A guide to cyber security certification and training

Cyber security is in demand from every organisation, but what training and certification is needed?

Cyber security is thought to have one of the biggest skills deficits. Despite lots of investment, from both the UK government and the private sector, the county is still short of specialists in various areas of cyber security.

Due to the continued effects of the COVID-19 pandemic, along with the looming threat of Brexit, the UK's skills base is expected to be disrupted going beyond 2020. RedSeal research suggests that 95% of CIOs and IT professionals felt the UK’s staggered withdrawal from the EU is contributing to the crisis, and time can only tell whether a full exit by the end of 2020 will exacerbate the situation.

However, often the best way to find talent is to upskill an existing workforce. While this can take more time, it does come with many benefits and can help to create a happier, more productive business. These are employees who are deeply familiar with the business culture and enjoy working for the company already.

Responsible for Information training

The government has realised how vital it is to get small businesses on board with cyber security training, noting that it is enthusiastic to help those working within all-sized public and private sector companies understand their data protection responsibilities.

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

As part of its initiative to get more people aware of cyber security, it's allowing all employees to partake in a free digital learning course covering everything they need to know about how to handle and protect data, both while in the office and working remotely. It advises what employees should look out for when identifying online threats, fraud and what an information asset owner is.

The two-hour course was developed for businesses working in the civil sector but is suitable for any organisation that would like its employees to have a basic understanding of cyber security. The content can be accessed from the Gov.uk website.

Training for HR, procurement and legal & accounting

The government has developed a series of in-depth training courses for both public sector and private businesses that need a little more intensive development. Its specialised security courses and training schemes are aimed at businesses in niche sectors, such as HR, procurement and legal and accounting to help those working in such industries understand how their job roles are affected by cyber security.

Just like the government's other schemes, they comprise modules designed to be completed in an employee's own time rather than at set intervals. However, they're not likely to take away from your leisure time, with each very quick to finish.

They may not provide as much detail as third party, fully-certified training courses, but they provide the background to many of the issues employees are coming up against and cover most bases for businesses without a big budget.

Certified Information Systems Auditor

ISACA's Certified Information Systems Auditor (CISA) certification is an IT professionals certification that aims to build upon an interest in information systems auditing, control and security.

Those obtaining the certification are recognised worldwide for their competencies to manage vulnerabilities and ensure compliance of systems. During the certification, they gain the knowledge, skills and experience to come up with security and compliance solutions to enterprises that require their organisation to be protected against cyber security threats.

Certified Information Security Manager

The Certified Information Security Manager (CISM) certification is also offered by ISACA. IT security professionals with this certificate can demonstrate their understanding of the relationship between an information security program and broader business goals and objectives.

It shows prospective employers the professional has not only information security expertise but also knowledge and experience in the development and management of an information security program.

Certified in Risk and Information Systems Control

The third ISACA qualification on our list, CRISC certified professionals can help enterprises understand business risk and have the technical knowledge to implement appropriate IS controls.

CRISC certified employees can build a better understanding of the impact of IT risk and how it relates to the overall organisation.

CompTIA Security+

This certification from CompTIA covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography.

Systems Security Certified Practitioner

The International Information Systems Security Certification Consortium, known as (ISC)2, offers the Systems Security Certified Practitioner (SSCP) certification is aimed at IT professionals with proven technical skills and practical security knowledge in hands-on operational IT roles.

It indicates a practitioner's technical ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Related Resource

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Certified Information Systems Security Professional

Another certification from (ISC)2, the Certified Information Systems Security Professional (CISSP) certification is great for professionals with proven deep technical and managerial competence, skills, experience and credibility to design, engineer, implement and manage their overall information security program to protect organisations from sophisticated attacks.

Certified Ethical Hacker 

There's even a qualification, certified by the International Council of Electronic Commerce Consultants (EC-Council), available to white hat hackers. Dubbed the Certified Ethical Hacker (CEH), recipients must demonstrate the capacity to identify weaknesses and vulnerabilities in target computer systems. White hat hackers and pen-testers alike have a crucial role to play in businesses' cyber security defences, and qualified individuals are often employed to probe target systems and test for any gaps that may emerge. 

Computer Hacking Forensic Investigator

Also organised by the EC-Council, the Computer Hacking Forensic Investigator (CHFI) certification validates professionals that have the skills to detect a hack and obtain the evidence needed to report the crime and prosecute the cyber criminal in a court of law.

The certification strives to stay vendor-neutral, and focuses on forensic analysis, proving a viable training pathway for those with a foot in the law enforcement door.

ISO 27001

The ISO 27001 certification (part of the wier ISO 27000 family) is an international standard that offers the procedures and practices for keeping an organisation's IT assets secure.

This certification predominately concerns information security, as opposed to explicitly being cyber security-oriented, and comprises the various systems, guidelines and certifications needed to help a business analyse its processes.  

Prior to ISO 27001 there were a host of separate services for handling all aspects of information security and managing risk, which naturally produced inefficiencies. The development of this standard in the 90s, however, meant the disparate processes could be brought under the umbrella of a single standard, with various components of a business managed in a single system.

ISO 27701

One of the most recent security certifications is the ISO 27701, which effectively serves as a privacy-based extension of the ISO 27001. The aim of this separate standard is to boost existing information security procedures with additional privacy-focused requirements.

This was only published in August 2019 and may form the basis for future GDPR standards given its preoccupation with systems that handle and protect the personal data that's processed as part of normal business functions. 

GDPR training

While not strictly cybersecurity-related, GDPR is the biggest overhaul of data protection legislation in the UK and EU for nearly 30 years. The guidelines are rigid and prospective penalties for non-compliance are high, up to 4% of global annual turnover, or 20 million, whichever is higher. This means while the ultimate responsibility may lie with the board, cybersecurity professionals should very much be aware of what is expected from them. After all, they are the ones who will be tasked with the day-to-day management of data protection.

One company offering GDPR training is Assuredata. The introductory courses, which are endorsed by both the Cloud Industry Forum and the Federation Against Software Theft (FAST), aim to raise awareness of GDPR requirements and remove confusion, particularly with regard to those in the cloud industry. More information can be found here.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
GitHub now supports security keys in a move away from passwords
Security

GitHub now supports security keys in a move away from passwords

12 May 2021
Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
US fuel pipeline hackers reveal their motive
ransomware

US fuel pipeline hackers reveal their motive

11 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021