Everything you Need to Know About the CISMP

How do you start learning about information security?  

Knowledge about information security and understanding of how to approach it in a professional environment is incredibly valuable for individuals in a wide range of roles, but how do you actually learn about it? While the internet is full of information and resources about information security, not all of this is reliable or up to date, and it can be difficult to determine which sources are trustworthy. Therefore, attending a recognised information security course with an established training provider is often a better route for you to take if you want to learn about information security for professional purposes.   

Is information security hard to study?  

Information security is a big topic, and, although very interesting once understood, can be quite dry to learn about if your study is self-led. However, if you attend a training course facilitated by qualified information security practitioner, the trainer will be able to teach you about information security in a way that is both easy to understand and engaging.  

How do you start learning about cyber security with no experience?  

As is the case with information security, the internet is full of misleading information about cyber security best practices, so, if you are a beginner in this area but want to learn more about it, it is best to attend a training course. 

One course that you could start with is a Certificate in Information Security Principles (CISMP) training course. The CISMP is a foundation level qualification, developed and managed by the British Computing Society (BCS), designed to provide delegates with a strong understanding of the fundamentals of information security management. The CISMP curriculum covers a broad range of information security and risk management related topics and is an industry recognised qualification, making it a valuable asset in the professional development of individuals whose work requires them to consider or interact with information security.  While the CISMP is primarily focused on information security, it also has some coverage of cyber security, providing you with an introduction to how you can protect yourself from malicious software.  

Who is the CISMP for?  

The short answer is anyone and everyone with an interest in information security. The CISMP has no formal entry requirements (although the BCS website does recommend that delegates have a basic knowledge of IT and some awareness of issues surrounding the security control activities) and, as such, is appropriate for individuals with various levels of information security knowledge and experience.  

For example, an established IT professional, despite already having a considerable knowledge of IT and technology, could benefit from the opportunity provided by the CISMP to consider their area of expertise from an information security management perspective. Meanwhile, on the other end of the spectrum, students or aspiring professionals looking to begin a career in cyber security, risk management, or information security can gain a foundational understanding of these fields and earn a well-respected and established qualification to help them get a foot in the door of their chosen career path.    

Compliance officers, small business owners, managers and countless other types of professionals can also benefit from the CISMP. Ultimately, if you would like to learn more about information security, the CISMP is a great starting point from which you can progress to taking more advanced courses, such as the BCS Practitioner level qualifications. 

What is Covered in the CISMP?  

The CISMP syllabus is extremely comprehensive and covers a very wide range of topics around information security and risk management. To certify, you will need to understand the key concepts and definitions associated with information security, the importance of information risk management and effective information security, and the consequences of poor information security. The CISMP will also introduce you to the concept of an information security management system (ISMS), different types of information security controls, policies and procedures, and information security auditing. As well as this, it will provide you with an understanding of relevant legislation and international standards, such as ISO 27001. 

Beyond coverage of information security specifically, the curriculum explores other relevant topics such as incident management, investigations and forensics, business continuity and disaster recovery, the software development lifecycle, and even cryptography. The extensiveness of the syllabus means that, upon successful certification, you will not only have a strong knowledge of information security, but also the fields and disciplines at its periphery, allowing you to go back to your workplace with a well-rounded, holistic view of how to approach information security management.  

How is the CISMP Assessed?  

The CISMP is assessed by a closed-book, 2 hour examination with 100 multiple-choice questions, the pass mark for which is 65%. The exam can be taken in person at a Pearson VUE venue or online, and costs £192 (£160 + VAT) if you are based in the UK and have decided to self-study. Alternatively, if you’re taking the course with a training provider, the cost of the exam will generally be included in the price of your course. Remote exams can be taken at the date and time of your choice following your training course.  

How do you Prepare for the CISMP Examination?  

Technically, all you need to prepare for the CISMP is a copy of the BCS curriculum. However, BCS recommends that you take the course with an accredited training provider, such as URM. While the curriculum does provide you with the key information necessary to pass the exam, a trainer will provide you with context and real-world examples which will not only increase your chances of success in the exam, but also help you practically apply the knowledge you have gained when you return to work.  

How long does it take to learn about information security? 

BCS recommends delegates receive at least 18 hours of tuition before the examination, spread over 3 days or more. We at URM have found that it is more effective to deliver the course over 24 hours, as this allows enough time for classroom discussion, experience sharing, and contextualisation of what is being taught, as well as the curriculum itself.  

Training courses can be taken in-person, although post-pandemic it is increasingly common to see the courses take place remotely. Our remote courses are conducted over 6 mornings, as full days on Microsoft Teams can be quite challenging.   

Closing thoughts 

The CISMP is the ideal qualification for professionals who want to expand their understanding of information security management and be able to evidence this knowledge with an established, respected qualification from a chartered institute. The benefits of certification to the CISMP are manifold, allowing you to increase your knowledge of cyber security, advance your career, maintain regulatory compliance, and protect not only your business but also your own, personal data privacy.  

Why URM for CISMP?  

URM has been delivering its National Centre for Cyber Security (NCSC) assured, BCS aligned CISMP course for over 15 years, and has consistently achieved a pass rate of 98% and above.  Our trainers are all qualified information security practitioners who always teach with the goal of maximising the sharing of skills and knowledge across the entire group. With an emphasis on ‘real-world’ application, your URM CISMP trainer will make sure you complete the course with not just an understanding of the theory behind information security, but also the ability to put that theory into practice.  

Previous delegates of our CISMP course have said: 

• ‘The level of detail and how that information was put across was above what I was expecting’ 
   
• ‘The trainer was able to utilise his industry experience to give real world examples’ 
    
• ‘Wanted to reiterate to the trainer how helpful and great he was as an instructor’ 
   
• ‘One of the best training courses I have been on, in terms of teaching quality and how enjoyable the week was.’