CREST, the international not-for-profit membership body representing the global cyber security industry, announces Crowe Indonesia Teknologi, FORTBRIDGE, Grant Thornton Consulting CJSC, ITSEC Services Asia, LRQA Nettitude, Precursor Security, Ruptura InfoSecurity, and ValueMentor as the first service providers approved to the Dubai Cyber Force Program. 

The Dubai Cyber Force program is a new initiative launched in 2023 between CREST and the Dubai Electronic Security Center (DESC) that provides our members and qualified individuals greater access to the cyber security market in Dubai through engagement with the Dubai government, semi-government and critical information infrastructure (CII). 

CREST, CEO, Nick Benson said: “Congratulations to the first companies approved to Cyber Force who have had to demonstrate their skill, competence and commitment to protecting Dubai’s cyber security.

“CREST is delighted to continue our collaboration with the DESC and welcomes this very tangible step in building a strong Dubai cyber security market. The initiative is a key part of CREST’s mission to drive consistent international standards for the delivery of cyber services and provide greater assurance back to cyber-buying communities.”

The Dubai Cyber Force Program supports the DESC mandate to regulate cyber security services provided to Dubai’s government, semi-government, and CII organisations by the 31^st of July 2024. The program will initially focus on delivering Penetration Testing and Incident Response services. 

Dr Bushra Al Blooshi, Head of Research and Innovation, Dubai Electronic Security Center (DESC), said: “Our commitment at DESC to excellence aligns seamlessly with the Dubai Cyber Force Program, supporting Dubai Electronic Security Center’s (DESC) mandate in regulating cybersecurity services for government, semi-government, and Critical Information Infrastructure organisations.”

Are you interested in registering for the Cyber Force Program? 

For CREST Member companies 

If you are a CREST member company and would like to start registering your employees. In that case, you can submit a Skilled Person Account Registration application via the CREST Application Portal. 

If you need help accessing this or need assistance, please email DESC_enquiries@crest-approved.org. 

For organisations interested in becoming a CREST member company 

Visit the Membership section of our website to discover the benefits of becoming a CREST member and apply by emailing newmembers@crest-approved.org. 

For individuals 

If you are interested in taking a CREST exam as part of the Dubai Cyber Force program but do not work for a CREST member company, you can start the process by visiting our dedicated Cyber Force webpage to review the certifications in scope.  

For Dubai Government Agencies 

For Dubai Government agencies interested in understanding more about the program, contact DESC at cyberforce@desc.gov.ae. 

For more general information, please visit CREST’s dedicated webpage and FAQs. 

The post CREST International announces the first service providers approved for the Dubai Cyber Force Program appeared first on CREST.

CREST International has announced the formation of its new Cyber Leaders Forum within the UK.

We intend to create a group of regional representatives from vertical markets, connected with buying services in the cyber security industry. The role of the Cyber Leaders Forum is to:

• Reduce the asymmetry of information between buyers and providers of cyber services
• Help buyers better understand, access, and select cyber services
• Help cyber service providers better design and articulate their offer to meet buyers’ needs (which can vary in sophistication and type)
• Increase awareness in the buying community of the value of procuring CREST-accredited services

We need individuals who can help CREST develop our unique offering to the buying community. We want to make sure that the buying process is seamless, and that buyers can know who to trust.

Dave Allan, Chair of the CREST Cyber Leaders Forum UK said:

“Through this forum, we want to make the UK a safer place to do business and raise the barrier of entry for criminals and APTs to operate. I am passionate that CREST can use its platform to reduce cyber-harm in the UK by helping execs, managers, leaders, and other buyers easily identify approved expertise.

I believe that the CREST badge on a proposal or website should be a market differentiator and mark of excellence, giving assurance to buyers of security services that they are buying expertise that has been independently verified and assured.”

All interested candidates are encouraged to self-nominate, embodying the spirit of collaboration and expertise that the cyber security domain demands. You can access the nomination form via this dedicated web address at CREST UK Cyber Leaders Forum Nomination Form.

Those selected to join the forum will have the unique opportunity to influence policies, drive innovations, and enhance the overall cyber resilience of critical national infrastructure.

Join our cause to revolutionise the digital world and make it a safer, more secure place for everyone. Your contribution in forging this path forward is invaluable. Together, let’s create a better future for all.

The post CREST launches Cyber Leaders Forum UK appeared first on CREST.

