The UK’s National Cyber Security Centre (NCSC) is developing a program to certify cybersecurity advisors. Currently in its proof of concept stage, the Cyber Advisor service will certify individual consultants who can provide practical advice to help secure businesses.
The NCSC is developing the initiative to extend its current consulting services beyond complex specialist areas, it said. Its current services focus on larger businesses, often concentrating on critical national infrastructure, but the new initiative will open up advisory services to more organizations, it explained.
The Cyber Advisor service will focus on the five technical controls that underpin the NCSC’s Cyber Essentials initiative. These are firewalls, secure settings, access controls, malware and software updates.
The Centre already operates a Cyber Essentials program that certifies small businesses as meeting baseline security standards, but companies need not aim for this certification when engaging a Cyber Advisor, the Centre said. In fact, Cyber Advisors will not be able to certify organizations under the Cyber Essentials program. Instead, they will simply help identify and implement cybersecurity improvements for clients in the five control areas.
The Cyber Advisor service will include conducting a gap analysis to see where a client falls short under Cyber Essentials controls. The advisor will report to the client’s leadership on these gaps and the risks they create, and then identify and help implement remediation activities.
The NCSC will eventually charge £250 to assess an individual for Cyber Advisor status, but it is initially funding free assessments for 100 certified advisors for the program. It is inviting applications from people with diverse backgrounds for these initial positions, and will use them for feedback in the early stages of the program.
Certified individuals will only be able to offer the Cyber Advisor service if employed by an NCSC Assured Service Provider, it added. An organization must pay £600 for Cyber Advisor Assured Service Provider status, along with an initial £250 onboarding fee.
Certification body IASME is handling the program for the NCSC, and is taking applications.
Commenting on the announcement, Joseph Carson, chief security scientist and advisory CISO at Delinea, said: “Cyber mentors, also known as cyber ambassadors, have been growing within organizations around the world, and it is great to see the NCSC taking the same initiative to help more businesses meet the cyber essentials five security controls. If businesses implement the Cyber Essential five security controls, it will make it much more difficult for cyber-criminals to attack. The cyber advisor scheme by the NCSC is a great step forward, and I hope this is the start of a broader plan to strengthen security awareness and business resiliency against the ever increasing cyber threats.”