GCHQ security accreditation offered to UK companies
IT professionals outside government get chance of GCHQ backed certification
By Antony Savvas | Computerworld UK | Published: 10:48, 01 October 2013
CESG, the information security arm of GCHQ, the UK's spy centre, has announced that its CESG Certified Professional (CCP) scheme has been expanded to include those responsible for securing networks at UK companies.
Originally launched in October 2012 for those working on government networks, the CCP scheme formally recognises the expertise of those working in the information assurance (IA) and cyber security sectors.
Now, for the first time, security professionals responsible for protecting UK industry networks from threats and vulnerabilities, can now take advantage of the scheme, "further positioning CCP as the UK's cyber security professional standard", said CESG.
Related Articles on Techworld
Since the scheme's launch nearly 700 cyber security professionals responsible for securing UK government networks have been successfully accredited.
The CCP scheme is run by three independent certification bodies, appointed and audited by CESG. These are the APM Group; the IISP, CREST and Royal Holloway ISG consortium; and BCS, the Chartered Institute for IT.
The CCP certifications are valid for three years and provide a CESG approved benchmark of skills, knowledge and expertise in cyber security.
Chris Ensor, CESG deputy director for the National Technical Authority for IA (information assurance), said, "CCP is something that UK industry has been waiting for and I am delighted that we have been able to make the scheme available.
"I would particularly encourage those organisations that support the UK's critical national infrastructure to endorse the scheme and help build a community of UK cyber security professionals that is the envy of the world."
Adam Thilthorpe, director of professionalism, at BCS, said, "Information security and assurance issues are now pivotal to businesses. With 93 percent of organisations experiencing a security breach last year, it is vital that UK Plc ensures its information is safe and that the right people with the right skills are working with their organisations."
The scheme certifies IA specialists against specific IA roles and skills aligned to the competency framework Skills for the Information Age (SFIA) and BCS' SFIAplus.
It offers three levels of certification - practitioner, senior practitioner and lead practitioner - and covers six roles identified by CESG within IA, including: security and information risk advisor, IA architect, IA accreditor, IA auditor, IT security officer and communications security officer.