IA Professionals – you are competent but are you certified?

IA in context: why professionalism in IA is part of the UK Government’s Cyber Security Strategy
By Richard Pharro, CEO, The APM Group
The UK Cyber Security Strategy, published in November 2011 by The Cabinet Office, states that one of the Government’s key objectives is to encourage, support and develop education for Information Assurance professionals.The report says, “In order to secure the vast economic and social benefits that cyberspace will offer the UK, we will transform our approach to cyber security.” It tasks the UK with having the cross cutting knowledge, skills and capability to underpin all our cyber security objectives in order to take advantage of the economic and social opportunities represented by cyberspace.

Together with the underlying research and development to keep producing innovative solutions, part of the strategy is to grow the cadre of cyber security professionals so that the UK continues to retain an edge in this area.  Improved IA Skills, knowledge and professionalism are therefore key objectives.

Meanwhile, the Government’s ICT strategy is to ensure its own critical data and systems are secure and resilient. It wants to work with industry to develop rigorous cyber security and IA standards.
It is driving up the skill level of information assurance and cyber security professionals
by establishing programmes to certify specialists by March 2012.

Announcing a New Certification Scheme for the IA Profession
CESG is the UK’s National Technical Authority for Information Assurance. It protects and promotes the vital interests of the UK by providing advice and assistance on the security of communications and electronic data. CESG delivers information assurance policy, services and advice needed by government departments to protect vital information.

CESG has now developed a framework for certifying Information Assurance Specialists who meet competency and skill requirements for specified IA roles. The origins of the new certification scheme are rooted in the principles of the Institute of Information Security Professionals (IISP) and the Skills Framework for the Information Age (SFIA). The purpose of certification is to enable better matching between public sector requirements for IA specialists and the competencies of staff or contractors undertaking common IA roles. The six roles are:
•    IA Accreditor
•    IA Auditor
•    Communications Security Officer/Crypto Custodian
•    IT Security Officer/Information Security System Manager/Information Security System Officer
•    Security and Information Risk Advisor
•    Security Architect
APM Group (APMG) is one of the organizations to be awarded the status of Certification Body (CB) by CESG to help develop the new certification scheme. The other organizations are BCS and IISP, which have their own assessment methods. The APMG scheme assesses competence at three levels: Practitioner, Senior Practitioner and Lead Practitioner. Assessment is done via peer review and interview. The entire APMG application process is managed and delivered online thanks to a secure administrative system which has been accredited by CESG.  The delivery method is based on best practice including the ISO 27000 series of international standards.
CLAS Consultants
CLAS consultants are members of the CESG listed advisors scheme. They will be required to gain -certification and to maintain it for the duration of their CLAS membership. 

All certifications are awarded for a period of up to 3 years with some form of check during the period of its validity to ensure continued professional and business development.  After 3 years there will be a re-assessment process.

Benefits for IA community
The certification process will give IA specialists the opportunity to have their competence to perform an IA role independently verified. The IA role definitions will also help people plan their professional development. The APM Group scheme will be fully operational in early 2012 following pilots.
We are not aware of anything like this scheme elsewhere in the world. With the huge talent and skill available within CESG and GCHQ, The UK should be justly proud of this initiative and hope it will improve the overall competence of information assurance and security in the world.
For further information, visit our website www.apmg-international.com/home/qualifications, email servicedesk@apmgroupltd.com, or call us on +44 (0) 1494 452450