Data and securityCyber SecurityIISP rolls out updated skills framework

IISP rolls out updated skills framework

The Institute of Information Security Professionals has launched a new version of its Skills Framework to reflect the evolving threat landscape

The Institute of Information Security Professionals (IISP) has launched a new version of its Skills Framework, which is widely accepted as the de-facto standard for measuring the knowledge, experience and competency of information security and assurance professionals.

First introduced in 2006 and developed by world-renowned academics and security experts in collaboration with industry, government and universities, the IISP Skills Framework is used by the UK Government to underpin its Certified Professional Scheme and by organisations to develop and benchmark their own in-house capabilities. It is also fundamental to the development of training courses for UK university courses in information security, while The Tech Partnership will use the latest version as the foundation for Cyber Security apprenticeships and degree apprenticeships.

The changes to the 2017 Framework reflect the evolving threat landscape, new technologies and significant changes in cyber skill profiles and challenges.

The new Framework includes new skills groups for Threat Intelligence and Assessment, Threat Modelling, Cyber Resilience, Penetration Testing and Intrusion Detection and Analysis as well as Incident Management, Investigation and Response, while also expanding the roles of Enterprise and Technical Security Architecture and redefining the skills profile for Audit, Compliance and Testing. The IISP also puts more focus on Management, Leadership and Influence, Business Skills and Communication and Knowledge Sharing. The four defined competency levels have also been expanded to six – two based on knowledge and four on measuring practical experience.

 

Skills shortage

“With the rapid growth of cyber threats and attacks there is a significant shortage of high-calibre information security professionals and the UK’s National Audit Office warned recently that a lack of skilled workers is hampering the fight against cyber crime,” said Alastair MacWillson, chairman of the IISP.

“The Skills Framework helps on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals so they have the skills to address today’s ever-evolving cyber security challenges.”

“While the original IISP Skills Framework has stood the test of time well, these latest changes reflect the current threat landscape and the evolving needs of public and private sector organisations,” added Pete Fischer a Fellow of the IISP who led the Skills Framework review. “Unlike other certifications, it requires professionals to evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards. The new Framework also recognises the growing need for strategy, management and communications skills for some information security roles.”

The IISP Skills Framework will continue to underpin the Government’s Certified Professional scheme run by the NCSC (National Cyber Security Centre) for Information Assurance (IA) professionals, for which the IISP is also the leading certifying body.

Related Articles

Secure in the cloud

Cloud Computing Secure in the cloud

2h Guest Writer
Six top security and risk management trends revealed

Cyber Security Six top security and risk management trends revealed

1w Austin Clark
DDoS Defence Demands a Hybrid Approach

Cyber Security DDoS Defence Demands a Hybrid Approach

2w Guest Writer
NHS Digital joins forces with IBM to beef up NHS cyber security

Cyber Security NHS Digital joins forces with IBM to beef up NHS cyber security

2w Austin Clark
HMRC storing voice ID data 'without consent'

Cyber Security HMRC storing voice ID data 'without consent'

3w Austin Clark
Government’s rapid cloud adoption lacks security (Infographic)

Cloud Computing Government’s rapid cloud adoption lacks security (Infographic)

1m Austin Clark
Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

Cyber Security Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

1m Guest Writer
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

2m Guest Writer