IISP rolls out updated skills framework

The Institute of Information Security Professionals (IISP) has launched a new version of its Skills Framework, which is widely accepted as the de-facto standard for measuring the knowledge, experience and competency of information security and assurance professionals.

First introduced in 2006 and developed by world-renowned academics and security experts in collaboration with industry, government and universities, the IISP Skills Framework is used by the UK Government to underpin its Certified Professional Scheme and by organisations to develop and benchmark their own in-house capabilities. It is also fundamental to the development of training courses for UK university courses in information security, while The Tech Partnership will use the latest version as the foundation for Cyber Security apprenticeships and degree apprenticeships.

The changes to the 2017 Framework reflect the evolving threat landscape, new technologies and significant changes in cyber skill profiles and challenges.

The new Framework includes new skills groups for Threat Intelligence and Assessment, Threat Modelling, Cyber Resilience, Penetration Testing and Intrusion Detection and Analysis as well as Incident Management, Investigation and Response, while also expanding the roles of Enterprise and Technical Security Architecture and redefining the skills profile for Audit, Compliance and Testing. The IISP also puts more focus on Management, Leadership and Influence, Business Skills and Communication and Knowledge Sharing. The four defined competency levels have also been expanded to six – two based on knowledge and four on measuring practical experience.

 

Skills shortage

“With the rapid growth of cyber threats and attacks there is a significant shortage of high-calibre information security professionals and the UK’s National Audit Office warned recently that a lack of skilled workers is hampering the fight against cyber crime,” said Alastair MacWillson, chairman of the IISP.

“The Skills Framework helps on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals so they have the skills to address today’s ever-evolving cyber security challenges.”

“While the original IISP Skills Framework has stood the test of time well, these latest changes reflect the current threat landscape and the evolving needs of public and private sector organisations,” added Pete Fischer a Fellow of the IISP who led the Skills Framework review. “Unlike other certifications, it requires professionals to evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards. The new Framework also recognises the growing need for strategy, management and communications skills for some information security roles.”

The IISP Skills Framework will continue to underpin the Government’s Certified Professional scheme run by the NCSC (National Cyber Security Centre) for Information Assurance (IA) professionals, for which the IISP is also the leading certifying body.

Related reading