CESG Certified Professional



Similar documents
January 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals

Application Guidance CCP Penetration Tester Role, Practitioner Level

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Agile Project Management White Paper

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing

Specialist Cloud Services. Acumin Cloud Security Resourcing

CREST EXAMINATIONS. CREST (GB) Ltd 2016 All Rights Reserved

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Digital Industries Apprenticeship: Assessment Plan. Cyber Security Technologist. April 2016

CBEST FAQ February 2015

Document Control Information

A Guide to the Cyber Essentials Scheme

Change Management Professional Horizons for Success. The Enabling Change SIG. Robert Cole Hannah Melville Mark Hamlyn

project management community? Are you getting the best from your Project Management Learning Consultancy At a glance

PPM Competency Profiling

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS

DRAFT COPY. Good Practice Guide: The Education, Training, and Development of Accounting Technicians. IFAC Developing Nations Committee

Career Paths in Information Security v6.0

ICT and Information Security Resources

CESG Certification of Cyber Security Training Courses

The Chartered Institute of Marketing

The International Institute for Business Analysis

The standard for extraordinary project professionals...

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

UK Permanent Salary Index

Contents. 2. Why use a Project Management methodology?

UK Government IA Recent Changes and Update

Assessment Strategy for. Audit Practice, Tax Practice, Management Consulting Practice and Business Accounting Practice.

Cyber Essentials Scheme. Summary

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May Dear Sir or Madam,

Committees Date: Subject: Public Report of: For Information Summary

Guide to Penetration Testing

IBM Hosted Application Scanning

WACS membership includes cooks, chefs and culinary educators from over 93 countries, representing over 10 million professionals.

Hackers are here. Where are you?

ACS Certification Guidelines

APPLICATIONS. UCD School of Architecture Professional Diploma (Architecture) PROGRAMME INFORMATION

Career Analysis into Cyber Security: New & Evolving Occupations

Professional certification from BCS, The Chartered Institute for IT. bcs.org/certification

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

Cyber Essentials Scheme

ITIL Service Management Practices:

DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0

Your introduction to web design qualifications with Home Learning College

What Makes PMI Certifications Stand Apart?

Graduate Internships, Manager Guidelines

Digital Industries Apprenticeship: Assessment Plan. Infrastructure Technician. March 2016

FREE PRINCE2 Accredited

About ACCA. Global infrastructure

ESKISP Conduct security testing, under supervision

HR ADVISOR JUNE 2015

The IP3 accreditation process. Bob Hart Chief Assessor September 2008

Spillemyndigheden s Certification Programme Instructions on Vulnerability Scanning

G-Cloud Definition of Services Security Penetration Testing

The Recruitment Market in 2014

datasheet QCF Contact Centre Operations What is an NVQ?

DAQ Guide 9 December A Good Practice Guide to Accreditation of Prior Achievement (APA)

STL Microsoft Dynamics CRM Consulting and Support Services

Information for registrants. Continuing professional development and your registration

BTEC International Quality Assurance Handbook

Leadership and Management Training

Information for registrants. Continuing professional development and your registration

Information Brochure Global Leadership for Financial Professionals

Emily House, Kensal Road, London W10 5BN

Paralegal Employment Opportunities at Aston Carter Solicitors. May 2012

Portfolio, Programme and Project Management Maturity Model - a Guide to Improving Performance

The Rehabilitation Hospital at King Fahad Medical City

Comments or suggestions on how this document could be improved would be welcomed.

To be determined but likely to include a Regional HR Manager (to be appointed) London or Nairobi with significant travel to the East Africa region

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

Genito-urinary Medicine

What is the ACCA Approved Employer Programme?

Degree Apprentice Handbook

CYBER SECURITY TRAINING SAFE AND SECURE

Who can do an SVQ? How they work

Volunteer Managers National Occupational Standards

Quality Assurance of Medical Appraisers

POLICY POLICY STATEMENT

Higher Apprenticeship in Information Security - Level 4 (England)

Candidate Tips and Tricks

MSc Cyber Security UKPASS P Course 1 Year Full-Time, 2-3 Years Part-Time

CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

How to gain accreditation for a G-Cloud Service

Foregenix Incident Response Handbook. A comprehensive guide of what to do in the unfortunate event of a compromise

Document Reference APMG 15/015

Software Testing Certifications

Updates to the Business Systems Development (BSD) Diplomas

The IPSJ Model of IT Professional Certification

Guidance. Injection: Crafts Council s business development scheme Guidelines for Applicants. Crafts Council Registered Charity Number

LLM/MSc. Environmental Policy and Governance. School of Arts and Humanities.

