ISEB Certificate in Information Security Management Principles
This course has been retired. Please view currently available BCS/ISEB Training Courses.
Information security (25 topics)
- Information security concepts & definitions
- Information Security Management System (ISMS) concept.
- The need for, and benefits of, information security: Corporate Governance.
- Information risk management.
- Information security organisation & responsibilities: Legal and regulatory obligations.
- Policies, standards & procedures: Delivering a balanced ISMS. Security procedures.
- Information security governance: Policy reviews. Security audits.
- Security incident management: Objectives and stages of incident management.
- Information security implementation: Getting management buy-in.
- Legal framework: Processing personal data. Employment issues. Computer misuse. Intellectual property rights. Data Protection Act.
- Security standards & procedures: ISO/IEC 17799 and ISO/IEC TR 13335.
- Threats to, and vulnerabilities of, information systems.
- People security: Organisational culture. Acceptable use policies.
- Systems development & support: Linking security to whole business process. Change management process. Handling security patches.
- Role of cryptography: Common encryption models.
- Protection from malicious software: Methods of control.
- User access controls: Authentication and authorisation mechanisms.
- Networks & communications: Partitioning networks. Role of cryptography. Controlling 3rd-party access. Intrusion monitoring. Penetration testing.
- External services: Protection of Web servers and e-commerce applications.
- IT infrastructure: Operating, network, database and file management systems.
- Testing, audit & review: Strategies for security testing of business systems.
- Training: The purpose and role of training. Promoting awareness.
- Physical & environmental security: Controlling access and protecting physical sites and assets.
- Disaster recovery & business continuity management: Relationship between risk assessment and impact analysis.
- Investigations & forensics: Common processes, tools and techniques. Legal and regulatory guidelines.
The recommended prerequisite for attending this course and sitting the exam is a minimum of one yearï¿½s experience in an IT function