GCHQ Certified Training and the IISP Skills Framework

GCHQ Certified Training courses are assessed against the Institute of Information Security Professionals (IISP) Skills Framework.

 

The Framework describes the range of competencies expected of Information Security and Information Assurance Professionals in the effective performance of their roles. It was developed through collaboration between both private and public sector organisations and world-renowned academics and security leaders.

The Framework defines the skills and capability expected of security professionals in practical application and not just an assessment of their knowledge. 

Source: www.iisp.gov.uk

Information Security Management

Governance

Information Security Awareness and Training

Legal and Regulatory Environment

IISP Principle

Capable of determining, establishing and maintaining appropriate governance of (including processes, roles, awareness strategies, legal environment and responsibilities), delivery of (including policies, standards and guidelines), and cost-effective solutions for (including impact of third parties) information security within a given organisation. 

Governance

example IISP skills:

Establishing frameworks to develop and maintain appropriate information security expertise within an organisation

Gaining management commitment and resources to support the governance structure

Incorporating physical, personnel and procedural issues into the overall security governance process

Relating an organisation’s business needs to their requirements for information security

Encouraging an information risk awareness culture within an organisation. For example, raising awareness of how the various forms of social engineering can be used to compromise information

Establishing frameworks for maintaining the security of information throughout its lifecycle

Information Security Awareness and Training

example IISP skills:

Identifying security awareness and training needs in line with security strategy, business needs and strategic direction​

Gaining management commitment and resources to support awareness and training in information security

Identifying the education and delivery mechanisms needed to grow staff in information security awareness and competence

Managing the development or delivery of information security awareness and training programmes

Legal and Regulatory Environment

example IISP skills:

Familiar with legal and regulatory requirements that could affect organisation security policies, and where to turn for specific detail as needed

Relating the legal and regulatory environment within which the business operates to the risk management and security strategy tasks

Ensuring security policies comply with all personal data protection laws and regulations relevant to the business

Ensuring security policies support compliance with corporate governance practices

Identifying where security can provide business advantage by addressing specific legal or regulatory needs

Information Risk Management

Risk Assessment

Risk Management

IISP Principle

Capable of articulating the different forms of threat to, and vulnerabilities of, a range of information systems (including industrial controls systems) and assets. Comprehending and managing the risks relating to information systems and assets.

Risk Assessment 

example IISP skills:

Identification of assets that require protection

Identification of relevant threats to the assets

Identification of exploitable vulnerabilities

Assessing the level of threat posed by potential threat agents

Producing an Information Security risk assessment

Determining the business impact of a risk being realised

Risk Management 

example IISP skills:

Developing information risk management strategies to reduce the risk

Including information risk management strategies in business risk processes

Gaining management commitment to the support of the information risk elements of business risk management.

Adapting the risk management strategy to address changes in the threat environment and in business risk

Selecting the most appropriate tools and techniques for auditing effectiveness of mitigation measures in place

Copyright © Lockcode Limited 2018

Registered in England 2004

Company No. 05078345

CCS_2935_Supplier_AW_300dpi.jpg