By | Nor Radziah Binti Jusoh & Nur Liyana Binti Zahid Safian
Global ACE Certification
Organizations are expected to keep their customers’ data safe and secure, but the growing shortage of qualified cybersecurity professionals is making it extremely tough to do so. The industry will need to look at new ways to cast a wider net if we are to grow the talent pool and attract career changes into the cybersecurity industry.
To alleviate the shortage of skilled professionals, CyberSecurity Malaysia (CSM), an agency under the Ministry of Communication and Multimedia Malaysia, decided to develop a professional certification for the cybersecurity sector. The Global ACE Certification is a holistic framework of cyber security professional certification that outlines the overall approach, independent assessments, impartiality of examinations, competencies of trainers, identification and classification of cyber security domains and the requirements of professional memberships.
It is a large-scale systematic plan of actions to certify and recognise cybersecurity workforce developed in collaboration with government agencies, industry partners and academia.
The establishment of the certification with international standards such as ISO/IEC 17024 on certification of persons, ISO/IEC 27001 on security management and ISO/IEC 9000 on quality management, is vital to:
- Assure workforce capability and experience;
- Secure and validate core skills, knowledge, attitude, and experience; and
- Assure trustworthiness, ethical conduct, and responsibility
The Global ACE Certification is aimed at enhancing the skill-sets of the cyber security workforce congruent with local and international requirements. Global ACE Certification Recognition Arrangement allows for mutual recognition of certified cyber security professionals, which creates value for the cyber security industry and participating countries.
This certification’s vision is to create a critical mass of qualified and competent workforce with shareable expertise across the country boundaries. The objectives of this certification are:
- To establish a professional certification programme that is recognized globally;
- To provide cyber security professionals with the right knowledge, skills, attitude (KSA) and experience;
- To promote the development of cyber security professional programmes globally; and
- To ensure accredited personnel has been independently assessed and committed to a consistent and high-quality service level
The core of this certification is the framework that provides a standard base and means of recognizing the “knowledge, skill and attitudes" of our cybersecurity workforce. The framework encompasses two broad categories:
1. The “Cyber Security Technical Competencies” - related to technical skills and knowledge required by a professional to conduct its task as a certified professional. The domains are:
- Digital Forensics
- Incident handling and response
- Security Assurance
- Cryptography
- Governance
- Risk
- Compliance
2. The“Cyber Security Generic Competencies” -
related to the necessary cyber security soft skill-sets in delivering service and consultation. The domains are:
- People skills domains:
- Leadership
- Mentoring & Coaching
- Diversity Management
- Communications
- Strategic Thinking
- Process skills domains:
- Change Management
- Organizational Management
- Information Management
- Financial Management
- Conflict Management
- Business acumen skills domains:
- Entrepreneurship
- ICT Literacy
- Customer Services
- Partnership & Coalition
- Innovation & Creation
At this moment there are five certification programs:
- CSAP (Certified Secured Applications Professional)
- CISAM (Certified Information Security Awareness Manager)
- CISMS (Certified Information Security Management System - Auditor )
- CDFFR (Certified Digital Forensics First Responder)
- CPT (Certified Penetration Tester)
To promote this certification throughout the country, CyberSecurity Malaysia participated in various events under the Malaysian government and commercial platforms. CyberSecurity Malaysia also participated in the World Summit on the Information Society Prizes (WSIS Prizes) 2020 to gain international recognition.
In September 2020, CyberSecurity Malaysia was named project winner through the Global Accredited Cybersecurity Education Scheme: Centre of Excellence for Capacity Building and Lifelong Learning. The prize was conferred under Category 5 – Action Line C5: ‘Building Confidence and Security in Use of ICTs’.
WSIS Forum 2020 is the world's largest ICT annual gathering of the ‘ICT for development’ community hosted by the International Telecommunication Union (ITU), and co- organized by ITU, UNESCO, United Nations Conference on Trade and Development (UNCTAD) and United Nations Development Programme (UNDP) in close collaboration with all WSIS Action Line Facilitators/Co-Facilitators.
Over 800 projects around the world submitted their entries for WSIS Prizes 2020 and 90 projects were selected as champions by WSIS multi- stakeholder community based on a total of 18 WSIS Action Lines. Under each Action Lines, one winner will be identified.
Out of 20 shortlisted projects under WSIS Prizes 2020 Action Line C5: Building Confidence and Security in Use of ICT, among the champions are Sri Lanka –‘NextGen Girls-Internet Security Ambassadors’; Oman – ‘Oman National Public Key Infrastructure’; Cuba – ‘Security Antivirus’ and China – ‘The Cloud-Linked Privacy Security Protection System and Public Welfare Services’.
The Global ACE Scheme COE builds a single converging platform for cybersecurity capacity building and lifelong learning within the region to allow individuals to develop capabilities at their own pace and permit continual enhancement through lifelong learning pathways.
Global ACE Certification is now recognized by the ITU and WSIS stakeholders. This is an acknowledgement of its effort to develop professional programmes and quality education courses as well as nurture effective cyber defenders.
In Malaysia, the Global ACE Certification certifies cybersecurity professionals at the national level. Credential holders are recognised by the Malaysia Board of Technologists (MBOT) through Malaysia Act 768 and the Department of Skills Development Malaysia through Malaysia Act 652 which also incorporated the Scheme's syllabuses for the relevant National Occupational Skills Standards (NOSS) development. About 60 percent of public universities have started aligning cybersecurity academic modules with the Global ACE Certification to incorporate professional credentials.
For further information, please visit: https://www.cybereducationscheme.org/web/ guest/certified-training-programme
or email training@cybersecurity.my.
References
1. h ttps://www.itu .in t/en /m yitu/ News/2020/09/04/15/50/2020-WSIS-Prizes- winners