures: ISO/IEC  27001/27002 and ISO/IEC 13335

- Threats to, and vulnerabilities of, information systems

- People security: Organisational culture

- Acceptable use policies

- Systems development & support: Linking  security to whole business process. Change management process.

- Handling security  patches

- Role of cryptography: Common encryption models

- User access controls: Authentication and authorisation mechanisms

- Networks & communications: Partitioning  networks. Role of cryptography. Controlling 3rd-party access. Intrusion  monitoring. Penetration  testing

- External services: Protection of Web servers and e-commerce applications

- IT infrastructure: Operating, network, database and file management systems

- Testing, audit & review: Strategies for security testing of business systems

- Training: The purpose and role of training. Promoting awareness

- Physical & environmental security: Controlling access and protecting physical sites and assets

- Disaster recovery & business continuity management: Relationship between risk assessment and impact analysis

- Investigations & forensics: Common processes,tools and techniques. Legal and regulatory guidelines