CESG Certified Professional (CCP) Scheme drives greater professionalism in Information Assurance to help protect against growing cyber threats

24 October 2012: As part of the Government’s commitment to increasing cyber security, the IISP (Institute of Information Security Professionals), CREST – the professional body representing the ethical security testing and incident response industry – and Royal Holloway’s Information Security Group (ISG), are rolling out the new CESG Certified Professional scheme (CCP) for Information Assurance (IA) professionals. Full Operational Capability (FoC) for the scheme was granted by CESG – the IA arm of GCHQ – following the success of a detailed pilot scheme.

The CESG initiative means that for the first time central or local government employees or IA professionals providing services to government bodies are able to validate their competencies, knowledge and skills. Candidates can achieve Practitioner, Senior Practitioner and Lead Practitioner status across six key roles as set out in the ‘CESG Certification for IA Professionals’ document. The roles are: Security and Information Risk Advisor (SIRA), IA Accreditor, IA Architect, IA Auditor, IT Security Officer and Communications Security family of roles.

Chris Ensor, Deputy Director for the National Technical Authority for IA, CESG said, “I believe passionately that upping the level of cyber security competence in the UK is hugely important and the implementation of the certification scheme is key. I am very pleased that IISP have reached Full Operational Capability.”

These independent assessments will help government organisations to recruit staff and appoint external consultants with the right skills, at the right level, while IA professionals will be able to benefit from a clearly defined career development path. The 700 plus private consultants currently registered under the CESG Listed Advisors Scheme (CLAS), will need to become IA certified under the CCP scheme by September 2013 to remain CLAS approved.

Senior Practitioner level CCP certification is based on in-depth interviews by experienced assessors. For IA Architects there is also a requirement to pass a professional level technical examination in line with those already provided by CREST for penetration testers and intrusion analysts and recognised by government and the private sector as being industry benchmarks. All CESG Certified Professionals will have to demonstrate on-going relevant experience and Continued Professional Development (CPD) annually to maintain their CCP Certification; while for IA Architects there will be a requirement to res-sit the examination every three years.

The IISP Consortium is one of three certification bodies selected by CESG to deliver the CCP Scheme. The IISP, CREST and Royal Holloway consortium is the only not-for-profit operation. Anyone interested in applying for a role under the CCP Scheme can go to www.iisp.org for more details and to apply.

“We have a lot of interest in the CCP Scheme from government employees and external service providers and have everything in place to start receiving applications for assessment,” said Alastair MacWillson, IISP Chairman and Global Managing Director of Security at Accenture. “The new CESG certification process strengthens the drive for greater professionalism in the information security industry gives further recognition of our achievements in developing the critical security skills needed by both public and private sectors.”

“The public and private sectors need greater confidence that they have access to high quality people with specialist skills and competencies, working in trusted organisations,” said Ian Glover, president of CREST, the not-for-profit organisation that provides globally recognised certifications for organisations and individuals providing security testing services. “Our consortium has the framework, metrics and experience to deliver a professional industry structure that supports the IA buying community and encourages service providers to raise their game.”

For more information, please visit www.iisp.org