Public Services > Central Government

IISP updates skills framework with eye on evolving cyber threat

Neil Merrett Published 02 June 2017

Institute unveils revised agreement designed to better support government and the private sector with emerging challenges in securing and analysing systems


The Institute of Information Security Professionals (IISP) has unveiled an updated skills framework that it says can measure knowledge, experience and competency of information security and assurance staff for clients such as UK government agencies.

IISP chair Alastair MacWillson said the revamp of the framework comes at a time of rapid growth in cyber threats and a significant shortage in “high-calibre information security professionals” to help mitigate potential attacks.  These threats notably include the recent malware infection that compromised NHS systems around the UK.

“The UK's National Audit Office warned recently that a lack of skilled workers is hampering the fight against cyber crime,” MacWillson said.

“The skills framework helps on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals so they have the skills to address today’s ever-evolving cyber security challenges.”

The skills framework has been used by the UK government to underpin its own Certified Professional Scheme as well as a wider number of bodies looking to employ standards for their in-house security strategies.  At a wider educational level, the IISP has claimed the initiative is also a fundamental part of academic training and underpins UK university courses that are focused on information security.

The latest iteration of the framework is designed to better reflect the type of challenges and cyber threats facing organisations through the inclusion of new features such as new skills groups for cyber resilience, intrusion detection, analyses, as well as investigation and response functions.

 IISP claims that the framework also puts more focus on management, leadership, business skills and knowledge sharing.

Pete Fischer, an IISP Fellow who led the review of the skills framework, said the new approach was designed to cope with the evolving needs of public and private sector bodies.

“Unlike other certifications, it requires professionals to evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards,” he said. “The new framework also recognises the growing need for strategy, management and communications skills for some information security roles.”

The IISP added that the framework will continue to underpin the Government Certified Professional scheme run by the National Cyber Security Centre (NCSC).

Related articles:

Report queries government cyber security support awareness

CCS launches revised cyber security framework

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.