The Certificate in Information Security Management Principles (CISMP) course is designed to provide the foundation of knowledge necessary for individuals who have information security responsibilities as part of their day to day role, or who are thinking of moving into an information security or related function.

The certificate, which can be gained at the end of the course by passing a multi-choice examination, will demonstrate that you have a strong understanding of what good practice information security comprises.

What is CISMP?

CISMP stands for the Certificate in Information Security Management Principles. It is a foundation level qualification provided by the BCS, the Chartered Institute for IT.

How do I attain the CISMP?

The CISMP qualification is typically attained by attending a 5-day training course and sitting an exam on the final afternoon of the course.

What is meant by principles?

The CISMP is designed to teach you the different processes and techniques which are used by organisations to manage their information security.

At URM, we concentrate on teaching the principles behind these processes and techniques without getting too technical. For example, we will teach you what a firewall is and why it is useful, but you don’t need to know how to configure one. Similarly, when we look at cryptography, we focus on the principles and how it can be used to protect your information, but we won’t get bogged down in the detail of how it works.

What topics does the CISMP cover?

The CISMP training course follows the latest BCS syllabus. The subject areas you will cover are:

Concepts, terms and definitions associated with information security
The benefits of effective information security management and the consequences of not doing it
The information security framework and the concept of an information security management system (ISMS)
The importance of information risk management
The roles and responsibilities typically associated with the management of information security
The need for corporate governance
Relevant international standards such as ISO 27001
Policies, standards, and procedures
Incident management, investigations and forensics
Different types of information security controls and what they are used for
Training and awareness
Information security auditing
The legal framework
The software development life-cycle
Cryptography
Communications and networks
Protection from malicious software
Business continuity and disaster recovery
Physical and environmental security controls

What is a typical CISMP training day?

We generally present 4 to 6 modules per day which cover different aspects of the subject areas just mentioned. The learning environment is dynamic with exercises, teaching and the sharing of knowledge, experiences and ideas.

Is CISMP worth it?

The CISMP is a great foundation level qualification. It provides you with a broad understanding of all the key aspects of information security and provides you with the confidence and credibility to forge a career in the information security industry.

How do I gain the qualification?

It is a foundation qualification in information security management which demonstrates that you have a good understanding of all the principles associated with information security management.

CISMP exam

To gain the qualification, you are required to take a closed book exam which is made up of 100 multiple-choice questions. It is a 2-hour exam which is typically taken on the final day of a five-day classroom course. The pass mark is 65%. With URM, we provide you with a guarantee that you will pass the exam.

CISMP exam questions

The 100 questions are straightforward multiple-choice questions. Each one asks a direct question for which there are four possible answers, only one of which is correct. There are no trick questions.

CISMP pre-requisites

There are no pre-requisites or pre-reading for attending the CISMP course or sitting the exam, we will teach you everything you need to know during the course.

CISMP vs CISSP

The CISMP and CISSP cover very similar subjects to a similar depth. However, the CISSP qualification which stands for Certified Information Systems Security Professional is harder to achieve for two reasons.

The examination is longer and more difficult. With CISSP, you have six hours to answer 250 multiple choice questions, whereas with the CISMP you have two hours to answer 100 multiple-choice questions.
In order to attain the CISSP qualification, you must demonstrate 5 years of information security related experience covering two or more of the ten CISSP domains (subject areas).

Completing the CISMP training first is the ideal first step in gaining the knowledge and understanding of information security principles that will help you to achieve the CISSP at a later date. The CISMP training will help you develop and forge a career in information security and you can sit the CISSP when you have the required 5 years of practical experience.

CISMP vs CISM

The CISM, which stands for Certified Information Security Manager, concentrates on the management aspects of information security such as risk management rather than technical aspects like cryptography. To gain the qualification you need to pass an exam and have at least 5 years of information security experience, 3 of which must be in an information security management role.

Again, the CISMP is a good foundation level qualification if you want to start a career in information security management. It provides you with the principles associated with the subject which can be applied to gaining the experience necessary for you to achieve the CISM qualification at a later date.

Why train with URM?

Quite simply, the key differentiator is our trainers. URM’s trainers are all practicing information security consultants and ex-information security managers. As such, we understand the day-to-day challenges you face or will be facing. We have extensive experience to draw on and share with you. In fact, that’s what we really enjoy.
Whether it is a question you ask in class or want to discuss on a 1:1 during breaks, lunch or at the end of the day, we really want to help. We go to great lengths to make the course relevant to you, by using examples taken from a wide range of sectors and industries.
Yes, we want you to pass the exam, and in fact, we guarantee it! but most importantly, we want you to enjoy the course and walk away wiser, empowered and ready to put into action what you have learned.
We can back this up with numbers too. We are the most experienced and successful CISMP training provider having delivered courses for over 15 years. On top of that, our course is the only course to have been accredited by the Chartered Institute of Information Security and as part of the National Cyber Security Centre Training (NCSC) scheme.

Course overview

The level of detail and how that information was put across clearly by our instructor in multiple session was above what I was expecting, the way he was able to utilise his industry experience to give real world examples also helped further my understanding of the topics raised above that that I expected.

Owain