G Cloud III Framework Lot 4 (SCS) Project Management

Qualification and Assessment Specification

counter fraud specialist (cacfs)

Transcription:

CESG Certified Professional Verify your skills and competence in information assurance Now open to cyber security professionals working in UK industry

CONTENTS 1. Introduction 2. IA in Context: Why Professionalism Matters 3. About the Scheme 4. Skills and Competencies Required 5. Our Assessment Process 6. About APM Group and CESG Introduction from Richard Pharro, CEO, The APM Group Improved Information Assurance (IA) skills, knowledge and professionalism are objectives of the National IA Strategy and the Cyber Security Strategy. Certification aims to improve matching between organisational requirements for IA expertise and the competence of those recruited or contracted to provide that expertise. The APM Group is delighted to be working with CESG to develop an assessment process for IA professionals, helping them reflect on and assess their skills and prove their competence to their employers or prospective employers. Our online application process is straightforward and streamlined, so we hope to welcome you onto the scheme very soon. Richard Pharro, CEO, The APM Group Our certification process will give IA specialists the opportunity to have their competence to perform an IA role independently verified. The IA role definitions will also help people plan their professional development. We aim to set high standards which will become the industry benchmark. Richard Pharro,CEO, The APM Group 1

Being able to schedule my interview outside working hours was very helpful. In fact, the whole assessment process was straightforward. Candidate Professionalism in IA is a key part of the UK Government s Cyber Security Strategy One of the Government s key objectives is to encourage, support and develop education for IA professionals. Staying secure in cyberspace can seem complex, difficult and expensive. Without a clear and shared understanding of the nature and scale of threats and vulnerabilities, the case for investing in protection and prevention can be undermined. Information assurance plays an important role in reducing our vulnerabilities in cyberspace. We need people with the knowledge, skills and capability to achieve our cyber security objectives and to take advantage of the economic and social opportunities represented by cyberspace. The Government is committed to growing the cadre of cyber security professionals so the UK continues to retain an edge in this area, together with the underlying research and development to keep producing innovative solutions. Improved IA skills, knowledge and professionalism are therefore fundamental to achieving the objectives set out in the National IA Strategy and the Cyber Security Strategy. Government is supporting the initiative to drive up skill levels of IA and Cyber Security professionals and our programme is designed to help people like you prove your skills and competence. Certification provides independent verification of someone s skills, giving credibility to the candidate and added certainty to their employer that they are competent to do the job. The scale of the problem The 2014 Information Security Breaches Survey found that 81% of large organisations and 60% of small organisations reported a breach. Although the overall number of breaches has gone down since 2013, the reported cost and severity of those breaches has increased significantly. For small organisations the worst breaches cost between 65,000 and 115,000 on average and for large organisations between 600,000 and 1.15 million. 2

The assessment is of significant value because it takes existing qualifications and experience into account. It gives independent verification that someone is suitable for these specialised roles. I found it was a useful and worthwhile experience. Candidate About the CESG Scheme CESG has developed a framework for certifying IA professionals who meet competency and skill requirements for specified roles. CESG is the UK Government s national technical authority for IA. We are working with them to deliver their certification scheme for IA professionals. The independent assessment APM Group can provide will help Government and industry recruit people with the right skills at the right level to the right jobs. IA professionals themselves will benefit by having a clearly defined career development path and through re-assessment, as skills and experience grow, the opportunity to progress. You can see the CESG certification framework at www.cesg.gov.uk. Who is the scheme for? The scheme is aimed at all professionals working in the IA field or looking to work in this area. The purpose of certification is to enable better matching between public and private sector requirements for IA specialists and the competencies of the staff or contractors undertaking common IA roles. Roles You can gain certification in one or more of the following roles: IA Accreditor IA Auditor Communications Security Officer/ Crypto Custodian IT Security Officer/Information Security System Manager/Information Security System Officer Security and Information Risk Advisor IA Architect Penetration Tester The certification scheme features three levels for each of these roles. The levels are Practitioner, Senior Practitioner, and Lead Practitioner. The Penetration Tester role features an additional Principal level. APM Group has developed a secure administrative system accredited by CESG on which to run the scheme. This means the entire APM Group application process is managed online. Robert Hanningan, Director GCHQ, said in his 2015 foreward to the republished 10 Steps to Cyber Security : In GCHQ we continue to see real threats to the UK on a daily basis; the scale and rate of these attacks shows little sign of abating. 3

Skills and Competencies The IA certification scheme has its origins in the Institute of Information Security Professionals (IISP) and Skills Framework for the Information Age (SFIA). Each of the roles listed overleaf can be assessed at 3 levels Practitioner, Senior Practitioner and Lead Practitioner. The lowest level is a team member, the middle level is a team leader and the top level is a strategic advisor working at Board level. The levels can be taken cumulatively but they are also independent of each other, enabling both junior and more experienced people to take the certification that is most appropriate to them. To be fully effective, IA practitioners need not only technical skills but also business awareness and people skills. These skills enable practitioners to exercise their technical skills in an efficient and effective way. Therefore, practitioners will be expected to demonstrate their skills in these areas, as specified by the SFIA attributes of responsibility: Autonomy, Influence, Complexity and Business Skills The SFIA level of professional skill expected is different for each level of certification: Practitioner: Responsibility Level 2 Assist Senior Practitioner: Responsibility Level 4 - Enable Principal: Responsibility Level 5 Ensure/Advise* Lead Practitioner: Responsibility Level 6 Initiate and Influence. For more information on SFIA, go to www.sfia.org.uk. *Penetration Tester role only 4

