Adrian Davis, managing director for EMEA at (ISC)2, talks about the emerging field of cyber forensics
Last week, the International Information Systems Security Certification Consortium, better known as (ISC)2, launched a new European qualification – the Certified Cyber Forensics Professional (CCFP).
Anyone with sufficient experience and qualifications can register their interest, take an optional training course and sit an exam. While this sounds simple enough in theory, the actual exam, which features 160 questions and takes around four hours to complete, has been designed to challenge even the most dedicated of experts.
Adrian Davis, who has recently been appointed managing director for EMEA at (ISC)2, told TechWeekEurope that the introduction of the new certificate is a sure sign that cyber forensics is maturing into a serious discipline, separate from fields like data management and systems security.
After all, it’s not just about analysing hard drives and trawling through machine logs – cyber forensics professionals need to communicate equally well with IT engineers, non-IT staff and executives – while collecting evidence that can later stand up in a court of law.
“Oh my God, we’ve been hacked!”
(ISC)2 is a non-profit organisation founded in 1988 with a mission to standardise cyber security credentials. It helps IT professionals prove their skills and experience, while employers rely on the certificates to find employees that satisfy their needs.
Today, (ISC)2 has more than 100,000 members worldwide, some of whom helped design the new forensics certificate.
“Cyber forensics is more than crime scenes and just collecting and analysing hard drives and USB sticks,” explains Davis. “It can be applied to big data, security log review and other important security activities where careful analysis can yield important insights. Additionally, the discipline permeates information security, law enforcement and law in general.”
He notes that there’s also a different side to forensics, less reactive and more pro-active: it is about understanding how the systems run and noticing when they change, identifying certain patterns of behaviour, flagging up dangerous events before they happen. “Someone told me it’s a bit like Minority Report, but less scary,” jokes Davis.
The CCFP certificate has been available in the US and South Korea for a while, but it was necessary to adapt the ‘body of knowledge’ on which it is based to the European regulatory landscape. “It took us a little bit longer than we wanted to get the EU certificate up and running, but now that we’ve got it, we are absolutely confident we’ve captured all of the major EU and regional laws that impact a forensics professional. It was worth the wait,” says Davis.
Applicants for CCFP are required to know legal and ethical principles of cyber security, be able to conduct an investigation and handle evidence, and understand the emerging technologies.
Integral to the process is the notion of exclusivity. To attain the CCFP, applicants must hold a four-year Bachelor’s degree or equivalent, and have at least three years of paid full-time, professional experience in a relevant field. Those not holding a degree must have at least six years of experience.
“When we certify someone, you have to demonstrate the breath of your knowledge – that’s the exam part – but then you have to also demonstrate that you can take what you know and apply it – and that’s why you have to have three, four of five years of experience, depending on certification.”
And the fact that the certificates are devised by existing members of the (ISC)2 keeps the standards high: “Once you’ve been through the process of getting one, you don’t want to see it devalued,” adds Davis.
First CCFP exams in English are scheduled for the end of April, while the German translation is expected by the middle of June.
How well do you know network security? Try our quiz and find out!