A Guide to the Certificate in Information Security Management Principles (CISMP)

Information security is a vast, fast moving and fascinating field, but entirely self-led study can sometimes feel dry. Attending a course led by a qualified information security practitioner can make the learning process more engaging and easier to understand.

As mentioned above, there is a lot of information available on the internet about information security, however, as a beginner, it can be difficult to discern which websites and resources are reliable and up-to-date; the same is true of cyber security.  Therefore, we would recommend attending an accredited training course if you would like to develop your cyber security knowledge and skills for deployment in a professional capacity. One such course is the Certificate in Information Security Principles (CISMP) training course.

The CISMP is a foundation-level qualification which was developed and is managed by the British Computing Society (BCS).  It is aimed at providing a comprehensive understanding of the fundamentals of information security management and covers a wide range of topics.  The qualification you receive following successful completion of the exam (more on this below) is well recognised across the business landscape. The CISMP also introduces elements of cyber security, such as teaching you how to protect against malicious software.

The CISMP is suitable for anyone with an interest in information security. There are no formal entry requirements, although a basic knowledge of IT and a level of awareness around security issues is recommended.  This makes it ideal for individuals with varying levels of knowledge and experience.  For example, students and aspiring professionals looking for an entry into cyber security, risk management, and/or information security can gain an understanding of the established best practice in these fields.  Even established IT professionals can benefit from taking a CISMP training course, as it can provide an opportunity to consider their area of expertise from the perspective of information security management.
The CISMP can also benefit compliance officers, small business owners, managers, and many other professionals.  It serves as a starting point for those who want to pursue more advanced courses, such as the BCS Practitioner’s Certificate in Information Risk Management (PCIRM).

The CISMP curriculum is extensive, and explores key concepts and definitions in information security and risk management, why information risk management and effective information security matter, and the consequences of poor information security.  It introduces the concept of an information security management system (ISMS), various types of security controls, policies, procedures, and information security auditing.  The course will also provide you with an understanding of relevant legislation and international standards like ISO 27001.  Additional topics covered by the CISMP include incident management, investigations and forensics, business continuity, disaster recovery, the software development lifecycle, and cryptography.

Having sat the CISMP training course, you can sit an assessment examination in order to acquire the qualification.  The CISMP is assessed through a closed-book, 2-hour examination.  The examination contains 100 multiple-choice questions, and the pass mark is set at 65%.  The CISMP exam can be sat in person at Pearson VUE venues or online.  The cost of the exam is £192 (£160 + VAT) if you are UK based and have decided to self-study, however the exam cost will typically be included in the price of the course if taken through a training provider.

To prepare for the exam you will, at the very least, require a copy of the BCS CISMP curriculum.  However, BCS recommends taking the course with an accredited training provider; whilst the curriculum does provide the necessary information to pass the exam, a trainer will share real-world examples and contextualise the information being taught, increasing your chances of exam success and helping you apply your knowledge practically when you return to your work environment.

Before taking the exam, BCS recommends you receive at least 18 hours of tuition spread over three days.  However, we have found it to be more effective to deliver the course over 24 hours.  This extra time allows for the sharing of experiences, discussion, and for the trainer to provide extra context on what is being taught, in addition to the curriculum itself.  Like the exam, training courses can be delivered in person or remotely.

The CISMP is an excellent qualification for professionals who would benefit from enhancing their understanding of information security management.  As well as increasing your knowledge and professional skills, a CISMP training course culminates in the achievement of a respected qualification from a chartered institute.  Having a CISMP qualification on your CV will help to boost your career prospects, provides a stepping stone to more advanced qualifications, and will help you protect not only your organisation’s information but also your own, personal data.