The CISMP (Certificate in Information Security Management Principles) is one of the UK’s most widely recognised entry-level qualifications for information security professionals. Accredited by BCS, The Chartered Institute for IT, it provides a comprehensive foundation in cyber security and information security management.
CISMP is designed for individuals working in, or aspiring to work in, security-related roles – particularly those seeking to progress into management or governance positions. It is also suitable for business professionals who need a broader understanding of information security as part of their wider operational responsibilities.
It is frequently cited as the first step towards more advanced qualifications, such as CISM® and CISSP®.
The CISMP syllabus is aligned with national and international frameworks, including ISO 27001, and is approved under the UK government’s CCP (Certified Cyber Professional) scheme.
What are the 9 CISMP domains?
CISMP is built around nine core domains. Each reflects a critical aspect of information security management and is mapped to SFIA (Skills Framework for the Information Age) levels 2 and 3. The exam weighting is as follows:
| CISMP domain | Exam weighting |
| 1. Information Security Principles | 10% |
| 2. Information Risk | 15% |
| 3. Information Security Frameworks | 15% |
| 4. Security Operations | 15% |
| 5. The Security Lifecycle and DevSecOps | 10% |
| 6. Technical Security | 15% |
| 7. Physical and Environmental Security | 5% |
| 8. Disaster Recovery and Digital Forensics | 10% |
| 9. Emerging and Growing Technologies | 5% |
Our CISMP Training Course is accredited by BCS, The Chartered Institute for IT, and covers all nine domains.
The CISMP syllabus
1. Information Security Principles
1.1 Describe terms and concepts associated with information security management.
1.2 Explain the need for, and benefits of, information security.
1.3 Describe the terms and principles associated with personal data privacy legislation and considerations.
2. Information Risk
2.1 Describe the key components of risk management.
2.2 Explain the processes involved in the risk management lifecycle.
3. Information Security Frameworks
3.1 Describe key components of organisational structure and policy in managing information security.
3.2 Explain the principles of information security governance and information assurance.
3.3 Describe security standards, procedures and frameworks.
4. Security Operations
4.1 Explain concepts, models and technologies associated with security architecture and operations.
4.2 Explain threat modelling and common threat modelling frameworks.
4.3 Explain techniques for identifying, assessing and managing security vulnerabilities.
4.4 Describe common types of cyber attacks and threats to systems.
5. The Security Lifecycle and DevSecOps
5.1 Explain stages and considerations of information security lifecycle management.
5.2 Describe the key terms, features and benefits of DevSecOps.
6. Technical Security
6.1 Describe key concepts associated with networks and network security.
6.2 Describe technical strategies and measures to secure IT infrastructure.
7. Physical and Environmental Security
7.1 Describe common physical security controls
8. Disaster Recovery and Digital Forensics
8.1 Describe activities involved in incident response.
8.2 Explain terms associated with disaster recovery
8.3 Describe the process and principles of digital forensics.
9. Emerging and Growing Technologies
9.1 Describe common security concerns associated with emerging and growing technologies.
CISMP exam format and certification
- Exam duration: 60 minutes
- Delivery method: Online, supervised
- Questions: 40 multiple choice
- Pass mark: 65% (26 correct answers)
- Open book: No
Upon successful completion, candidates are awarded the BCS Foundation Certificate in Information Security Management Principles. This qualification is recognised across the UK and endorsed by the MOD and government bodies under the CCP scheme.
Why choose CISMP?
CISMP is a proven first step in an information security career, offering both professional credibility and practical value. It is often used as a springboard to more advanced qualifications such as CISM, CISSP or ISO 27001 Lead Implementer.
- Recognised by UK government, MOD and employers nationwide
- Maps to SFIA levels 2 and 3, covering practical and theoretical knowledge
- Supports progression into technical and managerial security roles
- Aligns with widely used frameworks such as ISO 27001, NIST and Cyber Essentials
- Suitable for both technical and non-technical professionals
Get CISMP certified
IT Governance is a BCS Accredited Training Partner. Our CISMP Training Course is led by experienced consultants and prepares candidates for the exam through a five-day intensive programme.
- Delivered Live Online, in person, or self-paced
- Includes the official Information Security Management Principles textbook
- Covers the full BCS syllabus and includes exam registration
- Successful completion earns 35 CPD points
With a 96% pass rate and thousands trained, our course is the ideal starting point for a career in cyber and information security.
The post The 9 CISMP Domains Explained appeared first on IT Governance Blog.
