CIISec release the latest version of the Skills Framework V 2.4

14th November 2019.

The Chartered Institute of Information Security (CIISec) have released the latest version of the Skills Framework, version 2.4. This is the first revision to the Skills Framework since CIISec were awarded Royal Charter status.

The CIISec Skills Framework (SF) is widely accepted as the de-facto standard for measuring competency of Information Security professionals. It sets out a series of security disciplines in which different security-related roles should be able to display competence. Additionally, the SF defines a series of ‘Skills Levels’ (ranging from 1-6 and aligned with each discipline) that can be used to understand different levels of competence in each particular discipline. This also provides a common scale to support assessment and benchmarking activity.

The main change to version 2.4 sees the addition of Section G, Security Discipline encompassing data protection, privacy and identity management. Several Skills Groups throughout the SF have also had changes made to the to reflect correctly CREST and other certifications.

Pete Fischer, CIISec Fellow said “I would like to thank and stress the importance of the contribution made by the Corporate Members of CIISec in keeping the Skills Framework current and relevant to the cyber security profession. The Skills in the G Area were introduced as a direct result of a recommendation by the FCA, supported by others.”

The Skills Framework is available to use for personal use, however if you wish to use commercially you will need to purchase a license via the Corporate Member programme. Corporate membership includes licences to use the latest versions of the Skills Framework which is part of the CIISec Capability Development Methodology including the Accreditation, Skills, Knowledge and Roles Frameworks.

CIISec have spent over a decade using these uniquely developed frameworks to benchmark capability and set standards for skills, experience and knowledge across the profession. Our frameworks have been developed in conjunction with industry, government and academia they also align with and recognise other accreditation bodies’ standards. NCSC use the CIISec Skills Framework v1.0 to underpin its Certified Cyber Professional (CCP) Scheme.

Individuals can request to download the CIISec Skills Framework version 2.4 here

For questions about CIISec’s Frameworks or Corporate membership please contact