Following the recent update to the CREST Registered Penetration Tester (CRT) exam and our dedication to enhancing and updating our exams, we are excited to share that, in 2024, we will be implementing significant changes to several exams under the penetration testing and simulated attack specialisms.

The changes will include:

• CREST Certified Infrastructure Tester (CCT INF)
• CREST Certified Web Applications Tester (CCT APP)
• CREST Certified Simulated Attack Specialist (CCSAS)
• CREST Certified Simulated Attack Manager (CCSAM)

The upcoming changes will ultimately improve the overall experience of CREST candidates. However, if you fall into one of the following categories, we encourage you to book and take the current exam as soon as possible to minimise the impact of the transition:

• You’ve taken the exam before and are due to renew in the next 6 months or so; or
• You are planning a re-take, having attempted the exam before; or
• You have been studying for the exam and are ready to take it.

We will be sharing detailed information on all the changes in early 2024 and on what this means to you, so stay tuned!

In the meantime, we wish you all a joyous festive season and a resounding success in the new year.

The post Our exams are getting a fresh new look in 2024 appeared first on CREST.

Released: 5 December 2023

The NCSC is launching a new Cyber Incident Exercising scheme today, giving organisations access to NCSC assured Exercising providers for the first time.

In August, the NCSC announced CREST and IASME as Delivery Partners for the scheme, to manage the assessment on behalf of the NCSC, and to onboard the assured exercising service providers.

With a number of Assured Service Providers now in place, the scheme is open for business. A list of service providers can be found on the Cyber Incident Exercising scheme page: https://www.ncsc.gov.uk/schemes/cyber-incident-exercising/find-a-provider.

The new CIE Scheme provides organisations with access to NCSC assured CIE service providers able to create bespoke, structured table-top or live-play cyber incident exercises.  It sits alongside the NCSC’s free and easy to use Exercise in A Box tool that allows testing of incident response against a host of generic cyber incident scenarios. Assured Cyber Incident Exercising companies will work alongside, challenge and help organisations to robustly practise their responses in a safe environment.

The scheme assures companies to deliver two types of cyber exercises:

• Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (in line with their organisation’s incident response plan) for a pre-agreed scenario.
  
• Live-Play – sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

The exercises are designed to simulate incidents which have a significant impact on a single client organisation. The scheme does not cover category 1 and category 2 incidents, as defined by the UK cyber incident categorisation system.

Speaking of the new scheme, NCSC Director of Operations Paul Chichester said: “I’ve often said the first time you try out your cyber incident response plan shouldn’t be on the day you are attacked. So, if you do only one thing on a regular basis, incident exercising should be it. That’s why I’m delighted that the NCSC’s Cyber Incident Exercising scheme is now open and buyers can use it to find trusted providers that can help prepare for when the worst happens. Exercising in a safe and supportive environment will allow all the relevant teams and individuals to properly understand their roles and maximise their effectiveness during an incident. In turn this will help to minimise harm and improve the resilience of both individual organisations and the UK as a whole.”

CREST Head of Accreditation, Jonathan Armstrong, said: “CREST is committed to ensuring the highest standards across the cyber security industry and to supporting buyers through the NCSC’s scheme. Using Assured Providers will ensure they are getting services from credible suppliers who meet both ours and NCSC’s high standards.”

Dr Emma Philpott MBE, CEO of IASME said, “We are thrilled to partner with NCSC to help deliver the Cyber Incident Exercising Scheme. Practicing what you would do in the event of a cyber security incident with the support of an experienced, expert team significantly enhances the resilience of any business. This initiative helps organisations of all sizes to identify the most suitable provider to work with, knowing that they are assured under the NCSC scheme.”

NOTES

How to find an NCSC Assured Cyber Incident Exercising  provider

You can find a list of NCSC Assured Cyber Incident Exercising providers via the scheme’s “Find a Provider” page or the main “Verify suppliers” search on the NCSC website.

Become an Assured Service Provider

If you offer exercising services and are interested in joining the new Cyber Incident Exercising scheme, visit the scheme’s “Information for Service Providers” page, where you can find the CIE scheme standard and details of the fee structure and how to apply on our delivery partners’ websites: CREST and IASME.

Working with industry to extend the reach of the NCSC

As the National Technical Authority for cyber security, the NCSC helps define best-practice standards. Through Industry Assurance schemes like the Cyber Incident Exercising scheme we assess industry services against the NCSC’s standards.

