A consortium comprising the IISP (Institute of Information Security Professionals), CREST (Council for Registered Ethical Security Testers) and Royal Holloway’s Information Security Group (ISG) has been appointed by CESG to provide certification for UK Government Information Assurance professionals.

The consortium has been awarded a licence to issue the CESG Certified Professional Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the information assurance arm of GCHQ.

The certification process is designed to increase levels of professionalism in information assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by a group of academics and security experts, the framework has been adopted by GCHQ as the basis for its CESG Certified Professional specification.

Chris Ensor, head of profession for IA at CESG said: "This is a major step forward in professionalising key information assurance roles needed by the public sector. It is also an important development along the path of securing the UK against cyber attack and protecting government and individuals' data. CESG looks forward to continuing close co-operation with the IISP, CREST and Royal Holloway in delivering this IA Certification Service."

“We are delighted that this consortium has been approved as a certification body for government information assurance professionals, giving further recognition of our achievements in developing the critical security skills needed by both public and private sectors,” said Paul Dorey, the IISP’s chairman emeritus and visiting professor at RHUL. “Positioning the IISP Skills Framework at the centre of this new certification process further strengthens the drive for greater professionalism in the information security industry and puts IISP members at the forefront of this initiative,” adds current IISP chairman, Alastair MacWillson, global managing director of security at Accenture.

“As the industry is maturing, both the public and private sectors need increased confidence that they have access to high quality people with specialist skills and competencies, working in trusted organisations,” said Ian Glover, president of CREST. “By bringing together the IISP, CREST and Royal Holloway, we have the framework, metrics and experience to create a professional industry structure that supports the IA buying community and encourages service providers to raise their game.”

Government employees or individuals providing services to government bodies are now able to achieve practitioner, senior practitioner and lead practitioner status across six roles: security and information risk advisor, IA accreditor, IA security architect, IA auditor, IT security officer and communications security officer.

Share Story: