BCS Certificate in Information Security Management Principles

There are no prerequisites.

Target audience

Information security is relevant across all business units, not just IT. This course is ideal for:

• Members of information security management teams
• IT managers, security managers, and systems managers
• Information asset owners and business analysts
• Project managers and product owners
• Service delivery professionals, privacy, risk, and compliance officers

Continuous Professional Development (CPD)

Delegates can claim CPD points for NCSC-assured courses at a rate of 1 point per hour of training, up to a maximum of 15 points.

By the end of this course, learners will be able to:

• Understand key concepts, principles, and benefits of information security management, including legal, regulatory, and ethical considerations
• Explain risk management principles, including assessment and mitigation strategies
• Identify how organisational structure, culture, and governance influence security management
• Recognise security models, frameworks, and technologies that mitigate vulnerabilities and common cyber threats
• Explain the information security lifecycle and integration of security within development methodologies
• Describe best practices for incident response, recovery, and business continuity planning

Module 1: Information security principles

• Core concepts
• Information security and privacy

Learning outcomes

• Describe key terms and concepts related to information security management
• Explain the importance and benefits of information security
• Outline key considerations of personal data privacy legislation

Module 2: Information risk

• Understanding risk
• Risk management

Learning outcomes

• Identify key components of risk management
• Describe the processes involved in risk management lifecycle

Module 3: Information security frameworks

• Organisational responsibilities
• Policies, standards, and procedures
• Security governance
• The legal framework
• Information assurance standards

Learning outcomes

• Explain the role of organisational structure and policies in information security
• Describe key principles of security governance and assurance
• Identify major security standards, procedures, and frameworks

Module 4: Security operations

• Information lifecycle
• Information security management
• Technical audits and reviews
• Systems development
• Software development lifecycle

Learning outcomes

• Explain security architecture models and associated technologies
• Describe threat modelling frameworks and techniques
• Identify methods for assessing and managing security vulnerabilities
• Recognise common cyberattacks and threats

Module 5: The security lifecycle and DevSecOps

• Concepts, models, and technologies
• Security architecture
• Protection from cyber threats and malicious software
• Threat modelling
• Vulnerability analysis

Learning outcomes

• Explain the stages and considerations in information security lifecycle management
• Define key terms, features, and benefits of DevSecOps

Module 6: Technical security

• Networks and communications security
• External services and cloud security
• IT infrastructure security
• Cryptography fundamentals

Learning outcomes

• Explain core principles of network and communication security
• Identify technical measures for securing IT infrastructure

Module 7: Physical and environmental security

• Physical, technical, and procedural controls
• Clear screen and desk policies
• Equipment protection
• Security in delivery areas
• Secure disposal

Learning outcomes

• Identify common physical security controls and best practices

Module 8: Disaster recovery and digital forensics

• Incident response planning
• Business continuity management
• Disaster recovery planning
• Digital forensics fundamentals

Learning outcomes

• Describe key activities involved in incident response
• Define fundamental disaster recovery concepts
• Explain principles and processes of digital forensics

Module 9: Emerging and growing technologies

• Security concerns with emerging technologies
• AI governance and AI security
• Internet of Things (IoT)
• Operational technology security

Learning outcomes

• Identify security challenges associated with emerging technologies

Module 10: Practice exam

• Exam preparation guidance
• Full-length practice exam

Hands-on learning

This course includes:

• Practical exercises covering risk management, security governance, and threat analysis
• Case studies and real-world scenarios to apply security principles
• Exam-focused practice questions to aid preparation

Exams and assessments

This course includes a BCS examination voucher. Delegates will also complete knowledge checks and a full-length practice exam to reinforce key learning outcomes.

Once registered you will receive a confirmation email directly from the BCS. This email will reference a provisional exam location, date and time and should not be mistaken for a confirmed session.

You will receive a further email from Questionmark (within 48 hours). It is at this stage that you will be provided access to the live calendar to enable you to schedule your exam session.

All BCS exams are delivered as Remote Proctored. Learners will log into their QuestionMark portal and schedule their exam for any time that suits them at a later date. This must be sat only after 5pm on the final day of the course.

Exam Requirements

If you are taking a BCS exam you must bring photographic identification with you (passport, driving license or student card), as it is a BCS requirement to produce it for the invigilator prior to the exam. Failure to produce a valid form of photographic identification will result in a candidate not being able to sit the exam. For any questions about what form of identification is acceptable please contact your Account Manager or the QA Examination Administration team on 44 (0)1793 696273.

BCS allow additional time for candidates who have a disability or whose native language differs to that of the examination paper. Full details are provided in the BCS Reasonable Adjustments Policy which is available to view on the BCS website. If you believe you qualify for this then please notify the Exam Administration team on the details below as early as possible. At least two weeks' notice will be required for processing this request. Delegates failing to advise QA and provide evidence when requested, may not be allowed the additional support offered via the BCS policy. QA Exam Administration can be contacted by email exam.admin@qa.com or by phone 44(0) 1793 696162.