It launched last year to certify the competence and skills of information assurance (IA) and cybersecurity professionals working for the UK government; the hope now is that it will become an industry-wide certification benchmark.
The CCP scheme runs in parallel with the IISP’s own professional development and certification program. Candidates can achieve practitioner, senior practitioner and lead practitioner status across six key roles: Security and Information Risk Advisor (SIRA), IA Accreditor, IA Architect, IA Auditor, IT Security Officer and Communications Security.
“Private sector organizations are already putting their staff through the security architecture examination, which is part of the CCP scheme and the private sector is the primary user of CREST penetration testing and intrusion analysis examinations,” said Ian Glover, president of CREST, in a statement. CREST is the professional body representing the ethical security testing and cyber incident response industry.
He added, “Extending the broader CCP scheme to the private sector is a very logical extension and will give UK companies a much greater level of confidence in the skills, knowledge and competence of their staff and contractors and will provide real career paths for those working in the industry. This is a further example of the excellent work the UK government is doing in this area to support both government and private sector organizations.”
A consortium that includes Institute of Information Security Professionals (IISP), CREST and Royal Holloway’s Information Security Group (ISG), is one of three bodies appointed by CESG to deliver certifications to security professionals.
CESG has also selected and licensed the IISP Skills Framework to underpin the CCP scheme for all accredited certification providers.
“We have already helped some 900 government employees and external service providers achieve CCP certification and the decision to extend the scheme to the public sector will increase the UK’s IA knowledge, skills and capability in all fields of cyber security to meet one of the objectives of the UK Cyber Security Strategy,” said Alastair MacWillson, IISP chairman, in a statement. “CESG’s decision to base the CCP scheme on the IISP Skills Framework is further recognition of our work to develop critical skills and provide greater professionalism in the cyber security industry.”
Glover added, “Our consortium has shown that it has the framework, metrics and experience to deliver a professional certification structure that supports the IA buying community, provides a clearly defined career path and encourages service providers to raise their game.”