We currently have over 400 companies offering services on behalf of the NCSC.

For more information about the scheme and how to apply go to:

CREST: www.crest-approved.org/membership/ncsc-cyber-incident-exercising-scheme

IASME: http://iasme.co.uk/cyber-incident/

About NCSC

The National Cyber Security Centre (NCSC) is a UK Government organisation that provides advice and support for the public and private sector in how to avoid security threats from the internet. NCSC support the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public.

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence.

About IASME

IASME is a UK-wide organisation that breaks down barriers to accessing cyber security skills and expertise. With a network of more than 300 cyber security companies, IASME advise and certify organisations of all sizes in cyber security. IASME is the sole delivery partner for the UK Government’s Cyber Essentials scheme.

For more information contact: Allie Andrews, PRPR, alliea@prpr.co.uk

The post New NCSC Cyber Incident Exercising scheme opens for business appeared first on CREST.

Released: 29 November 2023

CREST, an international not-for-profit, membership body that promotes standards and best practices within the global cybersecurity industry, today pledges its support for the Accra Call for Cyber Resilient Development. 

CREST is taking part in the first Global Conference on Cyber Capacity Building, (GC3B), which begins today in Accra, Ghana. The conference is a first-of-its-kind gathering of leaders, decision-makers and experts working toward effective, sustainable and inclusive stewardship of international cooperation for cyber resilient development. 

The Accra Call for Cyber Resilient Development – launched today by the Minister for Communications and Digitalisation, Ms. Owusu-Ekuful, at GC3B – aligns with CREST’s goals of raising global cyber security standards and professionalism, heralding a new era of prioritising the measurement of effective cyber resilience funded through international and national development programs. 

The Accra Call aims to stimulate global action in terms of greater cyber resilience and promote cyber capacity building that supports broader development goals, effectively serving the needs and priorities of developing countries.  

Nick Benson, CEO of CREST, says: “As a signatory to the Accra Call, we are delighted to pledge our support for this excellent initiative, which builds on our work in lower income countries, underlining the need for global cooperation in the fight against cybercrime, and the need to create stronger cyber resilience.  

“By endorsing the Accra Call, we are committing to play our part in demand-driven, effective and sustainable cyber capacity building, by helping to close the cyber skills gap and supporting work to professionalise the cybersecurity community. We are also underlining our ability to provide robust, sustainable methods of measuring cyber capacity building through both company and individual quality assurance, and pledging to provide affordable and accessible services in developing countries.” 

To support the Accra Call’s objective of affordability, CREST is offering a 50% discount on membership for companies in lower income countries. Up to 75% discounted examination fees on its globally recognised CRT and CPSA qualifications are also currently available. 

The call lays out a set of non-binding, voluntary, direction-setting actions that will strengthen the role of cyber resilience as an enabler for sustainable development, advance demand-driven, effective, and sustainable cyber capacity building and foster stronger partnerships and better coordination. 

It will also serve to unlock financial resources and implementation modalities. 

Progress on the Accra Call will be reviewed every two years at future iterations of the GC3B. Between each conference, the Global Forum on Cyber Expertise (GFCE) will create a multistakeholder ‘Accra Call community’ bringing together all its endorsers and pledging organisations, to share their experiences from their pursuit of the Call’s actions and draw lessons to inform collective follow-up on the Accra Call.  

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognized accreditations for organizations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations center (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence.

The post CREST pledges support for the Accra Call for Cyber Resilient Development  appeared first on CREST.

Released: 15 November 2023

Today, at the SecureWorld.io NYC Cyber Security Conference, CREST International has announced the formation of its new Cyber Leaders Forum. This strategic initiative aims to help shape the trajectory and future direction of CREST in the Americas and further solidify its commitment to bolstering the cyber security supply chain.

To ensure as broad a representation from industry as possible, CREST International is inviting self-nominations on its website via the CREST Americas Cyber Leaders Forum Nomination from distinguished professionals associated with national critical infrastructure. This includes CEO, CIO, CISO, Directors, and regulatory personnel who are passionate about enhancing cyber resilience on a national scale.

Tom Brennan, Executive Director of CREST International, Americas, said, “The formation of this group is a testament to our commitment to ensuring a robust cyber security framework. Through this collaboration, we aim to foster a more secure ecosystem, backed by accredited businesses and certified professionals.”

