A Guide to the Certificate in Information Security Management Principles (CISMP)

Wayne Armstrong
|
Senior Information Security Consultant and Consultant Manager at URM
|
PUBLISHED on
10 Jul
2024

Information is one of the most valuable assets held by organisations, and protecting it against unauthorised access or disclosure is vital.  As such, an understanding of information security and the associated practices is incredibly useful for professionals in various roles.  To effectively learn about this field, it’s crucial to learn from reliable and up-to-date resources; whilst the internet offers a wealth of information, not all of it is trustworthy.  Therefore, enrolling on a recognised information security course from an established training provider is often the best way to learn about information security for professional purposes.

Is it Hard to Learn About Information Security?

Information security is a vast, fast moving and fascinating field, but entirely self-led study can sometimes feel dry. Attending a course led by a qualified information security practitioner can make the learning process more engaging and easier to understand.

Learning About Cyber Security with no Experience

As mentioned above, there is a lot of information available on the internet about information security, however, as a beginner, it can be difficult to discern which websites and resources are reliable and up-to-date; the same is true of cyber security.  Therefore, we would recommend attending an accredited training course if you would like to develop your cyber security knowledge and skills for deployment in a professional capacity. One such course is the Certificate in Information Security Principles (CISMP) training course.

The Certificate in Information Security Principles (CISMP)

The CISMP is a foundation-level qualification which was developed and is managed by the British Computing Society (BCS).  It is aimed at providing a comprehensive understanding of the fundamentals of information security management and covers a wide range of topics.  The qualification you receive following successful completion of the exam (more on this below) is well recognised across the business landscape. The CISMP also introduces elements of cyber security, such as teaching you how to protect against malicious software.

Who Should Take the CISMP?

The CISMP is suitable for anyone with an interest in information security. There are no formal entry requirements, although a basic knowledge of IT and a level of awareness around security issues is recommended.  This makes it ideal for individuals with varying levels of knowledge and experience.  For example, students and aspiring professionals looking for an entry into cyber security, risk management, and/or information security can gain an understanding of the established best practice in these fields.  Even established IT professionals can benefit from taking a CISMP training course, as it can provide an opportunity to consider their area of expertise from the perspective of information security management.
The CISMP can also benefit compliance officers, small business owners, managers, and many other professionals.  It serves as a starting point for those who want to pursue more advanced courses, such as the BCS Practitioner’s Certificate in Information Risk Management (PCIRM).

What is Covered in the CISMP?

The CISMP curriculum is extensive, and explores key concepts and definitions in information security and risk management, why information risk management and effective information security matter, and the consequences of poor information security.  It introduces the concept of an information security management system (ISMS), various types of security controls, policies, procedures, and information security auditing.  The course will also provide you with an understanding of relevant legislation and international standards like ISO 27001.  Additional topics covered by the CISMP include incident management, investigations and forensics, business continuity, disaster recovery, the software development lifecycle, and cryptography.

How is the CISMP Assessed?

Having sat the CISMP training course, you can sit an assessment examination in order to acquire the qualification.  The CISMP is assessed through a closed-book, 2-hour examination.  The examination contains 100 multiple-choice questions, and the pass mark is set at 65%.  The CISMP exam can be sat in person at Pearson VUE venues or online.  The cost of the exam is £192 (£160 + VAT) if you are UK based and have decided to self-study, however the exam cost will typically be included in the price of the course if taken through a training provider.

Preparing for the CISMP Examination

To prepare for the exam you will, at the very least, require a copy of the BCS CISMP curriculum.  However, BCS recommends taking the course with an accredited training provider; whilst the curriculum does provide the necessary information to pass the exam, a trainer will share real-world examples and contextualise the information being taught, increasing your chances of exam success and helping you apply your knowledge practically when you return to your work environment.

Duration of CISMP Exam Preparation

Before taking the exam, BCS recommends you receive at least 18 hours of tuition spread over three days.  However, we have found it to be more effective to deliver the course over 24 hours.  This extra time allows for the sharing of experiences, discussion, and for the trainer to provide extra context on what is being taught, in addition to the curriculum itself.  Like the exam, training courses can be delivered in person or remotely.

Closing Thoughts

The CISMP is an excellent qualification for professionals who would benefit from enhancing their understanding of information security management.  As well as increasing your knowledge and professional skills, a CISMP training course culminates in the achievement of a respected qualification from a chartered institute.  Having a CISMP qualification on your CV will help to boost your career prospects, provides a stepping stone to more advanced qualifications, and will help you protect not only your organisation’s information but also your own, personal data.

How URM can Help?

URM has delivered the BCS CISMP course for nearly 20 years.  In that time, we have consistently achieved a pass rate of 98% and above, which can be largely attributed to the quality of our trainers; all of our trainers are qualified information security practitioners with extensive real-world experience, who always teach with the aim of maximising the sharing of knowledge and skills across the group.  As such, your URM trainer will ensure that you finish the course with both an understanding of the theory and key concepts behind information security, but also the ability to translate this theory into practical application.

Wayne Armstrong
Senior Information Security Consultant and Consultant Manager at URM
Wayne is a Senior Information Security Consultant and Consultant Manager at URM with over 30 years’ experience in IT, information security and risk management. He has attained and maintained CISSP, CISMP, PCIRM, and CISA qualifications and is a Qualified Security Assessor (QSA) for the Payment Card Industry Data Security Standard (PCI DSS).
Read more

Do you need any help with ISO 27001 certificate?

URM can help you achieve ISO 27001 certification
Thumbnail of the Blog Illustration
Information Security
Published on
27/7/2022
How Do You Go About Your ISO 27001 Information Classification?

This blog talks about information classification. So, what exactly do we mean by information classification?

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
27/7/2022
What is the Difference Between IT and Information Governance?

In this blog, we are going to look at governance. We are regularly asked, ‘is information governance the same as IT governance?’

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
29/2/2024
The Timeline for Transitioning to ISO 27001:2022

Blog, produced in collaboration with BSI, discusses the timeline for transition to ISO 27001:2022 and what you can expect from your transition assessment.

Read more
During our Cyber Essentials accreditation process we found URM to be very helpful and engaging ensuring that we can demonstrate our commitment to cyber security for both our partners and customers. We would recommend URM to other organisations that seek Cyber Essentials accreditation.
Cisco Security, Networks & Data Centre Experts
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.