ISEB Certificate in Information Security Management Principles

5 Day Course
Official Curriculum

This course has been retired. Please view currently available BCS/ISEB Training Courses.


Information security (25 topics)

  • Information security concepts & definitions
  • Information Security Management System (ISMS) concept.
  • The need for, and benefits of, information security: Corporate Governance.
  • Information risk management.
  • Information security organisation & responsibilities: Legal and regulatory obligations.
  • Policies, standards & procedures: Delivering a balanced ISMS. Security procedures.
  • Information security governance: Policy reviews. Security audits.
  • Security incident management: Objectives and stages of incident management.
  • Information security implementation: Getting management buy-in.
  • Legal framework: Processing personal data. Employment issues. Computer misuse. Intellectual property rights. Data Protection Act.
  • Security standards & procedures: ISO/IEC 17799 and ISO/IEC TR 13335.
  • Threats to, and vulnerabilities of, information systems.
  • People security: Organisational culture. Acceptable use policies.
  • Systems development & support: Linking security to whole business process. Change management process. Handling security patches.
  • Role of cryptography: Common encryption models.
  • Protection from malicious software: Methods of control.
  • User access controls: Authentication and authorisation mechanisms.
  • Networks & communications: Partitioning networks. Role of cryptography. Controlling 3rd-party access. Intrusion monitoring. Penetration testing.
  • External services: Protection of Web servers and e-commerce applications.
  • IT infrastructure: Operating, network, database and file management systems.
  • Testing, audit & review: Strategies for security testing of business systems.
  • Training: The purpose and role of training. Promoting awareness.
  • Physical & environmental security: Controlling access and protecting physical sites and assets.
  • Disaster recovery & business continuity management: Relationship between risk assessment and impact analysis.
  • Investigations & forensics: Common processes, tools and techniques. Legal and regulatory guidelines.


The recommended prerequisite for attending this course and sitting the exam is a minimum of one year�s experience in an IT function