The Cyber Leaders Forum will play a pivotal role in:

• Guiding and refining CREST’s strategic approach in the United States.

• Enhancing the standards and methodologies related to penetration testing, incident response, threat intelligence, and security operations centers.

• Collaborating on the best ways to address evolving cyber threats and challenges.

All interested candidates are encouraged to self-nominate, embodying the spirit of collaboration and expertise that the cyber security domain demands. Those selected to join the forum will have the unique opportunity to influence policies, drive innovations, and enhance the overall cyber resilience of critical national infrastructure.

For more details and to submit your self-nomination, please visit CREST International’s official website at CREST Americas Cyber Leaders Forum Nomination. Join us in forging a safer, more secure digital landscape for our nation.

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognized accreditations for organizations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations center (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence.

Notes to editors

If you would like to interview a CREST representative regarding the new CRT exam please contact, Allie Andrews, alliea@prpr.co.uk

The post CREST International Announces Launch of new Cyber Leaders Forum at SecureWorld.io NYC Cyber Security Conference appeared first on CREST.

New CRT exam now available for the first time in over 70 countries at over 1,000 Pearson VUE test centres.

To celebrate the launch of the new exam, CREST is offering 75% discount for anyone who works at a member company and 40% off for everyone else until 31 January 2024.

Exams must be booked by 29 February 2024 in order to take advantage of the promotional period and taken by 30 April 2024.

Released: 14 November 20234. Revised: 15 January 2024

CREST, an international not-for-profit, membership body representing the global cyber security industry, has today launched its new Registered Penetration Tester (CRT) certification globally. It is now available in over 70 countries and in over 1,000 Pearson VUE test centres, offering greater availability to anyone looking to enhance and develop their cyber security skills to industry standards.

Reflecting the ever-changing needs of the cyber security sector, CREST has also updated the CRT exam. CRT is an intermediate level exam that tests a candidate’s ability to carry out penetration testing tasks. It offers a greater depth of knowledge testing and introduces new content and sections that were not previously covered. Content now includes a wider range of topics – including Windows and Linux file permissions, processes and exploitations, mail and OS command injection and Web Application logic flaws, to name a few. CREST’s expert assessors updated and added the new content to the exam, and it has all been rigorously tested by them.

Nick Benson, CREST CEO, said: “CREST’s goal has always been to raise the quality and professionalism of cybersecurity practices, leading the way in penetration testing and vulnerability assessment as well as red teaming, incident response and threat intelligence. Our commitment to ensuring cybersecurity professionals adhere to rigorous ethical and technical standards is exemplified by the growing popularity and recognition of our CRT qualification internationally.”

CRT is one of CREST’s most popular exams, recognised by employers, buyers of cyber services and regulators alike across the world. It is mandated in many regions globally as the standard required and remains the technical exam aligned to NCSC’s CHECK Team Member in the UK. The new CRT retains the high standards and security expected of CREST exams to ensure it will continue to be a badge of honour for the individual and a demonstration of competence for employers and regulators.

CREST is offering the new CRT exam with a 75% discount for anyone who works at a member company and 40% off for everyone else. The launch promotional period runs from now until 31 January 2024. Candidates who wish to take advantage of this promotional period must book their new CRT exam by 29 February 2024 and have taken their exam by 30 April 2024.

Candidates still need to hold a valid CREST Practitioner Security Analyst (CPSA) certification before sitting the CRT exam. CREST’s CPSA exam is also available widely at Pearson VUE centres and is also discounted during the launch promotional period.

Andy Woolhead, CREST Head of Cyber Skills and Certifications, said: “We have fully refreshed the exam, retaining the high calibre that our member companies and exam candidates expect. We have gone to great lengths to ensure the quality of the new exam, with the support of our expert assessors and the broader CREST Community. The new CRT test is more evenly balanced across infrastructure and web and a larger skillset is tested. This is all part of our remit to fully support cyber security professionals everywhere in their ongoing professional development.

“CREST research has shown us that the quality of Pen Tests varies enormously and that the lack of defined standards complicates the landscape. The CRT exam has been designed to reflect current Pen Test practice and to accurately assess an individual’s knowledge, skills and experience. Available to take in over 70 countries, we are seeing more of a logical progression to standardisation across the sector – which can only be a good thing.”

CREST certifications ensure cyber professionals are qualified, ethical and capable. Offering CREST’s updated globally recognised CRT qualification more widely is an important step towards creating greater standardisation in the largely unregulated cyber security industry.

