IISP issues new guidance to underpin Government’s Certified Professional Scheme
The Institute of Information Security Professionals (IISP) has launched a new version of its Skills Framework, used by the Government to support is Certified Professional Scheme for info security.
It said the changes reflect the emergence of new threats, technologies and cyber skills profiles, taking in new skills groups including threat intelligence and assessment, cyber resilience, penetration testing and intrusion detection and analysis.
It also expands the roles of enterprise and technical security architecture and redefines the skills profile for audit, compliance and testing.
The move has significant implications for the development of cyber security skills in government, with the National Cyber Security Centre using the framework to underpin a range of certification schemes. These include the Certified Professional Scheme for which the IISP is the leading certifying body.
IISP chair Alastair MacWillson (pictured) said: “With the rapid growth of cyber threats and attacks there is a significant shortage of high calibre information security professionals, and the UK's National Audit Office warned recently that a lack of skilled workers is hampering the fight against cyber crime.”
“The Skills Framework helps on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals so they have the skills to address today’s ever evolving cyber security challenges.”
The Skills Framework, which was first introduced in 2006, is also used by organisations to develop and benchmark their in-house capabilities, in developing training courses and syllabi for university courses in information security.
Pete Fischer a fellow of the IISP who led the Skills Framework review, commented: “The new framework also recognises the growing need for strategy, management and communications skills for some information security roles.”
Image from IISP