This website uses cookies. View our cookie policy
Select regional store:

Certificate in Information Security Management Principles (CISMP)

The CISMP qualification demonstrates good knowledge and understanding of the key areas involved in information security management. It is awarded by the British Computer Society (BCS), following successful completion of the CISMP exam.

CISMP provides a solid foundation, upon with a successful information security career can be built. It is particularly valuable to those working in the public sector, as it is part of the CESG Certified Professional Scheme. 

CISMP coverage and content

If you are keen to develop a career in information security, CISMP is the perfect starting point. It provides a broad introduction to information security management, upon which more technical qualifications can be built. The content is also suitable for business professionals who require a deeper understanding of information security as part of their wider business knowledge.

The CISMP qualification is awarded by the British Computer Society (BCS), as part of their portfolio of professional qualifications.

The CISMP syllabus covers the following areas:

  1. Information Security Management Principles
  2. Information Risk (Threats, Vulnerabilities)
  3. Information Security Framework (Organisation, Implementation, Standards)
  4. Procedural / People Security Controls
  5. Technical Security Controls (including Infrastructure, Cloud Computing)
  6. Software Development and Lifecycle
  7. Disaster Recovery and Business Continuity Management
  8. Physical and Environmental Security Controls
  9. Investigation, Forensics and Cryptography

The BCS requires CISMP candidates to demonstrate knowledge in the following areas:

  • Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc)
  • Understanding of current national legislation and regulations which impact upon information security management
  • Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security
  • Understanding of the current business and common technical environments in which information security management has to operate
  • Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics

View the full BCS syllabus for CISMP

The Certificate in Information Security Management Principles (CISMP) exam

To achieve the CISMP qualification, you must pass a two hour multiple-choice exam, consisting of 100 questions. A minimum of 65 marks out of 100 are required to pass and 80 marks will gain you a distinction.

The CISMP exam is included on the final day of our CISMP Certificate in Information Security Management Principles training course, which covers the BCS learning objectives in order to prepare candidates for the exam.

View a sample CISMP exam paper

CISMP and the BCS CESG Certified Professional Scheme

If you work in the public sector, or supply services to the public sector, then the CISMP qualification is particularly important. It is part of the CESG Certified Professional Scheme, which has been developed to provide independent assessment and verification of Information Assurance professionals working in the public sector. It also provides a clearly defined career development path.

The CISMP qualification demonstrates an individual’s competency at Practitioner level. The BCS CESG scheme outlines competencies at the following three levels:

  • Practitioner level
  • Senior Practitioner level
  • Lead Practitioner level

The scheme covers six Information Assurance roles:

  • Security and Information Risk Advisor
  • Security Architect
  • Accreditor
  • IA Auditor
  • IT Security Officer
  • Communications Security Officer (ComSO)

For further information please see the BCS CESG Certified Professional Scheme Overview.

How IT Governance can help

Our CISMP - Certificate in Information Security Management Principles Training Course is a five-day course designed to prepare delegates for the CISMP exam. The exam takes place on the fifth day of the course, following thorough preparation in all the areas of the BCS syllabus.

You can also obtain the Information Security Management Principles - An ISEB Certificate textbook from us, which is the BCS approved reference book for the course and examination.

As well as our wide range of additional Information Security titles you may also be interested in our free Green Papers on Information Security, Risk Management and Business Continuity.