Assessment Process The APM Group s application system is hosted on a secure, standalone server which has been accredited by CESG for the purpose of this scheme. To apply, please go to. Our certification process for IA professionals is broken down into 5 steps: Application Submit personal details & supporting information. Supporting evidence of assignments should demonstrate the applicant has the required skills and competencies for the role and level applied for using the template provided by APM Group. Details of the specific roles and competencies can be found in the CESG certification framework. Applicants may apply for more than one role. Personal Evaluation Once the application has been reviewed and accepted by APMG, applicants and their referees will be required to complete the IA personal evaluation. This is a short questionnaire to evaluate the applicant s business and interpersonal skills, based on the SFIA framework. Technical Evaluation Applicants will need to complete the technical evaluation. This is a 12 question, multiple choice test to be completed in 15 minutes. The purpose of this is to evaluate the applicant s basic technical knowledge for the role being applied for. The applicant is required to indicate their confidence level in the answer they are giving. There is no pass or fail with the test and no exam certificate is issued the information from the test will be used by the assessor(s) as a foundation for the assessment interview. Assessment Interview The assessor(s) will review the application and the information gathered during the evaluations. The assessment interview will be conducted via telephone with one assessor at Practitioner level and two assessors at Senior and Lead Practitioner levels. If the nature of the applicant s work is sensitive and it is not possible to de-classify their information, we will arrange face-to-face interviews. Lead Practitioner applicants will need to deliver a brief presentation on one of the assignments detailed in their application, and the assessment interview will follow the presentation. Certification Following the assessment, the assessor(s) will advise applicants of the recommendation they will be making to the APM Group with regards to whether certification for the role and level applied for should be granted. If certification is awarded applicants will be informed in writing and a secure electronic certificate will be issued. Certification is valid for 3 years. It is expected that most applicants will be able to reduce the sensitivity of their work in order to submit the full application online and be interviewed via telephone. However, in exceptional cases where this is not possible, applications can be submitted via post and assessment interviews conducted face-to-face. All administrative and assessment staff involved with the scheme hold security check (SC) clearance as a minimum. 5

I believe this certification puts me on the same level as IA colleagues in the private sector. Candidate Assessment Process timing Timing of the assessment process How long your application takes depends on how quickly you (and your referees) proceed through the assessment process. To date, the quickest certification awarded has been in 10 working days. You may work as quickly or as slowly as you would like and APMG will not actively chase up any applications. Fees For the latest application fees, please visit. Re-validation There is a re-validation requirement which covers all roles for which certification is held and will take place 18 months after the date of certification. A small, one-off payment is applicable. CANDIDATE CANDIDATE Application started Application submitted Technical Evaluation (15mins) Personal Evaluation completed by applicant & referees (approx. 20 mins) Book assessment date Assessment interview APMG SLAs Reviewed by APMG in 3-5 working days Note that if a candidate s evidence does not support the application it may be returned for some remedial work and an additional review before it is accepted to the Evaluation stage The first interview date will be in 5 days time from the booking date. Interview slots are available from 7am to 7pm, 7 days a week APMG assessor submits assessment report (5 working days) APMG makes the certification decision (5 working days) APMG issues result notification (5 working days) APMG issues e-certificate (5 working days) The re-certification process Certification lasts three years, after which a reassessment will be carried out. Certified IA professionals will be required to provide: Details of at least one assignment/ work area for each role in which they have been certified that has been undertaken during the last three years; Details of up to four referees (but a minimum of two) at least one of which must be a client or line manager; Details of continuing professional development (CPD) over the previous three years which can be provided either through the APMG website or by other means (uploading a report from another system) as decided by the applicant; A current CV; A short presentation if any of the roles are certified at Lead level. The assessor(s) conducting the reassessment will contact one or more of the referees provided. 6

About APM Group APM Group has a long history of working with the Office of Government Commerce now part of The Cabinet Office to deliver its qualification schemes for project, programme and service management specialists. We are pleased to extend our relationship with the UK Government to CESG. The introduction of the IA certification scheme is timely and appropriate. It is our mission to help knowledge-based workers prove their knowledge and extend their skills. About CESG CESG, part of GCHQ, is the Government s National Technical Authority for IA. IA is the confidence that information systems will protect the information they handle, and will function as they need to, when they need to, under the control of legitimate users. In order to deliver this level of confidence, a significant number of IA consultants need to work with Government and industry to ensure staff are sufficiently educated. This will help ensure systems are designated with IA in mind and, once operational, the assurance of those systems is maintained. A cadre of professional and qualified IA experts is essential to ensure effective IA is delivered and in a cost effective way. If you would like to find out more about our IA scheme, please contact us: Email servicedesk@apmgroupltd.com Or call us on +44 (0) 1494 452450. To register for the scheme, visit Head Office: Sword House, Totteridge Road High Wycombe, Buckinghamshire, HP13 6DG, UK Tel: +44 (0) 1494 452 450 Fax: +44 (0) 1494 459 559 Email: servicedesk@apmgroupltd.com Web: www.apmgroupltd.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information