Why did ACS develop a Cyber Security Certification?
With heightened awareness of the need to lift cyber resilience in Australia, an ACS Cyber Taskforce headed by Dr Jill Slay was established to review global cyber security frameworks and identify best practice professional benchmarks.
On September the 6th 2017, the Hon Dan Tehan MP, Minister Assisting the Prime Minister for Cyber Security launched an extension to the ACS Certified Professional and Certified Technologist schemes, recognizing the importance of Cyber Security to Australia’s growing digital economy.
Who can apply for certification?
All members of the ACS who are also working in a cyber Security based role are eligible to apply for certification. Members are assessed based on experience, education and related security based vendor certifications.
How much does it cost to be a CP (Cyber Security) or CT (Cyber Security)?
For non-‐members, a membership application for the ACS is $374 incl. of GST and then a Certification application is $346.50 incl. of GST is charged. For existing members (including current CP’s and CT's) the cost of the certification application is $346.50 incl. of GST.
Who was consulted from industry?
The Cyber Security Certification was developed with input and industry consultation including the Australian Taxation Office, PWC, Austrac, CREST, AISA & RSA.
What is required to become a Cyber Security Specialist?
Cyber Security Certification requires:
- That applicants work in a predominantly IT Security based job role
- Have worked in ICT for a minimum number of years based on Cyber CT/CP pathway
- For CP – an applicant must be able to demonstrate in-‐depth capability in four skills from the following list of level 5 (or higher) of the Skills Framework for the information Age (SFIA).
- IT Governance, Information Management, Information Security, Information Assurance, Business Risk Management, Penetration Testing, Security Administration, Programming/Software Development, Systems Software, Testing and Asset Management.
- For CT - an applicant must be able to demonstrate in-‐depth capability in four skills from the following list of level 3 (or higher) of the Skills Framework for the information Age (SFIA).
- Information Management, Information Security, Information Assurance, Business Risk Management, Systems Development Management, Asset Management, Change Management, Security Administration, Incident Management, Conformance Management.
- Demonstrates a breadth of ICT knowledge.
- Has an understanding of and commitment to the ACS Code of Professional Conduct.
How important are Certified Professionals?
Professional certification is the best risk mitigation strategy for business and it allows Australia’s ICT industry to maintain a high standard of professionalism.
Unlike vendor certifications ACS Certified Professionals are certified using the Skills Framework for the Information Age (SFIA) comprised of 97 key skills, within 6 key categories and 7 levels of competency.
This means that ACS certification uses specific core ICT functionalities, is vendor agnostic and utilises a range of validation techniques.
How does the ACS assess Certified Professionals?
Our certifications (CT and CP) are undertaken by assessors who chart degree claims of applicants against a list of accredited universities. This is ranked on an international scale according to the Australian Qualifications Framework (AQF) in a database hosted by Department of Education Employment & Workplace Relations (DEEWR).
In addition to university degrees or other recognized vendor qualifications, our Cyber CT and CP designations cannot be obtained by the applicant without also providing evidence of work experience at an appropriate skilled level with varying duration requirements, and demonstration of having met professional development criteria (according to the ACS points allocation scheme).
CP Cyber Security and alignment to our industry partners ISACA & ISC2
Vendor certifications from associations such as ISACA, organizations like (ISC)² as well as bodies like SANS, EC Council and CREST all offer Security Certifications.
One of the most well-known is the Certified Information Systems Security Professional (CISSP) from (ISC)² where candidates must possess a minimum of five years of direct full-‐time security work experience in two or more of the (ISC)² information security domains in order to be certified.
The Cyber Security Taskforce, along with other broader industry consultations, undertook an environmental scan on global security certifications.
The resulting security certifications environmental scan showed that certifications from ISACA and ISC2 shows equivalence for skills, qualifications and experience in the ACS Cyber Security Specialisms.
For Certified Technologist (Cyber Security) assessments -‐ the following two certifications are considered equivalence for skills, qualifications and experience:
- Systems Security Certified Practitioner (SSCP) from ISC²
- Certified Information Systems Auditor (CISA) from ISACA
For Certified Professional (Cyber Security) assessments - the following two certifications are considered equivalence for skills, qualifications and experience:
- Certified Information Systems Security Professional (CISSP) from ISC²
- Certified Secure Software Lifecycle Professional (CSSLP) from ISC²
- Certified Information Security Manager (CISM) from ISACA
ISACA and ISC2 certifications need to be current certifications, demonstrating their ongoing CPD at the time of submitting for ACS.
While obtaining any vendor certification is an accomplishment. A CISSP, CISA etc does not show or validate how you apply the knowledge that is related to the certification. You could have a CISSP but work in a purely technical role and a relatively low level of responsibility.
ACS certification supports these industry certifications by encompassing the knowledge, skills and attributes of an individual, assessing certifications and qualifications alongside work experience and communications skills benchmarked against 7 levels of responsibility.
How does a member apply for ACS Cyber Security?
If a member is not ACS Certified, members can apply at the ACS Certification landing page
The assessment portal is in the process of being updated to allow those members who are already CT/CP to be able to apply for a Cyber Security specialism. In the interim, any ACS Certified members who wish to apply for Cyber Security Certification should send an email to firstname.lastname@example.org to have their assessment initiated manually.
Can a member have two CP Certifications or two CT Certifications?
No. If a member upgrades their certification to the new ACS Cyber Security Certification their previously awarded CP or CT will be replaced by the new certification.
ACS Cyber Security Certification shows you have met the requirements of the CP or CT as well as the validation of 4 SFIA Skills related to Cyber Security in order to be awarded the new specialism.
In future, as ACS releases new specialisms (i.e Safety Critical Systems) members will be able to hold multiple specialisms but not a CP and a specialism(s).
Can an applicant nominate which skills they wish to be assessed against?
No. The assessor identifies the 3 or 4 listed skills as opposed to the applicant nominating them because many applicants will have a strong enough knowledge of SFIA to accurately nominate their skills. With years of experience in certification assessment, the assessors are best placed to identify the applicant’s skills.