UK’s CREST Exports Pen-Testing Certs to Singapore

Security testing non-profit CREST is expanding into Asia after signing an agreement with the Singaporean government to introduce its penetration-testing certifications to the city state.

The UK-based body today signed a memorandum of intent (MoI) with the Cyber Security Agency of Singapore (CSA) and Association of Information Security Professionals (AISP) to establish a CREST Singapore Chapter.

Its pen-testing certifications will be the first to get rolled out, with others covering incident response and malware analysis, with information security architecture potentially introduced at a later date if all goes well.

The idea of the certifications is to provide assurance for pen-testing firms and professionals, and to help grow skills and capabilities at a grassroots level, CREST said.

It has already become the de facto industry standard for penetration testing in the UK and Australia, having been endorsed by both respective governments, according to the non-profit.

CREST director, Rowland Johnson, claimed the deal represented a “real step forward” in the non-profit’s international expansion and also reflects positively “on the UK’s expertise and reputation in cybersecurity.”

“Our objective is to drive both consistency and standards on an international stage. This brings value to the buying community, while also supporting penetration-testing service providers to develop and enhance the processes and skills,” he told Infosecurity

“CREST’s reputation is growing from strength to strength and it demonstrates our ability to influence at the highest levels.”

The deal follows prime minister David Cameron’s trip to Singapore in July which resulted in the signing of a joint memorandum of understanding on cybersecurity.

The UK-SG Cyber Security Cooperation MoU, witnessed by Cameron and his counterpart Lee Hsien Loong, promised greater information sharing between their respective national CERTs, and the creation of a local edition of the UK Cyber Security Challenge.

It also signaled an intention to double a joint R&D security fund between the countries to £2.4m.

At the time, Lee said in a statement, “the UK has well-known expertise in this field and we hope to share our experiences in this increasingly important area.”

Other organizations and government agencies involved in bringing CREST to Singapore include the Monetary Authority of Singapore (MAS), the Association of Banks in Singapore (ABS) and the Infocomm Development Authority of Singapore (IDA).

What’s Hot on Infosecurity Magazine?