14 July 2017

The Institute of Information Security Professionals (IISP) has launched a new version of its Skills Framework, which it claims is widely accepted as the de facto standard for measuring the knowledge, experience and competency of information security and assurance professionals. 

The not-for-profit organisation says the 2017 version reflects the evolving threat landscape, new technologies and significant changes in cyber skill profiles and challenges. The latest framework includes new skills groups for: threat intelligence and assessment; threat modelling; cyber resilience; penetration testing; intrusion detection and analysis; incident management; and investigation and response. It also expands the roles of enterprise and technical security architecture, and redefines the skills profile for audit, compliance and testing. 

In addition, the IISP says the new framework puts more focus on management, leadership and influence, business skills and communication, and knowledge sharing. The four defined competency levels have also been expanded to six – two based on knowledge and four on measuring practical experience.

The National Audit Office has recently warned that a lack of skilled workers is hampering the fight against cyber crime. The ISSP believes its new framework will help on multiple levels, from raising the standards of professionalism and allowing companies to identify gaps in their experience and competency, to encouraging new talent into the industry and helping to educate students and train individuals.