|
|
| IA Profession, Roles and Skills |
| |
| Those involved in delivering Information
Assurance (IA) products and services, setting standards or developing
guidance need specialist skills. |
| |
If you are an IA specialist working in, or for, the public
sector or are considering embarking on a career in IA or are
involved in the recruitment, selection, training or management
of IA specialists you will be interested in the work CESG is
doing in consultation with groups from Government, Industry
and Academia to develop an ‘IA profession’ for IA
specialists.
The recent Cyber Security Strategy, published in November 2011, sets out
how the UK will tackle cyber threats and has four objectives.
The fourth objective is particularly pertinent and is for “the
UK to have the cross-cutting knowledge, skills and capability
it needs to underpin all our cyber security objectives”. |
| |
| CESG Certification for IA Specialists
|
CESG has been working closely with representatives from both
public and private sectors to establish a framework
(pdf) for IA specialists, against which the competence of
IA specialists to perform common public sector IA roles can
be assessed.
Recognising that a great deal of good work has already been
done in the private sector on the need for an ‘IA profession’
for IA specialists, CESG adopted the Institute of Information
Security Professionals’ (IISP) skills framework as an
excellent starting point for the development of the competency
framework for the public sector.
The first IA roles to be defined are:
- Security & Information Risk Advisor
- Security Architect
- IA Auditor
- Accreditor
- IT Security Officer (ITSO)
- Communications Security Officer (ComSO)
CESG-appointed certification bodies have begun to assess whether
applicant IA specialists meet the requirements of the IA role
definitions. The three organisation selected to be certification
bodies are:
The three certification bodies are in the Initial Operating Capability (IOC) phase where they are processing a limited number of applications. It is expected that the Full Operating Capability (FOC) phase will begin in February 2012.
For more details of how each Certification Body will conduct their assessments please visit their websites (see above).
Certification against at least one IA role will be a requirement
for membership of an updated version of the CESG
Listed Advisor Scheme (CLAS).
It is expected that the competency framework will continue to
evolve with further roles defined according to demand for certification
against them. |
| |
| The benefits |
As a potential public sector employer, the certification process
will help you to employ the right specialist with the right
skills and expertise for the job.
As an IA specialist you will benefit from the opportunity to
have your competence to perform an IA role independently verified.
The IA role definitions identified in the framework will also
help you to plan your professional personal development. |
| |
| Events |
| IA Practitioners' conference, York March 2011
- CESG gave a presentation
on professionalisation for IA specialists (pdf) at the conference.
|
| |
| Contact us |
| We recognise that the Competency Framework will continue to
develop. We welcome your feedback on the content of the CESG
Certification for IA Specialists document and invite you to
send your comments to enquiries@cesg.gsi.gov.uk |
|
