New CESG initiative builds on IISP Skills Framework

As part of the UK Government’s investment in cyber security, a consortium comprising the IISP (Institute of Information Security Professionals), CREST (Council for Registered Ethical Security Testers) and Royal Holloway’s Information Security Group (ISG) has been appointed by CESG to provide certification for UK Government Information Assurance (IA) professionals. The consortium has been awarded a licence to issue the CESG Certified Professional Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the IA arm of GCHQ…The certification process is designed to increase levels of professionalism in Information Assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by world-renowned academics and security experts, the Framework has been adopted by GCHQ as the basis for its CESG Certified Professional specification.

Chris Ensor, Head of Profession for IA at CESG said: “This is a major step forward in professionalising key Information Assurance roles needed by the public sector. It is also an important development along the path of securing the UK against cyber attack and protecting government and individuals’ data. CESG looks forward to continuing close co-operation with the IISP, CREST and Royal Holloway in delivering this IA Certification Service.”

“We are delighted that this consortium has been approved as a certification body for government IA professionals, giving further recognition of our achievements in developing the critical security skills needed by both public and private sectors,” said Paul Dorey, the IISP’s Chairman Emeritus and Visiting Professor at RHUL. “Positioning the IISP Skills Framework at the centre of this new certification process further strengthens the drive for greater professionalism in the information security industry and puts IISP members at the forefront of this initiative,” added the current IISP Chairman, Alastair MacWillson, Global Managing Director of Security at Accenture.

“As the industry is maturing, both the public and private sectors need increased confidence that they have access to high quality people with specialist skills and competencies, working in trusted organisations,” said Ian Glover, president of CREST. “By bringing together the IISP, CREST and Royal Holloway, we have the framework, metrics and experience to create a professional industry structure that supports the IA buying community and encourages service providers to raise their game.”

Government employees or individuals providing services to government bodies will now be able to achieve practitioner, senior practitioner and lead practitioner status across six roles: security and information risk advisor, IA accreditor, IA security architect, IA auditor, IT security officer and communications security officer.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

Using our existing processes, the IISP’s scheme for issuing the CESG Certified Professional Mark will be based on in-depth interviews by experienced assessors from IISP, CREST and Royal Holloway along with examinations for higher level qualifications. An initial pilot scheme will create a strong body of knowledge and practical experience to optimise the certification process.
For more information, please visit

About the IISP
The IISP is a not-for-profit organisation that was established in 2006 as the professional institute for individuals and organisations for whom Information Security is a priority. Its purpose is to advance professionalism for information security professionals and the industry as a whole, and to act as an accreditation authority for the industry. Since 2007 the IISP has offered professional accreditation through its Associate and Full Membership levels, and also accredits individuals against the ITPC scheme, which was developed by CSIA.

CREST is a not-for-profit organisation that provides globally recognised certifications for organisations and individuals providing penetration testing services. It has a strong relationship with government bodies such as CESG (The National Technical Sponsor for Information Assurance) along with CPNI the UK Centre for the Protection of the National Infrastructure, and NBISE, the National Board of Information Security Examiners in the US. For security testing companies, CREST provides a provable validation of security testing methodologies and practices; while for individuals, CREST offers an industry leading qualification and career path. CREST members are committed to supporting industry and career development via information sharing, training and conferences.

About the Information Security Group at Royal Holloway, University of London
Royal Holloway, University of London is one of the UK’s leading teaching and research university institutions, ranked in the top 20 for research in the 2008 Research Assessment Exercise.
One of the larger colleges of the University of London, Royal Holloway has a strong profile across the sciences, social sciences, arts and humanities. The Information Security Group (ISG) is one of the largest academic security groups in the world. It brings together in a single institution expertise in education, research and practice in the field of information security. The ISG offers an active research environment. It has a thriving PhD community, and offers world-leading masters degree programmes (campus-based and online), as well as postgraduate diploma programmes in information security.

Media Contact:
Peter Rennison / Allie Andrews
PRPR, Tel: + 44 (0)1442 245030
pr[at]prpr[dot] / allie[at]prpr[dot]

Distributed on behalf of PRPR by NeonDrum news distribution service (

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles