Tag Archive for: CREST

CREST introduces global initiative to boost cyber security standards


The international cyber security arena is set to be bolstered by an open collaboration and partnership initiative, introduced by CREST, the not-for-profit, industry representative body. The initiative, aptly named the CREST Community Supporter, aims to rally various organisations toward making a tangible contribution in improving the global cyber security industry standard. Its launch in July has resulted in the enrolment of the initiative’s inaugural nine Community Supporters.

The Centre for Internet Security (CIS), Cloud Security Alliance, Cyber Threat Alliance, Global Anti Scam Alliance, Global Cyber Alliance, Global Resilience Federation, ISC2, Stott and May Consulting, and The Security Institute have joined forces with CREST for this ambitious project. Their collective mission will be to foster capability development, capacity building, and consistent collaboration—an initiative aimed at enhancing trust and resilience within the digital landscape.

CREST CEO, Nick Benson, emphasised the role of collaboration in tackling the diverse challenges plaguing the cyber landscape. He said, “I am thrilled to welcome our first nine Community Supporters. To meet the vast array of challenges facing the world of cyber we must join forces and be serious about open and effective collaboration. Developing relationships and formalising them through our supporter initiative is key to our mission, and each of these fantastic organisations will play an important role in helping us build a globally resilient cyber security industry.”

It is expected that merging the strengths of the CREST membership—made up of cyber security service providers—and the newly inducted Community Supporters will promote a unified effort. This collaboration aims to address the pressing and complicated digital issues currently plaguing the globe.

The CREST Community Supporter initiative was launched to foster partnerships with bodies and organisations committed to raising global cyber security standards in alignment with CREST’s core mission and values. Becoming a Community Supporter offers many perks, such as deepened collaboration with CREST, marketing support, discounted event entry, and more….

Source…

Center for Internet Security, CREST Join Forces to Secure Organizations Globally


EAST GREENBUSH, N.Y., June 28, 2023 — The Center for Internet Security, Inc. (CIS®) today announced the launch of a joint initiative with CREST, an international not-for-profit accreditation and certification body, to help advance security and resilience to achieve better global cybersecurity.

As cyber threats continue to escalate to unprecedented levels globally, CIS and CREST are launching the CIS Controls Accreditation program to provide organizations a way to show customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Critical Security Controls (CIS Controls) underpinned by the rigorous standards of CREST accreditation.

Establishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies. CIS Controls Accreditation is an exclusive opportunity for CIS SecureSuite Members (Controls, Consulting & Services, and Product Vendor) and CREST Members to offer consulting services to end user organizations who wish to demonstrate that their implementation of security best practices is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity. 

“The ability to digest all the data and controls from various devices and systems is essential in this massive shift to evidencing security,” said Tom Brennan, Executive Director, CREST Americas Region. “Together, CIS Controls and CREST accreditations give our joint members an accelerated path to meet risk and compliance requirements in addition to providing a methodology for continuously monitoring their security posture. By using CREST on top of the CIS Controls, security professionals can monitor security from infrastructure that can be observed, tested, and enhanced.”

The CIS Critical Security Controls are a set of globally-recognized and widely-used best practices that provide a prioritized path to improve an enterprise’s cybersecurity posture. This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting.

“CIS is pleased to partner with CREST to provide end user organizations a selection…

Source…

CREST president Ian Glover to retire after 13 years – but where’s the transparency, bossman? • The Register


Ian Glover, president of infosec accreditation body CREST, is stepping down from his post, he told the organisation’s annual general meeting yesterday.

Sources whispered of Glover’s departure to The Register ahead of a mass mailout today to members of the organisation, which oversees some industry-recognised penetration testing exams and certifications in the UK.

“My retirement is something I have been planning for some time and, while I leave with a heavy heart, I am confident CREST will continue to move forward in the hands of an excellent team,” said the man himself in a canned statement emailed round CREST member organisations, following his 13 years at the helm.

CREST had not responded to The Register‘s request to interview Glover by the time of writing. He will remain in post for another three months.

Glover was president of CREST when the exam-cheating scandal broke last year. A major CREST backer, pentesting firm NCC Group, had been creating cheat-sheets and walkthroughs for CREST certification exams.

Numerous ex-NCC sources told The Register of an internal culture where exam candidates were shown marked copies of past papers, in apparent breach of CREST’s non-disclosure agreement. Unlike school exams where past papers are freely circulated, CREST was supposed to rigidly control all of its exam materials to prevent their public disclosure at any stage. One source told us at the time: “The content of the exams and syllabus is intentionally extremely vague and under heavy NDA.”

People who worked hard to pass their CREST exams expressed disgust to El Reg that a significant backer of the industry body appeared to be spoon-feeding its staff the answers, raising questions about the exams’ integrity and the competence of people who ultimately sign off clients’ crown jewels as secure. Those clients include the British government and critical national infrastructure operators.

Rob Dartnall, chairman of CREST,…

Source…