CESG Certified Professional (CCP) Scheme drives greater professionalism in Information Assurance to help protect against growing cyber threats
24 October 2012: As part of the Government’s commitment to increasing cyber security, the IISP (Institute of Information Security Professionals), CREST – the professional body representing the ethical security testing and incident response industry – and Royal Holloway’s Information Security Group (ISG), are rolling out the new CESG Certified Professional scheme (CCP) for Information Assurance (IA) professionals. Full Operational Capability (FoC) for the scheme was granted by CESG – the IA arm of GCHQ – following the success of a detailed pilot scheme.
The CESG initiative means that for the first time central or local government employees or IA professionals providing services to government bodies are able to validate their competencies, knowledge and skills. Candidates can achieve Practitioner, Senior Practitioner and Lead Practitioner status across six key roles as set out in the ‘CESG Certification for IA Professionals’ document. The roles are: Security and Information Risk Advisor (SIRA), IA Accreditor, IA Architect, IA Auditor, IT Security Officer and Communications Security family of roles.
Chris Ensor, Deputy Director for the National Technical Authority for IA, CESG said, “I believe passionately that upping the level of cyber security competence in the UK is hugely important and the implementation of the certification scheme is key. I am very pleased that IISP have reached Full Operational Capability.”
These independent assessments will help government organisations to recruit staff and appoint external consultants with the right skills, at the right level, while IA professionals will be able to benefit from a clearly defined career development path. The 700 plus private consultants currently registered under the CESG Listed Advisors Scheme (CLAS), will need to become IA certified under the CCP scheme by September 2013 to remain CLAS approved.
Senior Practitioner level CCP certification is based on in-depth interviews by experienced assessors. For IA Architects there is also a requirement to pass a professional level technical examination in line with those already provided by CREST for penetration testers and intrusion analysts and recognised by government and the private sector as being industry benchmarks. All CESG Certified Professionals will have to demonstrate on-going relevant experience and Continued Professional Development (CPD) annually to maintain their CCP Certification; while for IA Architects there will be a requirement to res-sit the examination every three years.
The IISP Consortium is one of three certification bodies selected by CESG to deliver the CCP Scheme. The IISP, CREST and Royal Holloway consortium is the only not-for-profit operation. Anyone interested in applying for a role under the CCP Scheme can go to www.iisp.org for more details and to apply.
“We have a lot of interest in the CCP Scheme from government employees and external service providers and have everything in place to start receiving applications for assessment,” said Alastair MacWillson, IISP Chairman and Global Managing Director of Security at Accenture. “The new CESG certification process strengthens the drive for greater professionalism in the information security industry gives further recognition of our achievements in developing the critical security skills needed by both public and private sectors.”
“The public and private sectors need greater confidence that they have access to high quality people with specialist skills and competencies, working in trusted organisations,” said Ian Glover, president of CREST, the not-for-profit organisation that provides globally recognised certifications for organisations and individuals providing security testing services. “Our consortium has the framework, metrics and experience to deliver a professional industry structure that supports the IA buying community and encourages service providers to raise their game.”
For more information, please visit www.iisp.org
CREST is a not-for-profit organisation that provides globally recognised certifications for organisations and individuals providing penetration testing services. It has a strong relationship with government bodies such as CESG (The National Technical Authority for Information Assurance) along with CPNI the UK Centre for the Protection of the National Infrastructure, and NBISE, the National Board of Information Security Examiners in the US. For security testing companies, CREST provides a provable validation of security testing methodologies and practices; while for individuals, CREST offers an industry leading qualification and career path. CREST members are committed to supporting industry and career development via information sharing, training and conferences.
About the IISP
The IISP is a not-for-profit organisation that was established in 2006 as the professional institute for individuals and organisations for whom Information Security is a priority. Its purpose is to advance professionalism for information security professionals and the industry as a whole, and to act as an accreditation authority for the industry. Since 2007 the IISP has offered professional accreditation based on its widely recognised Skills Framework through its Associate and Full Membership levels, and accredits individuals against the ITPC scheme, which was developed by CSIA.
About the Information Security Group at Royal Holloway, University of London
Royal Holloway, University of London is one of the UK’s leading teaching and research university institutions, ranked in the top 20 for research in the 2008 Research Assessment Exercise. One of the larger colleges of the University of London, Royal Holloway has a strong profile across the sciences, social sciences, arts and humanities. The Information Security Group (ISG) is one of the largest academic security groups in the world. It brings together in a single institution expertise in education, research and practice in the field of information security. The ISG offers an active research environment. It has a thriving PhD community, and offers world-leading masters degree programmes (campus-based and online), as well as postgraduate diploma programmes in information security.