The UK Cyber Security Council and security professional association ISACA are to partner on a new audit and assurance scheme for security professionals, as the council’s work programme continues to widen its scope.
Announced at ISACA’s London Chapter annual conference, the programme will see ISACA serve as the awarding body for audit and assurance professional titles. With more than 170,000 members worldwide, ISACA is behind globally recognised security credentials such as the Certified Information Systems Auditor and Security Manager (CISA and CISM).
The UK Cyber Security Council has previously run two pilots in cyber security governance and risk management, and secure system architecture and design. It plans to launch a further pilot, covering security testing, later in 2023. Ultimately, it hopes to introduce a universally recognised professional standard across the UK cyber sector.
The partnership is described as crossing the boundaries of the security and audit professions, bringing together ISACA’s know-how in these domains and the council’s unique UK-specific knowledge.
“We are very proud to be partnering with ISACA on our new audit and assurance programme, which is another step towards our goal of helping cyber professionals gain the recognition they deserve and enabling businesses to make informed choices around cyber recruitment,” said Simon Hepburn, CEO of the UK Cyber Security Council.
“The UK Cyber Security Council and ISACA will also be launching a podcast series which will explore the council, partners and cyber professionals’ journey toward standardising the cyber profession. The podcast will draw on the expertise of the sector and explain the various steps taken and challenges faced when standardising audit and assurance.”
ISACA chief global strategy officer Chris Dimitriadis added: “ISACA is pleased to work with the UK Cyber Security Council to develop a next-generation cyber security audit standard for the UK. ISACA provides global good practices in the digital trust domains of cyber security, audit, privacy, risk and governance of digital technology.
“As part of the Cyber Strategy 2022’s emphasis on building a world-class UK cyber ecosystem, ISACA continues to support measures to meet the UK’s technical skills and capability gaps, as well as ensuring a diverse cyber profession is enacted across the nation.”
Writing in Computer Weekly last year, Hepburn said the security industry faced an annual shortfall of over 14,000 people in the UK, and that in addressing this the sector could benefit from aligned professional standards and a chartered model, especially if it is to adequately confront ongoing, elevated levels of cyber threat.
There is also a need to help define the various roles and disciplines that exist within the cyber security profession, but are not always holistically understood, said Hepburn.
In addition, he wrote, such a programme could also go some way to addressing the security profession’s deep-seated diversity problem.
Ultimately, the UK Cyber Security Council plans to award accreditations on three levels – associate, principal and chartered – against its professional standard, providing security practitioners with an independent seal of approval, and allowing organisations engaging or recruiting security professionals to do so with confidence.
More information about the final standard will be made available later this year.