Wednesday 07 Oct 2015 @ 15:20
CESG
Printable version

Certified Cyber Security Consultancy - Head Consultant interviews

CESG has completed defining and planning the assessment process for Certified Cyber Security Consultancy.  The following activities are now being progressed:

  • Publication of version 1.0 of the standard, application form, fee and benefits structure

  • Evaluate applications through a six-stage process, providing early feedback to applicants should their application not pass through to a subsequent stage; and

  • Given the volume of applications to date, conduct a large number of Head Consultant interviews in the end November/December period.

Version 1.0

Updating the document set to version 1.0 will signify that CESG expects the standard to be stable for a substantive period of time.

Whilst CESG is working on a final version of the application form, integrating feedback from current applicants, all companies who have applied under the existing ALPHA v0.2 will be processed under that standard and will not be required to re-submit a v1.0 application. Applications already submitted using the draft standard and application form will be evaluated and any material gaps in evidence addressed as normal business.

Fee/Benefits structure

The revised fee structure will be closely aligned to the existing prices, but updated to reflect the focus on the number of Head Consultants and service categories rather than consultancy team size. The benefits associated with membership will also be linked to that approach.

Evaluation of applications

CESG has developed a 6 stage assessment process covering company processes and procedures; professional skills; Consultancy Lifecycle process; case studies; subject matter expert review; and Head Consultant interviews. Applications must pass each assessment stage before moving to the next one.

Head Consultant interviews

All Head Consultants for each service offering will be interviewed by a panel comprising an appropriate CESG subject matter expert and a CESG business representative. For large and medium sized companies the interview is designed to assess the Head Consultants’ ability to use their knowledge, experience and skills to ensure that they, and their team, deliver high quality cyber security advice for customers. The interviews will also provide assurance that the company understands the key challenges across Government, Wider public sector and the CNI that CESG is exposed to.

For Head Consultants running their own single consultant company, the interview will assess how they engage with and collaborate with others to achieve customer outcomes.

CESG now plans to conduct a large number of Head Consultant interviews in late November or December to provide a critical mass of certified consultancies before the end of the year. This approach will meet the timescales for the Crown Commercial Services framework contract which is expected to commence in early 2016. CESG plans to revert to a regular cohort approach for Head Consultant interviews from January 2016 onwards.

CESG expects to have capacity in November/December to interview approximately half the expected final number of Head Consultants. Priority for interviews will be allocated to the early adopter companies who worked with CESG to help refine the certified consultancy scheme before its launch in June and the applications already received. Other applications will be prioritised on a first come first served basis.

 

Channel website: https://www.ncsc.gov.uk/

Share this article

Latest News from
CESG

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.

NCSC warns of enduring and significant threat to UK's critical infrastructure

16/11/2023 10:05:00

The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.