IISP Launches New Skills Framework for Information Security Professionals

Spread the love

31 May 2017: The not-for-profit, Institute of Information Security Professionals (IISP) has launched a new version of its Skills Framework, which is widely accepted as the de-facto standard for measuring the knowledge, experience and competency of information security and assurance professionals. First introduced in 2006 and developed by world-renowned academics and security experts in collaboration with industry, government and universities, the IISP Skills Framework is used by the UK Government to underpin its Certified Professional Scheme and by organisations to develop and benchmark their own in-house capabilities. It is also fundamental to the development of training courses and syllabi for UK university courses in information security, while The Tech Partnership will use the latest version as the foundation for Cyber Security apprenticeships and degree apprenticeships.

The changes to the 2017 Framework reflect the evolving threat landscape, new technologies and significant changes in cyber skill profiles and challenges. The new Framework includes new skills groups for Threat Intelligence and Assessment, Threat Modelling, Cyber Resilience, Penetration Testing and Intrusion Detection and Analysis as well as Incident Management, Investigation and Response, while also expanding the roles of Enterprise and Technical Security Architecture and redefining the skills profile for Audit, Compliance and Testing. The IISP also puts more focus on Management, Leadership and Influence, Business Skills and Communication and Knowledge Sharing. The four defined competency levels have also been expanded to six – two based on knowledge and four on measuring practical experience.



The IISP Skills Framework is the only competency-based assessment for information security professionals, setting it apart from knowledge-based qualifications. The IISP also uses the Framework itself to independently assess individuals via peer review and assess the quality of training courses for its Training Accreditation scheme. The IISP offers three levels of accredited individual membership; Associate, Full and Fellow.

The IISP has also revised the accreditation processes to simplify but maintain a high level of rigour and Version 2.1 is now published and available free through the IISP web site to members and to non-members on application, www.iisp.org

“With the rapid growth of cyber threats and attacks there is a significant shortage of high-calibre information security professionals and the UK’s National Audit Office warned recently that a lack of skilled workers is hampering the fight against cyber crime,” said Alastair MacWillson, chairman of the IISP.

“The Skills Framework helps on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals so they have the skills to address today’s ever-evolving cyber security challenges.”

“While the original IISP Skills Framework has stood the test of time well, these latest changes reflect the current threat landscape and the evolving needs of public and private sector organisations,” said Pete Fischer a Fellow of the IISP who led the Skills Framework review. “Unlike other certifications, it requires professionals to evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards. The new Framework also recognises the growing need for strategy, management and communications skills for some information security roles.”

The IISP Skills Framework will continue to underpin the Government’s Certified Professional scheme run by the NCSC (National Cyber Security Centre) for Information Assurance (IA) professionals, for which the IISP is also the leading certifying body.

The IISP will be on Stand A45 at Infosecurity Europe, June 6-8, London Olympia.

About the IISP
The Institute of Information Security Professionals (IISP) is a not-for-profit organisation, owned by its members, dedicated to raising the standard of professionalism in information security and the industry as a whole. The IISP does this through accrediting skills and competence, by sharing best practice and by providing a network of support and guidance on individual skill development. It speaks with an authoritative voice and its competency based memberships are widely recognised in the information security industry.

Working closely with the information security community, the IISP has a growing membership of over 2,800 individual members across private and government sectors, 45 Corporate Member Organisations and 20 Academic Partners.

At the heart of the Institute is the IISP Skills Framework ©2017 which is widely accepted as the de facto standard for measuring competency of information security professionals. The NCSC has taken this framework to underpin a range of certification schemes including the Certified Professional Scheme (CCP), for which the IISP is the leading certifying body and to develop syllabuses for Masters Degrees. The skills framework is used extensively by our corporate members to benchmark and develop capability of their employees. It also been adopted by e-Skills UK to develop a National Occupational Standard for Information Security. The IISP also accredits training courses offered by commercial training providers against the Institute’s Skills Framework. This enables attendees to build knowledge in areas of the skills framework where they might have gaps and to gain hands-on experience.

The IISP Skills Framework is protected by the Creative Commons Non-Commercial – No Derivatives (BY-NC-ND) license.

2017 Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals®, IISP®, A.Inst.ISP™, M.Inst.ISP®, F.Inst.ISP™ and various IISP graphic logos are trademarks owned by The Institute of Information Security Professionals and may be used only with express permission of the Institute.

More information about the IISP and its work can be found at www.iisp.org

For more media information, images or to arrange a briefing at Infosec, please contact:
Peter Rennison / Allie Andrews, PRPR
T: 01442 245030 E: pr@prpr.co.uk / allie@prpr.co.uk

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *