The Certificate in Information Security Management Principles (CISMP) course is designed to provide the foundation of knowledge necessary for individuals who have information security responsibilities as part of their day to day role, or who are thinking of moving into an information security or related function.

The certificate, which can be gained at the end of the course by passing a multi-choice examination, will demonstrate that you have a strong understanding of what good practice information security comprises.

This video provides an overview of URM’s CISMP course

What is CISMP?

CISMP stands for the Certificate in Information Security Management Principles. It is a foundation level qualification provided by the BCS, the Chartered Institute for IT.

How Do I Attain the CISMP?

The CISMP qualification is typically attained by attending a 5-day training course and sitting an exam on the final afternoon of the course.

What is Meant by Principles?

The CISMP is designed to teach you the different processes and techniques which are used by organisations to manage their information security.

At URM, we concentrate on teaching the principles behind these processes and techniques without getting too technical. For example, we will teach you what a firewall is and why it is useful, but you don’t need to know how to configure one.  Similarly, when we look at cryptography, we focus on the principles and how it can be used to protect your information, but we won’t get bogged down in the detail of how it works.

What topics does the CISMP cover?

The CISMP training course follows the latest BCS syllabus. The subject areas you will cover are:

Concepts, terms and definitions associated with information security
The information security framework and the concept of an information security management system (ISMS)
The roles and responsibilities typically associated with the management of information security
Relevant international standards such as ISO 27001
Incident management, investigations and forensics
Training and awareness
The legal framework
Protection from malicious software
Physical and environmental security controls
The benefits of effective information security management and the consequences of not doing it
The importance of information risk management
The need for corporate governance
Policies, standards, and procedures
Different types of information security controls and what they are used for
Information security auditing
The software development life-cycle
Communications and networks
Business continuity and disaster recovery

What is a Typical CISMP Training Day?

We generally present 4 to 6 modules per day which cover different aspects of the subject areas just mentioned.  The learning environment is dynamic with exercises, teaching and the sharing of knowledge, experiences and ideas.

Is CISMP Worth it?

The CISMP is a great foundation level qualification. It provides you with a broad understanding of all the key aspects of information security and provides you with the confidence and credibility to forge a career in the information security industry.

How do I Gain the Qualification?

It is a foundation qualification in information security management which demonstrates that you have a good understanding of all the principles associated with information security management.


To gain the qualification, you are required to take a closed book exam which is made up of 100 multiple-choice questions. It is a 2-hour exam which is typically taken on the final day of a five-day classroom course. The pass mark is 65%. With URM, we provide you with a guarantee that you will pass the exam.

CISMP Exam Questions

The 100 questions are straightforward multiple-choice questions. Each one asks a direct question for which there are four possible answers, only one of which is correct. There are no trick questions.

CISMP Pre-requisites

There are no pre-requisites or pre-reading for attending the CISMP course or sitting the exam, we will teach you everything you need to know during the course.


The CISMP and CISSP cover very similar subjects to a similar depth. However, the CISSP qualification which stands for Certified Information Systems Security Professional is harder to achieve for two reasons.

  1. The examination is longer and more difficult. With CISSP, you have six hours to answer 250 multiple choice questions, whereas with the CISMP you have two hours to answer 100 multiple-choice questions.
  2. In order to attain the CISSP qualification, you must demonstrate 5 years of information security related experience covering two or more of the ten CISSP domains (subject areas).

Completing the CISMP training first is the ideal first step in gaining the knowledge and understanding of information security principles that will help you to achieve the CISSP at a later date. The CISMP training will help you develop and forge a career in information security and you can sit the CISSP when you have the required 5 years of practical experience.


The CISM, which stands for Certified Information Security Manager, concentrates on the management aspects of information security such as risk management rather than technical aspects like cryptography. To gain the qualification you need to pass an exam and have at least 5 years of information security experience, 3 of which must be in an information security management role.

Again, the CISMP is a good foundation level qualification if you want to start a career in information security management. It provides you with the principles associated with the subject which can be applied to gaining the experience necessary for you to achieve the CISM qualification at a later date.

Why Train with URM?

Quite simply, the key differentiator is our trainers. URM’s trainers are all practicing information security consultants and ex-information security managers. As such, we understand the day-to-day challenges you face or will be facing.   We have extensive experience to draw on and share with you. In fact, that’s what we really enjoy.

Whether it is a question you ask in class or want to discuss on a 1:1 during breaks, lunch or at the end of the day, we really want to help. We go to great lengths to make the course relevant to you, by using examples taken from a wide range of sectors and industries.

Yes, we want you to pass the exam, and in fact, we guarantee it! but most importantly, we want you to enjoy the course and walk away wiser, empowered and ready to put into action what you have learned.

We can back this up with numbers too. We are the most experienced and successful CISMP training provider having delivered courses for over 15 years. On top of that, our course is the only course to have been accredited by the Chartered Institute of Information Security and as part of the National Cyber Security Centre Training (NCSC) scheme.

Our Courses

What people say about us

caret-down caret-up caret-left caret-right

“I thoroughly enjoyed the course and most of that was down to the trainer’s delivery of the course syllabus. The depth of general knowledge delivered by him on top of the detailed course material with reference to real-world experience was outstanding. The course delivery exceeded my expectations and I am really pleased I went with URM as this course provider. Will definitely will be using URM again for future courses.”

(Asha, The Crown Estate)

“Daryn and I are very happy with our results, so please pass on our thanks to the trainer who was an excellent tutor and helped to make the course enjoyable and informative. We were impressed with the venue and I would certainly recommend URM services to anyone who is looking at gaining BCS qualifications or equivalent.”

(Daryn and Mike, Peel Ports)

About URM

URM is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.

Contact us

For further information on URM’s training portfolio, or for course availability, please
– phone 0118 206 5410
– email our training manager
– use our online request form.

Follow us on