New CESG initiative builds on IISP Skills Framework

As part of the UK Government’s investment in cyber security, a consortium comprising the IISP (Institute of Information Security Professionals), CREST (Council for Registered Ethical Security Testers) and Royal Holloway’s Information Security Group (ISG) has been appointed by CESG to provide certification for UK Government Information Assurance (IA) professionals. The consortium has been awarded a licence to issue the CESG Certified Professional Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the IA arm of GCHQ…The certification process is designed to increase levels of professionalism in Information Assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by world-renowned academics and security experts, the Framework has been adopted by GCHQ as the basis for its CESG Certified Professional specification.

Chris Ensor, Head of Profession for IA at CESG said: “This is a major step forward in professionalising key Information Assurance roles needed by the public sector. It is also an important development along the path of securing the UK against cyber attack and protecting government and individuals’ data. CESG looks forward to continuing close co-operation with the IISP, CREST and Royal Holloway in delivering this IA Certification Service.”

“We are delighted that this consortium has been approved as a certification body for government IA professionals, giving further recognition of our achievements in developing the critical security skills needed by both public and private sectors,” said Paul Dorey, the IISP’s Chairman Emeritus and Visiting Professor at RHUL. “Positioning the IISP Skills Framework at the centre of this new certification process further strengthens the drive for greater professionalism in the information security industry and puts IISP members at the forefront of this initiative,” added the current IISP Chairman, Alastair MacWillson, Global Managing Director of Security at Accenture.

“As the industry is maturing, both the public and private sectors need increased confidence that they have access to high quality people with specialist skills and competencies, working in trusted organisations,” said Ian Glover, president of CREST. “By bringing together the IISP, CREST and Royal Holloway, we have the framework, metrics and experience to create a professional industry structure that supports the IA buying community and encourages service providers to raise their game.”

Government employees or individuals providing services to government bodies will now be able to achieve practitioner, senior practitioner and lead practitioner status across six roles: security and information risk advisor, IA accreditor, IA security architect, IA auditor, IT security officer and communications security officer.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Using our existing processes, the IISP’s scheme for issuing the CESG Certified Professional Mark will be based on in-depth interviews by experienced assessors from IISP, CREST and Royal Holloway along with examinations for higher level qualifications. An initial pilot scheme will create a strong body of knowledge and practical experience to optimise the certification process.
For more information, please visit www.instisp.org

About the IISP
The IISP is a not-for-profit organisation that was established in 2006 as the professional institute for individuals and organisations for whom Information Security is a priority. Its purpose is to advance professionalism for information security professionals and the industry as a whole, and to act as an accreditation authority for the industry. Since 2007 the IISP has offered professional accreditation through its Associate and Full Membership levels, and also accredits individuals against the ITPC scheme, which was developed by CSIA.
www.instisp.org

About CREST
CREST is a not-for-profit organisation that provides globally recognised certifications for organisations and individuals providing penetration testing services. It has a strong relationship with government bodies such as CESG (The National Technical Sponsor for Information Assurance) along with CPNI the UK Centre for the Protection of the National Infrastructure, and NBISE, the National Board of Information Security Examiners in the US. For security testing companies, CREST provides a provable validation of security testing methodologies and practices; while for individuals, CREST offers an industry leading qualification and career path. CREST members are committed to supporting industry and career development via information sharing, training and conferences.
www.crest-approved.org

About the Information Security Group at Royal Holloway, University of London
Royal Holloway, University of London is one of the UK’s leading teaching and research university institutions, ranked in the top 20 for research in the 2008 Research Assessment Exercise.
One of the larger colleges of the University of London, Royal Holloway has a strong profile across the sciences, social sciences, arts and humanities. The Information Security Group (ISG) is one of the largest academic security groups in the world. It brings together in a single institution expertise in education, research and practice in the field of information security. The ISG offers an active research environment. It has a thriving PhD community, and offers world-leading masters degree programmes (campus-based and online), as well as postgraduate diploma programmes in information security.
www.rhul.ac.uk

Media Contact:
Peter Rennison / Allie Andrews
PRPR, Tel: + 44 (0)1442 245030
pr[at]prpr[dot]co.uk / allie[at]prpr[dot]co.uk

Distributed on behalf of PRPR by NeonDrum news distribution service (http://www.neondrum.com)

Leave a Comment

Latest Videos

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 8 hours ago

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

In this episode of the Forensic Focus podcast, Si and Desi explore the cutting-edge technology of deepfake videos and image manipulation. In addition to discussing the latest technological developments and efforts being made to detect manipulated media, they also examine the associated legal and ethical implications.

Show notes:

Boris Johnson image - https://www.theguardian.com/politics/2023/jan/10/spot-the-difference-boris-johnson-appears-scrubbed-from-photo-posted-by-grant-shapps

Deep Fake Neighbour Wars - https://m.imdb.com/title/tt21371376/

Stalin image - https://www.history.com/news/josef-stalin-great-purge-photo-retouching

Nvidia eye contact AI - https://www.polygon.com/23571376/nvidia-broadcast-eye-contact-ai and https://www.youtube.com/watch?v=xl87WTDrReo

Birthday problem - https://en.wikipedia.org/wiki/Birthday_problem

Same frightening woman in AI images - https://petapixel.com/2022/09/09/the-same-frightening-woman-keeps-appearing-in-ai-generated-images/

Inherent mysogeny of AI portraits - https://www.theguardian.com/us-news/2022/dec/09/lensa-ai-portraits-misogyny

Midjourney - https://www.midjourney.org/

Deepfake porn legality - https://www.theverge.com/2022/11/25/23477548/uk-deepfake-porn-illegal-offence-online-safety-bill-proposal and https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/

AIATSIS - https://aiatsis.gov.au/cultural-sensitivity

Fake tiger porn story - https://www.dailydot.com/unclick/tiger-porn-britain-law/

Group photo with no blinking - https://www.countrylife.co.uk/comment-opinion/curious-questions-group-photo-179102

Emma Watson deefake audio - https://www.thetimes.co.uk/article/ai-4chan-emma-watson-mein-kampf-elevenlabs-9wghsmt9c

Domestika - https://www.domestika.org/en/courses/981-introduction-to-interviewing-the-art-of-conversation

Investigative Interviewing - https://www.amazon.co.uk/dp/0199681899?ref=ppx_pop_mob_ap_share

Forensic Focus events calendar - https://www.forensicfocus.com/events/

Si Twitter - https://twitter.com/si_biles

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i41eg24YGZg

Deepfake Videos And Altered Images - A Challenge For Digital Forensics?

Forensic Focus 13th February 2023 10:30 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...