Pearson VUE is a well-known global computer-based testing (CBT) and assessment services provider which importantly provides physical proctoring to ensure the integrity of the exam. The new exam now features a virtual machine (VM) of tools accessible during the exam that candidates can familiarise themselves with as part of their preparation, rather than candidates bringing their own laptop.

CREST provides a recognised career path from entry into the industry through to experienced senior tester level. CREST works with a large number of technical information security providers who support and guide the development of its examination and career paths.

For more information and/or to book a CRT exam, please visit our dedicated webpage: https://www.crest-approved.org/skills-certifications-careers/crest-registered-penetration-tester/

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence.

Visit our new CRT web page: https://www.crest-approved.org/skills-certifications-careers/crest-registered-penetration-tester/

Notes to editors

If you would like to interview a CREST representative regarding the new CRT exam please contact, Allie Andrews, alliea@prpr.co.uk

The post New CREST Registered Penetration Tester (CRT) exam offered globally for the first time with up to 75% off until 31 January 2024   appeared first on CREST.

10 November 2023

Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globally.

Safeguarding your online identity and data has never been more critical. “World More Than A Password Day” is a global movement to emphasize the importance of stronger online authentication and to release essential password guidance for businesses and individuals.

The Urgent Need for Stronger Authentication

“World More Than A Password Day” is not merely to raise awareness but to serve as a call to action. With up to 80% of data breaches attributed to stolen or weak passwords, the time has come to elevate our defenses, embracing stronger authentication methods that go beyond mere passwords.

In a world facing a complex landscape of cyber threats, relying on static and easily compromised passwords no longer protects our digital lives. Almost 43% of companies do not use multi-factor authentication (MFA), and individuals lag even further behind, with only 2.6% of active Twitter accounts embracing MFA methods. While 53% of U.S. Small and Medium-sized Businesses (SMBs) report being ‘very aware’ of MFA and its security benefits, a surprising 49% still do not implement it. This is particularly concerning given that only 32% of SMBs require the use of MFA, showcasing a significant gap between awareness and implementation, according to the findings of a survey conducted by the Cyber Readiness Institute (CRI) in October 2023.

With so many elements of our lives now online, this status quo is alarming.

“Passwords are a weak link in the cybersecurity chain,” said Karen Evans, Managing Director of the CRI and Co-Chair of the World More Than A Password Day steering committee.  “World More Than A Password Day” is an opportunity to raise awareness of this issue and encourage people to adopt stronger authentication methods.”

Introducing Common Guidance on Passwords

In conjunction with the inaugural “World More Than A Password Day,” Nonprofit Cyber is pleased to release 

Protecting Your Accounts and Devices: Common Guidance on Passwords. These comprehensive recommendations  are designed to provide individuals and small businesses with accessible and actionable steps to enhance their online security. 

“Using stronger authentication is one of the most effective and inexpensive steps that can be taken to secure organizations and people online,” said Philip Reitinger, President of the Global Cyber Alliance and the co-chair of Nonprofit Cyber. “The purpose of issuing common guidance from many organizations is to increase the weight of the recommendations and to make clear that in substance, nearly every organization is recommending the same steps. There is little to no confusion about what actions to take, rather we need everyone to take those specific steps to protect everyone. The solution is not study, but action.”

The Common Guidance on Passwords has already been endorsed by 90 organizations worldwide. Signatories include nonprofit cybersecurity and privacy organizations, companies, intergovernmental organizations, and government organizations themselves. We urge others to sign up for and implement this guidance.

Key Highlights of the Common Guidance

• Use Password-Free Authentication: Opt for password-free (passwordless) authentication, such as passkeys. Passkeys are not only simpler to use but also more secure than traditional passwords.

• Secure Your Email Account: If using password authentication for email accounts, use a very strong password and multi-factor authentication.

• Add an Extra Layer of Security: Employ a hardware security key, authenticator app, or PIN via SMS as a “second factor” in addition to your password.

• Use a Password Manager: A password manager can help you create and store strong passwords for all of your online accounts.

• Use Recommended Techniques to Pick Passwords: Select strong and memorable passwords through techniques like passphrases or the “Three Random Words” method.

• If You Are Hacked: Promptly change passwords if any of your devices are compromised or if an online service you use is hacked. Avoid reusing passwords and consider subscribing to services like https://haveibeenpwned.com/.

