BCS Certification in Information Security Management Principles: Difference between revisions
→Book Chapters: chapter 1. |
Added 'Course Content' and started Chapter 2. |
||
| Line 1: | Line 1: | ||
BCS Certification in Information Security Management Principles | |||
BCS CISMP. The BCS (British Computer Society) Certification in Information Security Management Principles. A five day course. A 248 page text book. | = About = | ||
BCS CISMP. The BCS (British Computer Society) Certification in Information Security Management Principles. <br> | |||
A five day course. <br> | |||
A 248 page text book. | |||
= Concepts = | |||
CIA. Confidentiality, Integrity, Availability. | |||
= Course Text Book = | |||
== Title == | |||
The text book is ''Information Security Management Principles Third Edition''. | |||
== Book Chapters == | == Book Chapters == | ||
| Line 46: | Line 52: | ||
=== 2. Information Risk === | === 2. Information Risk === | ||
We want assurance about our information, so we want '''information assurance'''. Information assurance is about the '''management of information risk'''. | |||
This chapter covers the component parts of risk: '''threats''', '''vulnerabilities''' and '''impact'''. Combining '''threat''' with '''likelihood ''or'' probability''' gives '''risk'''. | |||
Threat = an event causing undesirable consequences. | |||
==== Threat categories ==== | |||
=== 3. Information Security Framework === | === 3. Information Security Framework === | ||
| Line 59: | Line 72: | ||
=== 6. Technical Security Controls === | === 6. Technical Security Controls === | ||
xcxx | xcxx= | ||
=== 7. Physical and Environmental Security === | === 7. Physical and Environmental Security === | ||
| Line 67: | Line 80: | ||
xcxx | xcxx | ||
=== 9. Other Technical Aspects === | === 9. Other Technical Aspects === | ||
xcxx | |||
= Course Outline = | |||
The need for Information Security | |||
Information Security Management System (ISMS) concepts & definitions | |||
Information risk management | |||
Corporate governance | |||
Organisational responsibilities | |||
Policies, standards & procedures | |||
ISO/IEC 27002, 27001 & 13335 | |||
Information security controls | |||
Incident management | |||
Legal framework - personal data, DPA, CMA, IPR & copyright, HR & employment issues | |||
Cryptographic models | |||
Data Communications & networks | |||
Physical security | |||
Auditing & gap analysis | |||
Training & raising awareness | |||
Business continuity | |||
Security investigations & forensics | |||
[[Category: Security]] | [[Category: Security]] | ||
Revision as of 20:05, 10 February 2022
BCS Certification in Information Security Management Principles
About
BCS CISMP. The BCS (British Computer Society) Certification in Information Security Management Principles.
A five day course.
A 248 page text book.
Concepts
CIA. Confidentiality, Integrity, Availability.
Course Text Book
Title
The text book is Information Security Management Principles Third Edition.
Book Chapters
1. Information Security Principles
Confidentiality, integrity and availability.
Confidentiality = no unauthorised disclosure of information.
Integrity = information is accurate and complete.
Availability = information is accessible and usable.
Assets are anything with value. There are three types always to be considered: information; physical assets (e.g. buildings); software. Other types may also be considered (e.g. reputation, loyalty, recovery cost).
Threat = a potential cause of an unwanted incident.
Vulnerability = a weakness that can be exploited by a threat.
Risk = the effect of an uncertainty. Requires a threat and a vulnerability.
Impact = the level of severity of the consequence of the risk happening.
Controls. Responses to risks. There are four: eliminate; reduce; transfer; accept.
Eliminate = avoid the risk entirely; do something different.
Reduce = lessen the likelihood or the impact,
Transfer = pass the risk to someone else, e.g. insurance.
Accept = tolerate the risk. (This is not 'do nothing'.)
Identity, authentication and authorisation.
Identity = that which uniquely identifies an entity, be that an individual or item.
Authentication = assurance of a claimed identity.
Authorisation = permission granted to access (a system's resources).
Accountability, audit and compliance.
Accountability = able to link an action to an entity.
Audit = record checking; validating the accountability.
Compliance = meeting the requirements.
ISMS = Information Security Management System. A one stop shop for the organisation's information assurance.
Information Security = preserving the CIA of information.
Information Assurance = the confidence the information will be confidential, have integrity and be available.
2. Information Risk
We want assurance about our information, so we want information assurance. Information assurance is about the management of information risk. This chapter covers the component parts of risk: threats, vulnerabilities and impact. Combining threat with likelihood or probability gives risk.
Threat = an event causing undesirable consequences.
Threat categories
3. Information Security Framework
xcxx
4. Security Life Cycles
xcxx
5. Procedural and People Security Controls
xcxx
6. Technical Security Controls
xcxx=
7. Physical and Environmental Security
xcxx
8. Disaster Recovery and Business Continuity Management
xcxx
9. Other Technical Aspects
xcxx
Course Outline
The need for Information Security Information Security Management System (ISMS) concepts & definitions Information risk management Corporate governance Organisational responsibilities Policies, standards & procedures ISO/IEC 27002, 27001 & 13335 Information security controls Incident management Legal framework - personal data, DPA, CMA, IPR & copyright, HR & employment issues Cryptographic models Data Communications & networks Physical security Auditing & gap analysis Training & raising awareness Business continuity Security investigations & forensics