BCS Certification in Information Security Management Principles

From Useful Data
Revision as of 20:05, 10 February 2022 by Simon (talk | contribs) (Added 'Course Content' and started Chapter 2.)
Jump to navigation Jump to search

BCS Certification in Information Security Management Principles

About

BCS CISMP. The BCS (British Computer Society) Certification in Information Security Management Principles.
A five day course.
A 248 page text book.

Concepts

CIA. Confidentiality, Integrity, Availability.


Course Text Book

Title

The text book is Information Security Management Principles Third Edition.

Book Chapters

1. Information Security Principles

Confidentiality, integrity and availability.
Confidentiality = no unauthorised disclosure of information.
Integrity = information is accurate and complete.
Availability = information is accessible and usable.

Assets are anything with value. There are three types always to be considered: information; physical assets (e.g. buildings); software. Other types may also be considered (e.g. reputation, loyalty, recovery cost).

Threat = a potential cause of an unwanted incident.
Vulnerability = a weakness that can be exploited by a threat.
Risk = the effect of an uncertainty. Requires a threat and a vulnerability.
Impact = the level of severity of the consequence of the risk happening.

Controls. Responses to risks. There are four: eliminate; reduce; transfer; accept.
Eliminate = avoid the risk entirely; do something different.
Reduce = lessen the likelihood or the impact,
Transfer = pass the risk to someone else, e.g. insurance.
Accept = tolerate the risk. (This is not 'do nothing'.)

Identity, authentication and authorisation.
Identity = that which uniquely identifies an entity, be that an individual or item.
Authentication = assurance of a claimed identity.
Authorisation = permission granted to access (a system's resources).

Accountability, audit and compliance.
Accountability = able to link an action to an entity.
Audit = record checking; validating the accountability.
Compliance = meeting the requirements.

ISMS = Information Security Management System. A one stop shop for the organisation's information assurance.
Information Security = preserving the CIA of information.
Information Assurance = the confidence the information will be confidential, have integrity and be available.


2. Information Risk

We want assurance about our information, so we want information assurance. Information assurance is about the management of information risk. This chapter covers the component parts of risk: threats, vulnerabilities and impact. Combining threat with likelihood or probability gives risk.

Threat = an event causing undesirable consequences.

Threat categories

3. Information Security Framework

xcxx

4. Security Life Cycles

xcxx

5. Procedural and People Security Controls

xcxx

6. Technical Security Controls

xcxx=

7. Physical and Environmental Security

xcxx

8. Disaster Recovery and Business Continuity Management

xcxx

9. Other Technical Aspects

xcxx

Course Outline

   The need for Information Security
   Information Security Management System (ISMS) concepts & definitions
   Information risk management
   Corporate governance
   Organisational responsibilities
   Policies, standards & procedures
   ISO/IEC 27002, 27001 & 13335
   Information security controls
   Incident management
   Legal framework - personal data, DPA, CMA, IPR & copyright, HR & employment issues
   Cryptographic models
   Data Communications & networks
   Physical security
   Auditing & gap analysis
   Training & raising awareness
   Business continuity
   Security investigations & forensics
Retrieved from "http://s-and-j.co.uk/wiki/index.php?title=BCS_Certification_in_Information_Security_Management_Principles&oldid=260"