Join the Global Movement

“World More Than A Password Day” is not merely an observance; it is a global movement. Individuals, organizations, and communities worldwide are encouraged to participate by taking actions that make protecting online accounts and devices more secure, such as raising awareness, regular membership or stakeholder communications, and implementing the use of stronger authentication methods.

This global effort spearheaded by Nonprofit Cyber aims to empower all individuals and small businesses to fortify their online security, contributing to a safer digital ecosystem for everyone.

Tom Brennan, Executive Director of CREST-Americas Region and Co-Chair of Nonprofit Cyber World More Than A Password Day steering committee said “Embracing multifactor authentication is a decisive step in safeguarding our assets. It’s an investment in a triad of security: enhancing processes, empowering people, and leveraging technology to fortify our organization’s future”. 

Join #MoreThanAPasswordDay, and together, let’s redefine online security for a safer digital world. 

Learn More

For detailed information on “World More Than A Password Day” and access to the “Common Guidance on Passwords,” please visit https://nonprofitcyber.org/common-guidance-on-passwords/. 

About Nonprofit Cyber

Nonprofit Cyber is a coalition of global nonprofit organizations formed to enhance joint action to improve cybersecurity. All coalition members are nonprofits that serve the public interest by developing, sharing, deploying, and increasing the awareness of cybersecurity best practices, tools, standards, and services.

Learn more at https://nonprofitcyber.org/. 

Media Contact

Ms. Kayle Giroud,  Global Cyber Alliance and Nonprofit Cyber Secretariat, kgiroud@globalcyberalliance.org 

The post Nonprofit Cyber Launches World More Than A Password Day appeared first on CREST.

7 November 2023

Center for Internet Security, Cloud Security Alliance, Cyber Threat Alliance, Global Anti Scam Alliance, Global Cyber Alliance, Global Resilience Federation, ISC2, Stott and May Consulting and The Security Institute join CREST to work together to build trust in the digital world.

CREST, the international not-for-profit, membership body representing the global cyber security industry, has announced its first nine Community Supporters, following the initiative’s launch in July. The CREST Community Supporter initiative gives organisations with a shared interest in raising standards in the global cyber security industry, a tangible way to support CREST in its mission to build capability, capacity, consistency and collaboration.

“I am thrilled to welcome our first nine Community Supporters” said Nick Benson, CREST CEO, “To meet the vast array of challenges facing the world of cyber we must join forces and be serious about open and effective collaboration. Developing relationships and formalising them through our supporter initiative is key to our mission and each of these fantastic organisations will play an important role in helping us build a globally resilient cyber security industry. 

“By combining the strengths of the cyber security service providers that make up the CREST membership with our new Community Supporters, the whole cyber ecosystem can be brought together to solve the most pressing and complex problems of the day.” 

The nine CREST Community Supporters joining the initiative are: 

• Center for Internet Security (CIS) – a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. CREST currently works with CIS to deliver the CIS Controls Accreditation. 
• Cloud Security Alliance – a global non-profit organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.  
• Cyber Threat Alliance (CTA) – a non-profit organisation that is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing. 
• Global Anti Scam Alliance (GASA) – an organisation dedicated to protecting consumers worldwide from scams, by raising awareness, enabling hands on tools and facilitating knowledge sharing.  
• Global Cyber Alliance – an international non-profit organisation dedicated to eradicating cyber risk and improving our connected world.  
• Global Resilience Federation – a nonprofit creator and operator of threat information sharing communities. It serves as a hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centres (ISACs), organizations (ISAOs), and computer emergency readiness/response teams (CERTs) 
• ISC2 – a world leading member organisation for cybersecurity professionals, driven by a vision of a safe and secure cyber world 
• Stott & May Consulting – specialists in both technology and neurodiversity consulting services. CREST is currently partnering with them on an innovative neurodiversity training programme 
• The Security Institute – launched in 1999 the organisation strives to promote the highest possible standards of integrity and professional competence in the security industry. 

The Community Supporter initiative was launched by CREST to collaborate with organisations and bodies who share CREST’s core values and mission in raising standards in cyber security across the globe.   

