InfoSec

Cabinet Office website
|

Main navigation

FAQs

Here are some Frequently Asked Questions about the Certificate and the Scheme.

How can I get the Certificate of Infosec Competency?

There are two paths to certification. The training path route is suitable for candidates who are a new to Information Security or have less than three years experience. The Waiver route is for a candidate who have more experience in Information Security and has more than three years or more experience in Information Security.

To complete the Training path route you need to:-

  1. Refer to the Infosec Competencies matrix. Select the Core Competency profile that most closely matches your role and develop Target Competencies based on these.
  2. Once these are agreed with your Supporter (someone who can mentor your progress and provide opportunities for you to achieve them) and accepted by the Scheme. They need to provide a letter to the scheme.
  3. You must register by 31st October 2008
  4. Attend an accredited induction course.
  5. Attend a practitioner course, ideally a few months later.
  6. You should complete some work experience that allows you to meet your Target Competencies.
  7. Report what you did either in an argued dissertation between 3,500 and a maximum of 5,000 words or competencies annex form if submitted by 31st December 2008.
  8. 8. If the project is completed after 31st December 2008 and before 28th February 2009 submit your evidence in the Competencies annex form

To complete the Waiver path (dissertation) route you need to:-

  1. Refer to the Infosec Competencies matrix. Select the Core Competency profile that most closely matches your role and develop core Competencies based on these. You need to show how you achieved these.
  2. Supply two referees’ letters to support your application to the scheme.
  3. Prove a minimum 3 years’ experience of implementing UK Government Infosec policy. This may exceptionally have been accumulated within the last 5 years. A current CV would be suitable
  4. If before 31December
    Provide an account of a recent piece of work (within at least twelve months), The Scheme is fairly flexible about how you make your submission: the key requirement is to supply proof of the length and breadth of your experience, and firm evidence that you understand and bring a pragmatic, risk management approach to implementing Government Infosec policy. This should be between 3.500 and 5,000 words in length and submitted. After 31st December this option will not be available.

To complete the Waiver path (Annex Waiver) route you need to:- 

  1. Supply two referees’ letters to support your application to the scheme.
  2. Prove a minimum 3 years’ experience of implementing UK Government Infosec policy. This may exceptionally have been accumulated within the last 5 years. A current CV would be suitable.
  3. Application form annex, giving a specific relevant example against each ITPC core competency to demonstrate how you have achieved it. The example should give a reasoned case of around 350–500 words indicating the situation, what you did, why and how you did it and what the outcome was. All examples must be within the last three years, and you may use the same project for more than one competency, although together they should show the breadth and depth of your experience in implementing UK Government Information Assurance policy.

Top

What are the entry requirements?

There are no prerequisites in terms of Infosec experience or qualifications. You must however have a basic (e.g. end-user) appreciation of information technology, hold UK Government BC and CTC (or equivalent) security clearances and be working in an organisation that implements central Government policy.

Top

What is the Certificate worth?

The Certificate says you are serious about doing your job, and have undertaken a structured development program to increase your competency. The qualification is recognised across UK Government Departments and agencies, its accredited contractor community, and all organisations that comply with UK Government Infosec policy. The syllabus covers the subjects of the British Computer Society ISEB Information Security Management Principles examination. The Certificate can be used as a stepping stone to further professional of academic qualifications: it is recognised as a valid component in an application to enter MSc programmes offered by the leading UK universities in this field. And it is recognised by relevant professional bodies: ISACA credits Certificate holders to one year's experience of their qualifying period for its CISA examination and award. (ISC)² credits Certificate holders with one year's experience of their qualifying period for its CISSP examination, and offers a discount from the fee for their recommended preparatory CBK Review course.

Top

What are Target Competencies?

Target Competencies are competency descriptions that reflect the work you do and the level of competence in Infosec that you need to achieve. Target Competencies are developed by you with your Supporter (usually your Line Manager), from a relevant Core Competency Profile within the matrix of Infosec Competencies. Like all competencies, your Target Competencies should be expressed in such a way that they can be observed or measured in some way. They must achievable, of course, but should also stretch your knowledge and skills, taking you to a higher level of competency than you currently have. A simple example: if the competency description on the Core Competency Profile states that you should be able to show you 'understand the vulnerabilities of an operating system' you may make your Target Competency one that asserts you will 'understand the vulnerabilities of Windows NT' one whatever operating system YOU work with.

Top

What subjects could my dissertation be about?

Your dissertation could be about almost any Infosec subject, within the context of implementing UK Government policy. It could be technical – such as configuring a system - strategic - such as developing or implementing an aspect of policy - or a mix of the two. It could be about actually doing some Infosec work, or about advising others how to do it - as a consultant or a trainer, for example. Above all, your dissertation should be about something you have actually done; a log book of your recent activities, to which you add some background and especially what options you were dealing with and your reasons for choosing one Infosec solution over another. Your dissertation does not need to be about some large scale project, nor does it need to be some kind of academic treatise. Remember that the Examiner is looking primarily for your understanding of Government Infosec policy and evidence that you have applied it at whatever level you work. Your dissertation must be submitted by 31st December 2008.

Top

Where can I get help with my dissertation?

We hope that, between these FAQs, the various downloadable documents and the Hints & Tips series, you will find the help you need. If not, the Scheme Secretariat are there to help too - you can contact us by e–mail.

Top

How much does it cost?

For all Certificate routes, there is a £95 Certification Fee that covers the administration costs of processing your Certificate Submission. The standard Certificate programme for the most versions of the Certificate costs around £2000: this is an approximate figure, relating to the charges for the two courses you must attend. Training providers charges will vary. There are of course no such fees for the waiver route to the Certificate, though the £95 Certification Fee still applies.

Top