The Global ACE Certification is a holistic framework of cybersecurity professional certification that outlines the overall approach, independent assessments, impartiality of examinations, competencies of trainers, identification and classification of cyber security domains and the requirements of professional memberships.
The scheme is a large-scale systematic plan of actions to certify and recognise the cybersecurity workforce. It is industry driven and vendor-neutral, developed in collaboration with government agencies, industry partners and academia.
The establishment of the scheme is in tandem with international standards such as ISO 9001 on processes, ISO/IEC 17024 on certification of persons and ISO/IEC 27001 on security management, which is vital to:
The Global ACE Certification aims to enhance the skill-sets of the cybersecurity workforce congruent with local and international requirements. Global ACE Scheme Recognition Arrangement permits mutual recognition of certified cybersecurity workforce across the country boundaries. It creates value for the cybersecurity industry and elevates the security-facet of participating countries.
Global ACE Certification Recognition Arrangement allows for mutual recognition of certified cybersecurity professionals, which creates value for the cybersecurity industry and participating countries.
The vision is to create a critical mass of qualified and competent workforce with shareable expertise across the country boundaries.
The scheme has the following objectives:
The heart of the Global ACE Certification is the framework that provides a standard base and means of acknowledging the “knowledge, skills and attitudes” for the workforce in the cyber security sector. The framework will be the base for impartial examinations and guideline for certifications. The framework encompasses two broad categories of domains (Figure 1) as below:
The “Cyber Security Technical Competencies” - related to technical skills and knowledge required by a professional to conduct its task as a certified professional. Domains are:
The “Cyber Security Generic Competencies” - related to the necessary cyber security soft skill-sets in delivering service and consultation. Domains are:
i) People skills domains:
iii) Business acumen skills domains:
ii) Process skills domains: