IA Professionals – you are competent but are you certified?

IA in context: why professionalism in IA is part of the UK Government’s Cyber Security Strategy
By Richard Pharro, CEO, The APM Group


The UK Cyber Security Strategy, published in November 2011 by The Cabinet Office, states that one of the Government’s key objectives is to encourage, support and develop education for Information Assurance professionals.
The report says, “In order to secure the vast economic and social benefits that cyberspace will offer the UK, we will transform our approach to cyber security.” It tasks the UK with having the cross cutting knowledge, skills and capability to underpin all our cyber security objectives in order to take advantage of the economic and social opportunities represented by cyberspace. Together with the underlying research and development to keep producing innovative solutions, part of the strategy is to grow the cadre of cyber security professionals so that the UK continues to retain an edge in this area.  Improved IA Skills, knowledge and professionalism are therefore key objectives.

Meanwhile, the Government’s ICT strategy is to ensure its own critical data and systems are secure and resilient. It wants to work with industry to develop rigorous cyber security and IA standards. It is driving up the skill level of information assurance and cyber security professionals by establishing programmes to certify specialists by March 2012.

A New Certification Scheme for the IA Profession
CESG is the UK’s National Technical Authority for Information Assurance. It protects and promotes the vital interests of the UK by providing advice and assistance on the security of communications and electronic data. CESG delivers information assurance policy, services and advice needed by government departments to protect vital information.

CESG has now developed a framework for certifying Information Assurance Specialists who meet competency and skill requirements for specified IA roles.   The origins of the new certification scheme are rooted in the principles of the Institute of Information Security Professionals (IISP) and the Skills Framework for the Information Age (SFIA).. The purpose of certification is to enable better matching between public sector requirements for IA specialists and the competencies of staff or contractors undertaking common IA roles. The current roles in the scheme are:

  • IA Accreditor
  • IA Auditor
  • Communications Security Officer/Crypto Custodian
  • IT Security Officer/Information Security System Manager/Information Security System Officer
  • Security and Information Risk Advisor
  • IA Architect

APM Group (APMG) is one of the organizations to be awarded the status of Certification Body (CB) by CESG to help develop the new certification scheme. The APMG scheme assesses competence at  three levels- Practitioner, Senior Practitioner and Lead Practitioner. Assessment is done via peer review and interview. The entire APMG application process is managed and delivered online thanks to a secure administrative system which has been accredited by CESG.  The delivery method is based on best practice including the ISO 27000 series of international standards.

CLAS Consultants
CLAS consultants are members of the CESG Listed Advisors Scheme. They will be required to gain -certification and to maintain it for the duration of their CLAS membership. 

All certifications are awarded for a period of 3 years with some form of check during the period of its validity to ensure continued professional and business development.  After 3 years there will be a re-assessment process.

Benefits for IA community
The certification process gives IA specialists the opportunity to have their competence to perform an IA role independently verified.
We are not aware of anything like this scheme elsewhere in the world. With the huge talent and skill available within CESG and GCHQ, the UK should be justly proud of this initiative and hope it will improve the overall competence of information assurance and security in the world.

For further information, visit www.apmg-ia.com or email servicedesk@apmgroup.co.uk or call us on +44 (0) 1494 452450.

About The APM Group
The APM Group provides accreditation and certification services globally. We’ve been assessing and certifying professionals since 1993. Our experience has been brought to bear on the IA community and we have brought in a number of leading experts in the different roles of the CESG framework to advise on the assessment of IA practitioners. Our certification process will help organizations and individuals to improve their IA skills through independent assessment and ongoing development. We are accredited by UKAS for our work in Programme and Project Management and have a long history of working in partnership with the UK Government.