Call us on +44 (0) 1752 724 000

BCS Level 4 Information and Cyber Security Foundation


Vendor Course Pathways

Any of these package options can be undertaken to achieve the BCS level 4 award in information and cyber security foundations. You'll also receive the vendor course and exam as part of the package.


Packaged Pathways                                                                                                                                                                                     Package Price

Option 1: CompTIA S+ GCHQ Accredited, CySA+ & CASP                                                                                                                                    £3,750.00 +VAT 

Option 2: CompTIA PenTest                                                                                                                                                                             £1,400.00 +VAT

Option 3: CompTIA Network+ & CompTIA PenTest+                                                                                                                                          £2,800.00 +VAT

Option 4: CompTIA Security+ & CompTIA PenTest+                                                                                                                                          £3,100.00 +VAT

Option 5: CompTIA Network+, CompTIA Security+ & CompTIA PenTest+                                                                                                            £4,200.00 +VAT

Option 6: CompTIA CySA+                                                                                                                                                                              £1,400.00 +VAT

Option 7: CompTIA Network+ & CASP GCHQ Accredited                                                                                                                                     £2,800.00 +VAT


What You'll Learn

Understands and applies the foundations of information and cyber security including: explaining the importance of cyber security and basic concepts including harm, identity, confidentiality, integrity, availability, threat, risk and hazard, trust and assurance and the ‘insider threat’ as well as explaining how the concepts relate to each other and the significance of risk to a business.


(a) Can describe why cyber security is important to the corporate and business context

(b) Can explain what the basic concepts are and how they relate to each other

(c) Can describe what a security case is and explain how it is constructed


Can demonstrate knowledge/awareness of the following IISP Core Skills:


1)      Governance

· Can explain the term Information Governance

· Can explain the potential impacts that occur where poor information governance has been observed

· Can outline the governance controls used within your own organisation

2)      Policy & Standards

· Understands the need for Information Security policy to achieve Information Security

· Is aware of information security policy and standards bodies

· Is aware of local processes for consultation, review and approval

3)      Information Security Awareness & Training

· Understands how security awareness and training contributes to maintaining Information Security

· Can describe a variety of methods for improving security awareness

· Can give examples of Information Security risks caused by poor security awareness

· Can describe the benefit of good security awareness

4)       Legal & Regulatory Environment (see TKU8)

5)       Risk Assessment

· Can explain how risk assessments can benefit an organisation

· Can describe the main stages of a risk assessment and the principles that support assessments · Understands the common terminology, controls and approaches used

· Understands the types of risks, threats and vulnerabilities and how they can impact an organisation

· Is able to identify sources of information about threats and vulnerabilities from relevant industry sources

6) Risk management

· Can explain how risk management can benefit the business

· Can describe the process or cycle to manage risk and common terminologies used

· Can describe the different type of controls used to manage risk and the concepts of impact levels · Is aware of sources of assurance to support risk management processes

· Aware of the basic components of risk management: threats, likelihood, and impact

7) Security Architecture

· Can describe the concept of Information Security architecture and how it can be used to reduce information risk

      · Can explain how Information Security architecture interacts with other enterprise architectures       · Understands design patterns or architecture relevant to own work

       · Can relate security architecture to business needs 8) Information Assurance

       · Can describe what an Information Security Management System (ISMS) is and the potential benefits

       · Is aware of the existence of methodologies, processes and standards for providing Information Assurance

       · Can describe and demonstrate understanding of at least one Information Assurance methodology · Is aware of industry standards bodies and services and can provide examples 9) Secure Operations                Management

      · Can explain how poor security management can adversely impact the organisation

      · Can describe the common causes of security incidents

      · Can describe security processes and procedures used within own organisation to maintain operational security

      · Understands security controls that relate to people, process and technology

10) Investigation

(see TKU6) 11) Audit, Assurance & Review

      · Can explain how audits and reviews contribute to effective security management

     · Is aware and can describe audit and review controls used within own organisations

      · Is aware of common sources of information, standards, legislation and accreditation boards that are used to drive and control audit and review processes and practitioners 12) Business Continuity Management

      · Can explain the benefits of Business Continuity Management (BCM) and the consequences of poor BCM

      · Can explain the relationship of BCM with Incident management

      · Can describe the steps with the BCM lifecycle and the approaches that can be used to provide business continuity Can describe the different types of tests that can be used to prepare the organisation


Understands and proposes appropriate responses to current and new attack techniques, hazards and vulnerabilities relevant to the network and business environment.

(a) Can describe the possible indicators (signatures) of compromise

(b) Can describe the difference between targeted and general and systemic attacks

(c) Can describe the response options that are available (e.g. containment, eradication, exploitation, legal) and the main features to implement each

(d) Understands how to scope a response given the objectives for the system under threat

(e) Understands how to do, and the benefits of timeline analysis

(f) Can propose possible remediation actions to reduce the risk of future attacks.

Understands and proposes how to deal with emerging attack techniques, hazards and vulnerabilities relevant to the network and business environment.

(a) Good awareness of the current cyber security threat landscape (known attack techniques, hazards and vulnerabilities)

(b) Can recognise an emergent attack techniques, hazard or vulnerability

(c) Can describe what assets are affected by an emerging threat and the impact to the organisation (d) Understands how a signature or correlation rule is developed from knowledge of an attack technique

(e) Knows how to write a signature or correlation rule.