16
© IISP 2017 © IISP 2017 © IISP 2017 IISP Skills Framework and Membership Accreditation Pete Fischer F.Inst.ISP
© IISP 2017© IISP 2017© IISP 2017
IISP Skills Framework and Membership Accreditation
Pete Fischer F.Inst.ISP
© IISP 2017© IISP 2017
• Skills Framework introduced in 2006
• Major revision in 2015
– Wide consultation
– Conclusion – largely fit for purpose but some changes needed
• Issue 2.0 published for limited use in 2016
– Used in a Membership Accreditation pilot
– Ongoing pilot for in-house use by Corporate Members
• Issue 2.1 to be published in May 2017
IISP Skills Framework - Timeline
© IISP 2017© IISP 2017
• Move from 4 competency levels (1xKnowledge, 3xPractical Experience) to 6 (2xKnowledge, 4xPractical Experience)
• New Skill Group B1 – Threat Intelligence and Assessment, and Threat Modelling
• Expand C1 into 2 Skills – Enterprise (C1) and Technical Security Architecture (C2)
• Rename Security Discipline D as Assurance: Audit, Compliance and Testing, containing 4 Skills
• New Skill Group – Intrusion Detection and Analysis (F1); merge current F1 and F2 into a new Skill Group (F2) – Incident management, Investigation and Response
• J Skills reduced to 3 – Management, Leadership and Influence (J1), Business Skills (J2) and Communication and Knowledge Sharing (J3)
Main Changes in Issue 2.0
© IISP 2017© IISP 2017
• 2 Pilots using Issue 2.0
– IISP Membership
– Internal use by IISP Corporate Members (ongoing)
• Main feedback – confusion and overlap in definitions for Levels 1, 2 and 3
• Solution – Levels 1 and 2 relate to knowledge and understanding; change to Bloom’s Taxonomy terminology (links with Knowledge Framework)
Issue 2.1
© IISP 2017© IISP 2017
• Major revision using SF Issue 2.0
– Reduce the burden on applicants in completing application forms
– Retain the rigour of IISP professional membership standards;
– Simplify the assessment and interview processes;
– Enable a larger proportion of applications from specialist and academic candidates
Membership Accreditation
© IISP 2017© IISP 2017
Simplified process:
– 10 Skills in Groups A-I, plus J Skills Average + K3 (CPD)
– Minimum score in 10 Skills – 25(Associate), 35(Full)
– J Skills – Average 2 (Associate), 4 (Full)
– Broad Knowledge (CISSP, CISM, CISA, CRISC, CISMP)
Piloted with 20 applications which resulted in some minor changes to definitions, improved guidance and raising score levels
Membership Accreditation
S
© IISP 2017© IISP 2017
• Available to IISP members and partners within the web site member area
• Phasing out old accreditation process by June
• Available to non members during May via application
• Intellectual property protected by Creative Commons
(attribution, no derivatives, no commercial use)
• Will apply to all IISP related programmes as soon as possible
Now rolling out of the Framework
Helping organisations
Examples of how our corporate members are using the IISP Skills Framework to develop capability:
– Benchmarking teams to identify skills gaps
– Assist recruitment – structured interviewing
– Assist in staff retention – demonstrate investment in people
– Improve career development planning and create meaningful PDPs
– Improve use of training budgets and better understand needs
– Gain appropriate accreditation for individuals
– Demonstrate professionalism to clients / senior management
© IISP 2017© IISP 2017© IISP 2017
IISP Knowledge Framework
John Hughes F.Inst.ISP
© IISP 2017© IISP 2017
• We now have a shiny new Skills Framework
• But what next and why?
IISP Knowledge Framework – What Next?
© IISP 2017© IISP 2017
• Nothing really defines what many of the terms in the Skills Framework really means
• How can you assess individuals if you do not have a consistent view of IA?
• The industry has lots of “Bodies of Knowledge”, Standards (open, closed, de-facto etc) and advice:
– But which are “good”, relevant and perhaps authoritative?
IISP Knowledge Framework - Problems
© IISP 2017© IISP 2017
• So what do we need to do to answer these questions?
IISP Knowledge Framework – Question?
© IISP 2017© IISP 2017
• Produce a Knowledge Framework that expands the Skills Framework and provides context, plus:– Assist interviewers and assessors
– Provide topical access to the Cyber Security Body of Knowledge for Levels 1 and 2
– Promote a consistent view of Cyber Security and Information Security.
– Assist curriculum development and course accreditation
– Inform organisations and managers deciding which competencies and skills practising Cyber Security professional should possess
IISP Knowledge Framework - Answer
© IISP 2017© IISP 2017
IISP Knowledge Framework - Structure
Common
Terms
Knowledge Levels
Knowledge Areas
Hyperlinks
Abbrevs / Acronyms
Topical
AccessExternal Bodies of Knowledge, Standards etc
Cyber Security
Body of Knowledge
© IISP 2017© IISP 2017
• 1st Draft produced Early March ~ 160 pages
• Out for review
• All comments to be received by Easter
• Next version expected July/August
IISP Knowledge Framework - Timelines
© IISP 2017© IISP 2017
