Tag Archives: CESG

CESG Certified Training rebranded as GCHQ Certified Training

CESG Certified Training (CCT) was established in November 2014 to deliver training which satisfies the high standards set by CESG, the information security arm of GCHQ. APMG International is announcing that the scheme has been rebranded as GCHQ Certified Training (GCT). Effective as of 1 January 2016, the name change has been enacted to drive market recognition of the scheme and improve access to professional and relevant cyber security training.

APMG is GCHQ’s independent certification body, responsible for ensuring that training providers meet GCHQ standards. GCT helps professionals and organisations navigate the increasingly saturated cyber training market, and quickly identify training courses that meet the highest standards in terms of both content and delivery.

GCT certifies high quality cyber security training and trainers and is based on the IISP Skills Framework. This includes training suitable for those aspiring to certification under the CESG Certified Professional (CCP) scheme. The criteria for GCT are also aligned with the standards GCHQ uses for the GCHQ Certified Cyber Security Master’s degrees.

SilverShadowCyberSecurityPage13

CCT has been rebranded as GCT in recognition that GCHQ is a more widely known brand and is already used to certify cyber security Master’s degrees while also recognising high quality cyber security research. The instantly recognisable brand of GCHQ will increase awareness of the scheme for those working within cyber security, ultimately improving the availability of – and access to – cyber security training that’s fit for purpose.

Building cyber skills

A GCHQ spokesperson told Risk UK:  “One of the biggest challenges for the UK in cyber space is developing enough skilled people. Vital to building cyber skills is having relevant and high quality cyber security training. GCHQ Certified Training helps to deliver that by providing confidence in cyber security training providers and the courses they offer.’’

Commenting on the name change, Richard Pharro (CEO of APMG) said: “GCHQ is widely recognised as the pre-eminent authority on cyber intelligence and data security, which is why we fully support changing the name of the scheme. By bringing CCT under the GCHQ banner, training providers that have certified against the scheme will benefit greatly from the rebranding. This move will make it easier for end users to better understand what the certification signifies: quality, assurance and security.”

Andrew Fitzmaurice, CEO of Templar Executives (one of the first training companies to have achieved CCT certification for its courses) added: “The rebranding to GCT is a positive step for training providers and clients alike. In a market with a plethora of products, the GCHQ brand immediately helps delegates recognise which training and trainers have been rigorously assessed to deliver the highest quality learning and development, in turn reflecting Best Practice in cyber security.”

Sarah Rudge, information assurance manager at Ofqual (the Office of Qualifications and Examinations Regulation), found that the GCT-certified course she recently attended to be of a high quality, confirming the scheme’s value in the market.

Rudge commented: “I cannot recommend highly enough the information risk management course from Ultima Risk Management, which has been certified under the GCT scheme. I found it to be the perfect mix of tuition and practical exercises. It was so refreshing to find a course which is so relevant and directly applicable to my work.”

Leave a comment

Filed under Risk UK News, Uncategorized

UK civilians and military personnel learn to defend against online attacks at cyber training camp

After two days of intense hands-on training and development, a new potential generation of UK cyber security defenders (including members of the public and military personnel) have been tested to see if they have what it takes to protect their country from online attacks.

Held at the Defence Academy in Shrivenham, the Cyber Security Challenge UK’s new cyber camp was delivered by a number of the UK’s most prestigious cyber defence companies to help attendees gain foundation skills and confidence to take their first steps into the cyber security profession.

The assessment on Friday 29 August was devised by cyber security operatives from GCHQ and witnessed brave candidates assemble a cyber team battling to overcome the threat of a cyber terrorist group, the Flag Day Associates, who have been staging a number of attacks in the UK over recent months.

The latest incident was reported by the central security team at Parliament Square, a large central London meeting and conferencing space known to host classified gatherings characterised by high secrecy and sensitivity. The team confirmed that the web-based application that controls their intelligent building management software had been targeted and successfully compromised.

The cyber students in action

The cyber students in action

Under the guidance of mentors from GCHQ and other industry experts, as well as previous Challenge candidates, the cyber camp recruits were assessed on their ability to run penetration testing as part of a full security assessment of the web application in order to identify the vulnerabilities that may have been exploited by the attackers.

