URM > Training > CISMP

New BCS Certificate in Information Security Management Principles (CISMP)

In September 2020, the BCS updated the syllabus and the exam of the CISMP, the leading foundation qualification in information security management principles, to address the evolving Cyber-related threats and changes in working practices. URM is the first company to launch a new course to reflect the new syllabus.

What is the CISMP?

The CISMP is a foundation level qualification provided by the BCS (Chartered Institute for IT in the UK). In order to attain the CISMP, most candidates will sit a classroom training course and then take a 2-hour multiple-choice examination.

In September 2020, the BCS updated the CISMP syllabus and exam to reflect changes in the information and cyber security landscape and working practices, and URM’s training course was the first to be revised in line with all the syllabus changes made.


Full Course Outline

Download here PDF

CISMP – Frequently Questions Answered

What is the Aim of the CISMP and What Subjects are Covered?

By attending URM’s 4-day course, our practising consultants will introduce you to the principles of information security management and will explore:

  • Key concepts and terminology such as confidentiality, integrity, availability (CIA), risk management, along with the need for and benefits of information security, including business continuity (high level)
  • Relevant current legislation and regulations which impacts upon information security management
  • Relevant national and international standards (e.g. ISO 27001) and frameworks which facilitate information security management
  • Implementing information security and risk management in your organisation
  • Categorisation, operation and effectiveness of controls of different types (e.g. physical, people, technical).

Why Should you Attend the CISMP?

This course provides you with a broad understanding of all aspects of information security and provides the ideal platform for launching and developing a career in information security.

The course is also ideally suited to any business professional whose role involves, or will involve, managing and protecting sensitive information, e.g. personal, financial, organisational.

The certificate, which can be attained by passing a multi-choice examination, will demonstrate that you have a strong understanding of what good practice information security comprises.

What are the Prerequisites for Attending the CISMP?

BCS recommends some prerequisites in terms of a working knowledge of IT and an understanding of the general principles of information technology and security.

However, by delivering the course over 4 days, rather than the 3 day BCS minimum, URM is providing more time to explain and discuss the fundamentals, particularly around some of the technical controls, so negating the need for candidates to meet course prerequisites.

What is the Format of URM’s CISMP Course?

URM delivers the CISMP training course as both a public schedule and on-site training course. If you attend our public schedule courses, these are typically residential and held at purpose-designed training venues.

When attending a URM CISMP training course, you will experience a dynamic and interactive mixture of traditional classroom training, syndicate exercises, mock exams and group discussions.

A case study is used through the week, with exercises and workshops stemming from it, as well as mock exams each day to ensure you are well prepared to take and pass the BCS administered, post-course, 2-hour multi-choice exam.

You may wish to use the evenings to review some of the comprehensive courseware notes and practice answering mock exam papers.

Why Train with URM?

We believe that the key differentiator between URM and other CISMP courses is the calibre, expertise and experience of our trainers.

You will benefit from the fact that all URM’s trainers are practising consultants, each with extensive information security and risk management experience. 

As such, they are able to translate best practice theory into ‘real world’ practical applications and examples.

URM’s trainers all adopt a facilitative approach, where the goal is to maximise knowledge and skills sharing across the whole group.

You can also be reassured by our track record. URM is by far the most experienced and successful training provider in the UK, having delivered the course for over 15 years and having consistently achieved a pass rate of 97% and above.

URM's BCS CISMP course is the only course in the UK to have been certified both by CIISec ( the Chartered Institute of Information Security) and as part of the NCSC Certified Training scheme.

In essence, when you leave URM’s course, not only will you be fully prepared to take and pass the BCS exam, but you will be more knowledgeable, confident and ready to put into practice what you have learnt.

When was the BCS CISMP Syllabus and Exam Last Updated?

What Changes Were Made?

The BCS CISMP syllabus was first developed at the turn of the millennium and has been regularly updated and refreshed since then, with the last update (v9.0) taking place in June 2020, with the associated exam being released in September 2020.

The majority of the syllabus remains unaltered from the 2017 version, however, a new section has been added to cover security lifecycle both from an information and design process perspective.

The new section also addresses risks to security brought about by systems development and support.

BCS has also used the syllabus refresh to place more emphasis on cyber security, the security framework (e.g. implementation of information security) and to reflect current working practices.

URM’s CISMP course has been updated to fully reflect the changes in the new 2020 syllabus.

How Long is a CISMP Training Course?

BCS recommends that CISMP classroom training should contain a minimum of 18 hours of tuition spread over a minimum of 3 days. Previously it was 40 hours and a minimum of 5 days.

URM, taking feedback from its delegates, has chosen with its CISMP course to deliver 24 hours of tuition over 4 days.

We strongly believe that 4 days is necessary to provide more time for classroom discussion, sharing of experiences and explanation of how the processes and techniques behind the principles can be applied in the workplace.

URM has developed a reputation over 15 years for developing and delivering training courses which focus on practical implementation, rather than merely addressing the theory.

With our 4-day CISMP course, whatever your background, you will have the opportunity to understand all the key fundamentals of information security and be able to apply the principles in your organisation.

Here are a number of comments from delegates who have sat URM’s CISMP course

I am very pleased. The course is brilliantly designed (especially for someone like me with little technical knowledge) and was very well delivered.


The trainer was extremely knowledgeable and explained things very well, particularly the more technical stuff which can be hard to keep up with when it's brand new to you.


I enjoyed the course and thought the trainer was great!

Kickstart your Career Today With URM

More about CISMP

Our Courses

Contact us

For further information on URM's training portfolio, or for course availability, please
- phone 0118 206 5410
- email our training manager
- use our online request form.

About URM

URM is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.

Follow us on

CISMP - Certificate in Information Security Management
CISMP - Certificate in Information Security Management

Overview of URM's Certificate in Information Security Management Principles (CISMP) course.