Data and securityCyber SecurityIISP rolls out updated skills framework

IISP rolls out updated skills framework

The Institute of Information Security Professionals has launched a new version of its Skills Framework to reflect the evolving threat landscape

The Institute of Information Security Professionals (IISP) has launched a new version of its Skills Framework, which is widely accepted as the de-facto standard for measuring the knowledge, experience and competency of information security and assurance professionals.

First introduced in 2006 and developed by world-renowned academics and security experts in collaboration with industry, government and universities, the IISP Skills Framework is used by the UK Government to underpin its Certified Professional Scheme and by organisations to develop and benchmark their own in-house capabilities. It is also fundamental to the development of training courses for UK university courses in information security, while The Tech Partnership will use the latest version as the foundation for Cyber Security apprenticeships and degree apprenticeships.

The changes to the 2017 Framework reflect the evolving threat landscape, new technologies and significant changes in cyber skill profiles and challenges.

The new Framework includes new skills groups for Threat Intelligence and Assessment, Threat Modelling, Cyber Resilience, Penetration Testing and Intrusion Detection and Analysis as well as Incident Management, Investigation and Response, while also expanding the roles of Enterprise and Technical Security Architecture and redefining the skills profile for Audit, Compliance and Testing. The IISP also puts more focus on Management, Leadership and Influence, Business Skills and Communication and Knowledge Sharing. The four defined competency levels have also been expanded to six – two based on knowledge and four on measuring practical experience.

 

Skills shortage

“With the rapid growth of cyber threats and attacks there is a significant shortage of high-calibre information security professionals and the UK’s National Audit Office warned recently that a lack of skilled workers is hampering the fight against cyber crime,” said Alastair MacWillson, chairman of the IISP.

“The Skills Framework helps on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals so they have the skills to address today’s ever-evolving cyber security challenges.”

“While the original IISP Skills Framework has stood the test of time well, these latest changes reflect the current threat landscape and the evolving needs of public and private sector organisations,” added Pete Fischer a Fellow of the IISP who led the Skills Framework review. “Unlike other certifications, it requires professionals to evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards. The new Framework also recognises the growing need for strategy, management and communications skills for some information security roles.”

The IISP Skills Framework will continue to underpin the Government’s Certified Professional scheme run by the NCSC (National Cyber Security Centre) for Information Assurance (IA) professionals, for which the IISP is also the leading certifying body.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

2y Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

2y Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

2y Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

2y Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

2y Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

2y Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2y Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2y Jay Ashar