26 September 2017

The Institute of Information Security Professionals (IISP) has released its first Knowledge Framework.

It defines the knowledge infosec professionals need to do their jobs, and gives access to an up-to-date and wide-ranging body of knowledge that underpins cyber and information security.

“With a continuously shifting and evolving threat landscape, and the development of new technologies, practices and legislation, it is virtually impossible for any individual or organisation to stay informed and up-to-date,” says John Hughes, co-chair of the IISP Accreditation Committee and lead author of the Knowledge Framework.

The new framework provides an overview of knowledge areas with references to external documents and standards, combined with the competency and skill levels required for different job roles and functions, ranging from apprentice to expert.

It also includes definitions of common terms used in cyber and information security along with explanations of abbreviations and acronyms.

The Knowledge Framework expands on the IISP’s Skills Framework (see Network knowledge, Jun 2017 issue).

The institute says the combined frameworks allow professionals to have a consistent view of cyber and information security along with an established set of metrics. 

It adds that the Knowledge Framework can also be used for curriculum development, training plans and career paths, as organisations strive to improve their ability to defend against and respond to cyber attacks.

It is currently available free of charge to IISP members and will be made available to other organisations under licence.