To prepare them for this test, the cyber camp recruits were taken through two days of training administered by some of the country’s leading cyber security experts.

Content details of the cyber camp

The cyber camp programme was put together by the Challenge with the support of C3IA Solutions (who provide information risk management training and cyber security services for the MoD, the Government and industry) and included:

• Defence, aerospace and security expert QinetiQ introducing cyber camp attendees to the principles of risk assessment and management
• Forensic technology teams at PricewaterhouseCoopers running lessons on digital forensic analysis
• Introductions to business continuity management and security architecture provided by worldwide information security training and education company Infosec Skills (two further modules were completed online ahead of the cyber camp)
• Web application security testing instruction courtesy of cyber security services and solutions specialist IRM
• A module on vulnerability research from Raytheon, the technology and innovation leader specialising in defence and national security
• An interactive session on legal and ethical practice within cyber security delivered by the National Crime Agency

The final stage of the cyber camp witnessed candidates sitting their first professional qualification – the Certificate in Information Assurance Awareness (CIAA) – free of charge. This came courtesy of InfoSec Skills and its examination provider, the Global Certification Institute (GCI).

Cyber camp attendees who performed particularly well were granted places on the new CESG-accredited Cyber Scheme Team Member course.

Growing skills gap in cyber security

The Cyber Security Challenge UK began in 2010 as three competitions run by a small group of supporters from industry, Government and academia designed to address the growing skills gap in the UK cyber security profession.

Now in its fifth year, the Challenge has grown its range of competitions to better represent the variety of skills currently demanded within the profession and is backed by over 75 sponsors from across UK Government (including through its National Cyber Security Programme) as well as major names from industry and academia.

Challenging cyber attackers in among the tanks at Shrivenham

Challenging cyber attackers in among the tanks at Shrivenham

The cyber camps are a more recent addition to the Challenge competition programme. They sit alongside a variety of exciting virtual competitions and provide a first opportunity for candidates to begin crafting their skills.

Stephanie Daman, CEO of the Cyber Security Challenge UK, commented: “Last year’s inaugural cyber camps showed the demand from amateurs to be given the opportunity to break into this field. The camps afford everyday civilians the chance to see what it’s really like to work as a professional in this sector, and what’s involved in defending the UK from ever-growing cyber attacks.”

Daman added: “Talented individuals learn from the best in the industry and, by dint of receiving a qualification for their efforts, they’re provided with a genuine career-enhancing experience. This sector needs more people with talent and skills and all of those involved in this cyber camp will have enjoyed a truly unforgettable experience.”

Kevin Williams, head of partnerships at the National Crime Agency’s National Cyber Crime Unit, stated: “We are proud to be part of this year’s cyber security camp and help to inspire the next generation of specialists to think about a career in cyber security. Our officers tested the skills, technical ability, knowledge and understanding of the candidates to see whether they have what it takes to defend the UK and its citizens from cyber-related attacks. We look forward to continuing our support for the Cyber Security Challenge UK over the coming months.”

Virtual competitions and foundation modules

Terry Neal, CEO at InfoSec Skills, explained: “We’re delighted to support the Challenge through our virtual competitions and foundation modules in IA Governance and IA Architecture delivered during the cyber camp. We hope to inspire the next generation of cyber specialists and help to get them started on their career paths in Information Assurance.”

Charles White, CEO of IRM, said: “Watching the cyber camp recruits learn and compete while surrounded by the physical history of the British Armed Forces illustrates the extent to which the Internet has transformed our lives and how, as a society, we must respond to that change. Where once we had tanks and large armies to defend our nation, we now have skilled and tenacious individuals who thrive on a technical challenge – the UK’s Armed Forces for a Digital Age, if you like.”

On an equally serious note, White also commented: “At this time there is a severe deficit of qualified individuals who are capable of assessing and improving our cyber security defences. If our citizens, Government and businesses want to stay safe in cyber space while also continuing to reap the economic and social benefits it brings then more effort has to be invested in nurturing cyber security talent.”

Leave a comment

Filed under Risk UK News