Certifications: BCS CISMP

By | 21st May 2018

Some time ago BCS launched the Certificate in Information Security Management Principles, or CISMP. It offers a sensible syllabus and is backed by an appropriate non-profit: BCS.

Linked to the CESG Certified Professionals scheme, CISMP is targeted at testing candidates knowledge in terms of breadth in the subject area of information security management.

Although there are no training requirements, a number of training providers offer 5 day training courses with the CISMP exam included. If you are an information security manager and have a new employee to the field, opting for the course plus exam is something I would strongly recommend.

It’s a two hour closed book exam, and consists of 100 multiple choice questions. The pass mark is 65%.

By way of comparison, the pass mark for British undergraduate degree programmes (some of which make use of multiple choice exams) is 40% (well, technically 38% in some institutions), and at Masters level the pass mark is either 40% or 50% depending on institution preferences.

Some of the recent updates to the syllabus include threat intelligence, big data, IoT, and 27001:2013 alignment. I’ve certainly found the BCS recommended text book to be a useful reference for some of my teaching as an academic.

A good course for this certification should be expected to include coverage of core concepts and definitions, legislation, regulations, standards, business and technical environments, categorisation of controls, selection of controls, and characteristics of controls.

Overall I think this is a sensible certification, and attending a course would add a lot of value to an employee’s development. For experienced candidates, it would serve to baseline knowledge in an easy to understand way.

Full disclosure: I’m a member of BCS, and a BCS Branch Chair.