CREST Community Supporters believe and share in CREST’s goals and want to support the cyber security industry in a tangible way. There are three supporter levels – Silver, Gold, and Platinum – which offer a wide range of benefits including closer collaboration with CREST, promotional support, event discounts, CREST exam vouchers and more. If you are interested in learning more about the benefits of the CREST Community Supporter programme go to:  

https://www.crest-approved.org/about-us/crest-community-supporters/

or contact crestsupporter@crest-approved.org  

About CREST 

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence.  

For more information on CREST: www.crest-approved.org  

For media enquires contact: Allie Andrews, PRPR, allie@prpr.co.uk  

The post Organisations across the globe join CREST Community Supporter initiative appeared first on CREST.

26 September 2023

CREST and IASME are delighted to announce their partnership with the NCSC to help deliver its new Cyber Incident Exercising scheme. The NCSC (National Cyber Security Centre) has created the scheme to help organisations find high quality providers that can advise and support them to effectively practise their cyber incident response plan.

The benefits of exercise are clear, and this extends to practising a cyber incident response plan. While practise might not make perfect, it does build resilience. An organisation that rehearses their incident response plan is better placed to respond to cyber attacks and can get back up and running again quicker than those who don’t.

Organisations wishing to join the CIE scheme will be assessed against the NCSC CIE Standard. CREST and IASME will both manage the assessment, onboarding, monitoring and offboarding of providers assured under the Cyber Incident Exercising scheme on behalf of the NCSC. The organisations were selected for this role because they both meet the NCSC’s high standards and offer a choice for potential providers and different routes into the scheme.

Dr Emma Philpott MBE, CEO of IASME says, “We are really looking forward to working with companies of all sizes and in all areas of the UK to deliver this important scheme. We feel strongly about ensuring that the scheme is accessible for smaller cyber security companies to become assured providers and we encourage you to contact us to discuss becoming a provider if this is something that interests you.”

Rowland Johnson, President of CREST explains “We are delighted to be helping deliver this important new scheme for the NCSC by assessing and onboarding Assured Service Providers. With rising cyber attacks on enterprises of all types, effective cyber incident response is one of the most important parts of building cyber resilience. This will give all organisations who want to test their incident response, access to Assured Service Providers who can support them.”

The Cyber Incident Exercising scheme provides assurance of companies which deliver two types of cyber exercises to organisations that want to test their existing cyber incident response plans:  

Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (following their organisation’s incident response plan) in relation to a pre-agreed scenario. 

Live-Play – more in-depth sessions in which participants execute their roles and responsibilities to respond to events in a real world cyber scenario. Activities are tailored to the organisation and take place in close to real-time, providing a realistic simulation of a cyber event. Live play exercises are best suited to mature organisations looking for in-depth validation of plans. 

The scope of the CIE standard covers exercises designed to simulate incidents which have a significant impact on a single client organisation. It does not cover incidents spanning multiple organisations or Category 1 and Category 2 incidents as defined by the UK’s Cyber Attack categorisation system.

The new CIE scheme will launch officially later this year when exercising providers have been assured and on-boarded, ready to offer services.

Notes for editors

For more information from the NCSC go to CIE Scheme standard.

For more information about the scheme and how to apply go to:

iasme.co.uk/cyber-incident/

www.crest-approved.org/membership/ncsc-cyber-incident-exercising-scheme/

The first Assured Service Providers for the scheme will be available soon. They will be listed on the website of the relevant Delivery Partner and on the NCSC website once they are available.

About NCSC

The NCSC supports the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, we provide effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future. More specifically, the NCSC:

• understands cyber security, and distils this knowledge into practical guidance that we make available to all
• responds to cyber security incidents to reduce the harm they cause to organisations and the wider UK
• uses industry and academic expertise to nurture the UK’s cyber security capability
• reduces risks to the UK by securing public and private sector networks

About IASME

IASME is a UK-wide organisation that breaks down barriers to accessing cyber security skills and expertise. With a network of more than 300 cyber security companies, IASME advise and certify organisations of all sizes in cyber security. IASME is the sole delivery partner for the UK Government’s Cyber Essentials scheme.

About CREST

CREST is an international not-for-profit, membership body that represents the global cyber security industry. CREST has over 300 accredited member companies and certifies thousands of professionals across the globe. CREST is working with governments, regulators, academia, training partners, professional bodies and many other stakeholders to build and raise standards in the global cyber security industry.

For more information on CREST: www.crest-approved.org

For more information on CIE: cie@crest-approved.org

For media enquiries contact: Allie Andrews, allie.andrews@crest-approved.org

The post CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme appeared first on CREST.