Picture of Ollie Ross
Ross: User consultation imperative

Ethical hackers come in for tighter regulation

Crest hope standard will become industry kitemark

Written by Tom Young

Computing, 22 Mar 2007

Quality standards are to be applied to organisations and individuals that offer security penetration testing services, to improve business confidence.

From 1 April, the Council for Registered Ethical Security Testers (Crest) will accredit ethical hackers who perform tests on company networks to see if they are vulnerable to security breaches.

Paul Vlissidis, a member of the Crest operational management committee, says standards are essential for an industry that requires such a high degree of trust.

‘This industry sector has no kitemark,’ he said. ‘Our customers need a bar to allow them to see who comes above it and who comes below it.’

Crest will assess firms and individuals using written and practical exams. Successful accreditations will last for three years before they need to be renewed.

‘Technology and the threat environment are evolving constantly, and our processes need to evolve with them,’ said Paul Docherty, operational management committee member at Crest.

Crest expects that the international nature of its corporate customers will result in the standard becoming internationally recognised within about a year.

Ollie Ross, head of research at The Corporate IT Forum, warns Crest should learn from the mistakes of other standards.

‘An initiative to provide an approved level of quality assurance should be encouraged,’ she said.

‘But the difficulty many users experienced with the recent launch of the Payments Cards Industry (PCI) data security standard demonstrates the need for increased user consultation.’

reader comments

related articles

Security accreditation on trial

The government is set to trial an IT security accreditation that it hopes will assure both the private and public sectors that software companies, which sell products such as antivirus software and firewalls, meet quality standards. 14 Oct 2004

 

Professional security accreditation moves closer

Standard should be in place within 3 years 18 Jan 2007

Bankers back security professionals’ accreditation

Institute of Information Security Professionals launched 02 Mar 2006

Management

Analysis: Experts discuss security in a recession

Benchmarking study highlights where firms are failing 27 Feb 2009

Security

VeriSign touts virtues of security 'green bar'

Extended Validation authentication programme ups site trust, claims company 03 Oct 2008

UK unveils world's first carbon budget

Offshore wind, carbon capture and green manufacturing are big winners as Chancellor vows to make UK the global leader in clean technology 22 Apr 2009

related whitepapers

today's top stories

Ecommerce

What does Windows 7 mean for Microsoft?

With the sting of Vista still fresh, Redmond has to make next Windows work 10 Jul 2009

Management

A smarter way to use BI

Getting the most from business intelligence systems requires not only careful management on the part of IT leaders, but also the committed involvement of decision-makers across the organisation 08 Jul 2009

Mainstream Matters

The truth behind the Google/Microsoft/NHS rumours

Before Monday 6 July, did you know that Google and Microsoft had services for storing health records? Thanks to an article in... 10 Jul 2009

Management

Quenching a thirst for IT modernisation

A substantial restructure at soft drink supplier Nichols -­ purveyor of Vimto - ­led the company to update its software to Sage 1000 to replace its in-house application. This resulted in the streamlining of the IT department and an opportunity to customise the system 08 Jul 2009

Management

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will Google Chrome OS be a genuine alternative to Windows?

Will Google Chrome OS be a genuine alternative to Windows?

Tell us your views on the new operating system rivalry

View poll results

> More polls

Latest audio and video articles

network cablesVideo

How to maximise the value of your IT networking investment

A panel of experts discuss networking strategies that deliver real value to business 03 Jul 2009

green footprintsVideo

How to manage enterprise energy use - and the role IT can play

A panel of experts explore how firms can get to grips with their carbon footprint and make smarter use of energy 01 Jul 2009

> More audio and video

Latest in-depth articles

Google ChromeAnalysis

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Satyam CEO CP GurnaniNews

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More in depth articles

Advertisement

Primary Navigation