Get more info about setting up a new chapter in your area.
What is a chapter?
A CREST Chapter is effectively a vehicle for promoting and maturing cyber security practices in either a region or a country. It is a legal entity in its own right. Chapters have a formal contract with CREST (International) that defines formal roles and responsibilities.
What makes a chapter?
We are focused on making chapters sustainable. Although sustainability within regions and countries will be influenced by a number of different factors, some of the key indicators are as follows:
Chapters have the ability to take a share of the income that is generated by both company memberships and individual exam income that is delivered in country. In return, our chapters are expected to take responsibility for their business hygiene, including activities such as book-keeping, insurance and local data protection requirements. Chapters are expected to promote both membership and examinations themselves and run industry events to communicate to all areas of the stakeholder ecosystem.
Although there are no concrete figures around a minimum number of member companies or Information Security professionals required to build a chapter, we believe that there is a tipping point where sustainability becomes easier to achieve. As a rule of thumb, we recommend:
In every instance, we are interested in supporting countries, organizations and even individual cyber security professionals to build and sustain CREST Chapters.
We firmly believe that for a chapter to be both self-sustaining and aligned with a country’s or region’s cyber security strategy, it is imperative that it has a local board of executives that have responsibility for defining and executing the chapter’s initiatives. One of the key things that CREST believes is essential is that there is consistency in standards internationally.
For example, a red teaming exercise in the UK should mean the same thing as a red teaming exercise in Spain or in Malaysia. Therefore, local Chapters have responsibility to ensure that consistent standards and accreditation goals are maintained internationally.
However, local chapters can also adapt their focus according to domestic government and regulator led initiatives. For instance, in the UK, the NCSC and Cabinet Office has promoted Cyber Essentials as a scheme oriented towards UK based SME organisations. It makes sense for the CREST UK Chapter to have the flexibility to adapt to and champion this scheme without an expectation that it has to be rolled out across all global chapters.
CREST in the GCC Region
We have as visited the Middle East on a number of occasions to support the development of new markets for UK technical security companies. These visits have been very successful and included formal presentations to major banking institutions and regulators.
We are now working towards establishing a CREST Chapter in the Middle East, building on the recent success of a new chapters established in Asia and the European Union. This will provide a focal point and foundation for building a bigger and stronger market for UK companies and help to mature Middle East cyber security capability and capacity.
CREST in Malaysia
A Memorandum of Understanding has been signed between CREST and Persatuan Penguji Keselamatan Siber Kuala Lumpur, Selangor dan Putrajaya (“PPKS”) to establish a CREST Chapter in Malaysia.
The partnership between the two organisations will help to pave the way for industry in Malaysia to provide greater assurance on the quality of services provided by penetration testers, benchmarked against international standards. It also enables the sharing of international industry expertise and experience with local providers and cyber security individuals that will further boost the development of a sustainable pool of local talent that will support the nation’s security industry.
CREST Malaysia will provide greater capability, capacity and consistency within the domestic cyber security market and will strengthen export opportunities.
Interested in exploring opportunities for a new CREST Chapter?
To find out more about how CREST can help build localized CREST chapters, please e-mail [email protected]