/>
X
Innovation

GCHQ tech arm adopts IISP competency framework

The information assurance arm of GCHQ is to use a framework developed by security organisation IISP to test the competency of public sector IT security professionals.The Institute of Information Security Professionals (IISP) announced on Thursday that CESG has adopted its IISP Skills Framework, which has tests for 32 skills groups.
Written by Tom Espiner, Contributor on

The information assurance arm of GCHQ is to use a framework developed by security organisation IISP to test the competency of public sector IT security professionals.

The Institute of Information Security Professionals (IISP) announced on Thursday that CESG has adopted its IISP Skills Framework, which has tests for 32 skills groups. The framework will be used to test security professionals across the public sector.

"It's a comprehensive framework," IISP chair Paul Dorey told ZDNet UK on Thursday. "This is not a measure of knowledge, it's a competency framework that tests the ability to apply knowledge."

Dorey said that security qualifications were not proof that security professionals are competent.

"You can no longer be a self-declared security professional," said Dorey. "You need to explain how you are competent."

In the test, security professionals have to provide instances of situations which demonstrate they possess certain skills. Two security peers then interview the professional to gauge competency.

There are simply not enough security professionals in the public and private sectors to go around, said Dorey.

"The pool is very small and not sufficient for current or future requirements," said Dorey. "The standard approach is musical chairs – looking at another organisation and saying 'Can we recruit their staff?'. This is clearly not sustainable."

Editorial standards