Ethical hackers get industry association

By David Meyer, ZDNet UK
Friday, April 25, 2008 12:33 PM

An industry association has been created for ethical hackers, in a bid to reassure buyers of systems and applications that such products have been sufficiently tested.

The Council of Registered Ethical Security Testers (Crest) made its public debut on Wednesday at the Infosecurity Europe conference in London. The aim of the council is to standardize ethical penetration testing and provide professional qualifications for the testers.

Crest chair Paul Docherty said: "Penetration testing is a widely accepted method of assuring information security and has become an integral part of many organisations' operational and technology risk management programs."

"Yet despite the widespread use of penetration testing, there has historically been a definite lack of agreed commercial standards and practices. We formed Crest with a number of other providers in order to supply a high level of standard to companies who engage with security testers," he added.

Crest's advisory panel includes representatives from insurance group Aviva, Lloyds TSB and the NHS. Aviva's David King said the organization would "provide an industry standard to allow the purchasing community to have confidence [in the products they are buying]".

Member companies are part of the new Crest trade body, which will govern the Crest professional body that provides for individuals who are not employed by the member companies, in areas such as exams.

Crest is running certification examinations in two streams: infrastructure testing and Web-application testing. Testers can either apply for certification at the corporate level or on a standalone level as a "Crest associate".


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

Use shades of gray to enhance scale in Excel

Microsoft Office Suite

Excel's palette is generous, but don't throw buckets of pigment all over your spreadsheets just because you can.


Read more »



Ultimate 2012 recovery site: the moon

Blog thumbnail

Have you seen the disaster movie "2012"? A friend from Control Risks and I did, and we reluctantly concluded we wouldn't be able to write off the cost of our..... by Nathaniel Forbes

Read more »

Tags

  1. attack
  2. authentication and encryption
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. symantec corp.
  19. viruses and worms
  20. web