CREST, CSA and AISP work together to introduce penetration testing certifications in Singapore

6 October 2016:     CREST has signed a Memorandum of Intent (MoI) with the Cyber Security Agency of Singapore (CSA) and the Association of Information Security Professionals (AISP) in Singapore to work together to introduce CREST certifications for penetration testing in Singapore.  CREST, a UK-headquartered not for profit organisation, will work with AISP, a local body for information security professionals, with the support of CSA to establish a CREST Singapore Chapter and offer penetration- testing certifications.  This initiative was developed in collaboration with the Monetary Authority of Singapore (MAS), the Association of Banks in Singapore (ABS) and the Infocomm Development Authority of Singapore (IDA).

CREST has a range of certifications that include Penetration Testing, Incident Response, Malware Analysis and wider Information Security Architecture in the UK. Penetration testing certifications will be introduced first in Singapore, with more certifications potentially being rolled out subsequently.

The certification will offer transparent and open standards that serve as a competency baseline for practicing professionals and service providers in Singapore. In the UK and Australia, CREST certifications are already the prevailing industry standards for penetration testing and are endorsed by the respective Governments. By introducing the certification in Singapore, the aim is to help grow local skills and capabilities and provide assurance for professionals and service providers that perform penetration tests.

Mr David Koh, Chief Executive of CSA, said “The CREST certification will help to raise the quality of service providers and professionals in the penetration testing space.  The setting up of the CREST Singapore Chapter next year will be a welcomed initiative, and we are confident that it will enhance the vibrancy of the cyber security ecosystem in Singapore.”

“CREST is delighted to work with the CSA and AISP to develop penetration testing standards in Singapore.   Through the provision of CREST accredited companies and CREST-certified professionals, we will be able to deliver increased levels of confidence to the buying community, the regulators and the Government.   CREST is working hard to professionalise the cyber security testing sector internationally and through development of a local chapter in Singapore, it will be possible to achieve consistently high standards across the region,” said  Rowland Johnson, Director of CREST International.

“AISP is excited to embark on this journey together with CREST and CSA to uplift excellence and professionalism within the Cyber Security industry. AISP welcomes the opportunity to work collaboratively in supporting the development of CREST certifications in Singapore and aims to promote CREST through our Industry programme,” said Mr Wally Lee, President of AISP.

“CREST will provide financial institutions and outsourced service providers a better assurance on the quality of penetration testing services and in turn enhance the overall cyber security posture of banks in Singapore,” said Mrs Ong-Ang Ai Boon, Director of The Association of Banks in Singapore (ABS).

“Financial institutions face increasing cyber threats. It is therefore critical that they conduct robust penetration testing to identify and rectify system vulnerabilities promptly and effectively.  CREST’s Singapore chapter will help deepen the pool of qualified penetration testing expertise in Singapore and the region, and strengthen our financial institutions’ cyber defences,” said Mr Wong Nai Seng, Assistant Managing Director of MAS, who welcomed the development.

About the AISP
The AISP is a Government and Industry collaboration which aims to transform Infocomm Security into a distinguished profession and build a critical pool of competent Infocomm security professionals who subscribe to the highest professional standards.   The AISP was registered with the assistance of the Singapore Computer Society (SCS) and the strong support of the Infocomm Development Authority of Singapore (iDA) in February 2008.  It was officially launched on 17 April 2008 by Dr Vivian Balakrishnan, the then Minister for Community Development, Youth and Sports.