Certificate in Information Security Management Principles: Course Contents

Module 1
Information Security Management Principles
This module covers the basic concepts of information security along with the main terminology commonly in use. You will gain an understanding of why information security is assuming critical importance, not just in the IT community but also in the business community at large.

Module 2
Information Risk
This module provides an appreciation of risk assessment and risk management as applied to information security. At the end of this module you will be able to define and explain the concepts of Threats, Vulnerabilities, Assets, Impact, Likelihood and risk, as well as understand the overall process of risk management and the appropriate use of controls to manage risk in a cost effective and appropriate manner

Module 3
Information Security Framework
This module covers the basic principles used in establishing an Information Security framework within an organisation. In particular, it considers the role and use of security policy, standards and procedures, information assurance governance, security incident management, and their appropriate implementation

Module 4
Procedural/People Security Controls
Information assurance is a lot more than simply a series of technical controls, it is as much about people and procedural controls. This module will ensure participants understand how people and organisations should be managed and trained within an organisation.

Module 5
Technical Security Controls
This module addresses the technical controls that need to be implemented to help afford effective information security. Topics covered include: Protection from malicious software; Impact on networks and communications; Approaches to information security when dealing with outsourced or other external facilities providers; Cloud computing; IT Infrastructure

Module 6
Software Development and Lifecycle
This module provides an understanding of the principles behind developing and supporting systems with an appropriate level of assurance. This includes the methods and strategies for security testing, on-going reviews, auditing, systems development and support

Module 7
Physical and Environment Controls
The Information Security Manager needs to have a good appreciation of associated physical security issues to ensure a seamless Information Assurance management system across the whole organisation. This module comprehensively covers the key considerations of physical security.

Module 8
Disaster Recovery and Business Continuity Management
Even in the best prepared organisations, problems will arise. This module covers the key areas that the security manager needs to understand in order to effectively deal with the inevitable. At the end of this module you will: Understand the difference between a Business Continuity Plan (BCP) and a Disaster recovery (Dr) plan; be able to write draft BCP and Dr plans; understand the need for documentation, maintenance and testing

Module 9
Investigations, Forensics and Cryptography
Gain an understanding of two technical areas of key importance to information security: Incident investigation and how forensic evidence may be preserved; basic concepts and uses of cryptography

Module 10
Preparation for the CISMP exam and Mock exam
The final module provides preparation for the CISMP examination.