HOME | TERMS | CONTACT US | SITE MAP   The National Technical Authority for Information Assurance     ABOUT US   PRODUCTS & SERVICES   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A ..... You are here: CESG > Products and Services >IACS >CHECK >CHECK Team Members CHECK What is CHECK? Find a CHECK Service Provider and Validate Personnel Why you need a CHECK Service Provider The CHECK Service Assault Course Fundamental Principles of the CHECK Service CHECK Reporting Requirements How Do I Use a CHECK Service Provider? Why should I become a CHECK Service Provider? Customer Feedback for CHECK Provider work Applying For CHECK Membership CHECK Contact information     CHECK Team Members A CHECK team is composed of at least one team leader (someone who has passed the CHECK Assault Course) and a number of team members. Obviously, the CHECK team leader will need to be an experienced penetration tester in order to pass the assault course. Although team members do not have to demonstrate the same level of skill and experience in Health Check work as the team leader, team members must also be experienced penetration testers who will work towards successful completion of the Assault Course. The purpose of the CHECK scheme is to provide assurance that a penetration test of a HMG network will be performed to certain standards. The composition of the CHECK team is considered to be a critical component in assuring the quality of work performed by the team. It is for this reason that we review the technical experience of team members and ask for the information detailed below. Each proposed team member must submit a current CV that details previous relevant job history as well as key skills and experience as follows: Personal details: Full name, home address, contact telephone number, national insurance number and date of birth. Employment: Full employment history, with dates. A brief description of you responsibilities must be included for every relevant technical position held. Education: Full education history, with dates. Professional qualifications and membership: Details of professional qualifications and membership of professional bodies, with dates. Training: Details of any relevant technical training received, with dates. Relevant skills and experience: Details of key technical skills and notable tasks performed. We also require that each team member submits answers to the following specific questions: How long have you been performing penetration testing? In the previous 3 years, how many penetration tests have you performed? In the previous 12 months, how many penetration test have you performed? How many penetration test reports have you written in the previous 3 years? How many penetration tests have you written in the previous 12 months? Which operating systems do you use when performing penetration tests? Which tools do you use when performing penetration tests? Answers to these questions should be submitted separately to the CV and on no more than two sides of A4. We expect that prospective team members will have worked on a number of penetration tests over a period of at least a year. Updated information on all team members (including CVs) should be provided yearly. Note that inexperienced and trainee penetration testers will not be accepted into a CHECK team and that CHECK work should not be used as a training assignment without the approval of CESG. As CHECK is a penetration testing scheme, we will not normally approve the addition of individuals who are not penetration testers. This includes individuals who have information security experience outside of penetration testing, such as policy work, risk assessment and so on. Back to Applying For Check Membership  © Crown copyright, 2008. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk