CREST is short for Council of Registered Ethical Security Testers
The Council of Registered Ethical Security Testers (CREST) is a not-for profit certification body and trade association for the technical information security industry established in 2006. CREST was established in response to the clear need in the technical information security marketplace for a more regulated professional services industry.
By looking for CREST accreditation, organizations buying penetration testing services get the assurance that the work will be carried out by trusted companies and qualified individuals with up to date knowledge, skills and competence to deal with all the latest vulnerabilities and techniques used by real attackers. All assessments and examinations used to evaluate companies and individuals have been reviewed and approved by GCHQ, CESG. CREST accreditation also ensures that technical penetration testing capabilities are supported by appropriate policies, processes and procedures for conducting this type of work and for the integrity and protection of client information.
For those organizations that have experienced a cyber security attack, or are trying to reduce the likelihood or severity of such an attack, CREST’s Cyber Security Incident Response scheme is endorsed by GCHQ and CPNI. It focuses on appropriate standards for incident response aligned to demand from all sectors of industry, government, the wider public sector and academia. Companies included in this scheme have demonstrated that they meet the high standards required to help organizations plan for, manage and recover from significant cyber security related incidents. These companies will also have access to professional CREST qualified staff in intrusion analysis and reverse engineering.
Penetration testing and cyber incident response services provided under the CREST banner are also supported by comprehensive for both the company and individual. These codes are used to ensure the quality of the services provided, the integrity of the companies and individuals and adherence to audited policies, processes and procedures.
CREST is also part of a consortium with the IISP and Royal Holloway, University of London to provide examinations for Security Architects under the CESG Certified Professional Scheme. The introduction of this accreditation for the technical security industry is part of a concerted move to increase professionalism.
Conducting its own research and working closely with e-Skills UK, academia and training organizations, CREST provides a structured approach for entry into the industry and sets out professional development pathways for those wishing to progress.
CREST has member companies in a number of countries and a formally established Chapter in Australia. that has the full support of the Australian Government. CREST now also has a USA Chapter for more information see CREST USA page - click here