Friday, 4 October 2013

GCHQ to quality check UK industry network professionals' security skills

Man using Gunnars specs while working at his computer
The GCHQ has announced plans to extend its ongoing CESG Certified Professional (CCP) scheme to accredit all workers responsible for securing UK industry networks at all types of organisations.
Communications-Electronics Security Group (CESG), the information security arm of the GCHQ, announced the extension in a public post. The scheme will now offer security professionals the ability to apply for CCP Practitioner, Senior Practitioner and Lead Practitioner level accreditations across six key roles. These include Security and Information Risk Advisor (SIRA), IA Accreditor, IA Architect, IA Auditor, IT Security Officer and Communications Security.
Applicants skills will be tested by a joint consortium run by the Institute of Information Security Professionals (IISP), the Council for Registered Ethical Security Testers (CREST) and Royal Holloway University's Information Security Group (ISG). Those who pass will be given accreditation for three years. The exams and accreditations are designed to be a quality benchmark assuring businesses of the professionals' abilities.
Chloe Smith, minister for political and constitutional reform, said the benchmark will help bolster the UK's reputation as a world leader in the cyber security industry. "Since its launch last year, the CCP scheme has been warmly welcomed and endorsed by government cyber security professionals. With demand growing from industry to be part of the scheme, now is the right time to open up CCP and set a unified standard for cyber security professionals right across the UK," she said.
Chris Ensor, CESG's deputy director for the National Technical Authority for Information Assurance (IA), mirrored Smith's sentiment. "CCP is something that UK industry has been waiting for and I am delighted that we have been able to make the scheme available. I would particularly encourage those organisations that support the UK's critical national infrastructure to endorse the scheme and help build a community of UK cyber security professionals that is the envy of the world," he argued.
Growing and protecting the UK's digital economy has been a central goal of the UK government's cyber strategy since it launched in 2011. The government has listed increasing collaboration between the public and private sector as a key step in its security strategy. Cabinet Office minister Francis Maude launched The Cyber Security Information Sharing Partnership (CISP) in March to help with this endeavour.
The GCHQ's CCP scheme was originally unveiled in 2012 but was only offered to government employees and select external service providers. IISP chairman, Alastair MacWillson welcomed the extension, confirming the scheme has already helped accredit 900 government workers.
"We have already helped some 900 government employees and external service providers achieve CCP certification and the decision to extend the scheme to the public sector will increase the UK's IA knowledge, skills and capability in all fields of cyber security to meet one of the objectives of the UK Cyber Security Strategy," he said.
"CESG's decision to base the CCP scheme on the IISP Skills Framework is further recognition of our work to develop critical skills and provide greater professionalism in the cyber security industry."
President of CREST Ian Glover added that the exams aim to increase the number of people interested in a role within the information security industry, by offering them a clearer career path.
"Extending the broader CCP scheme to the private sector is a very logical extension and will give UK companies a much greater level of confidence in the skills, knowledge and competence of their staff and contractors and will provide real career paths for those working in the industry," he said.
Getting more young people interested in careers in cyber security has been a growing challenge facing both the public and private sector. The GCHQ has launched several initiatives designed to help find and train new cyber security professionals. Most recently the GCHQ launched its new Can You Find It challenge to help find and recruit the next generation of cyber security code experts.

No comments:

Post a Comment