Penetration testing, also known as "pentesting" or "ethical hacking", took a step away from its sometimes unruly reputation today with the establishment of an Australian branch of the Council of Registered Ethical Security Testers (CREST).
"CREST Australia will have the important role of establishing clear and agreed standards for cyber security testing," said attorney-general Nicola Roxon in a media statement.
"These standards will help the business sector be confident that the work conducted by IT professionals is completed with integrity, accountability and to agreed standards."
CREST Australia is affiliated with CREST Great Britain.
Individual members of that organisation must pass exams to validate their competence.
Currently CREST rates individuals as a CREST Registered Tester, or as one or both of two CREST Certified Tester qualifications, one for network testing and one for application testing.
Member companies must meet CREST's standards of management, integrity and accountability.
"By having this function performed by an Australian arm of a recognised body such as CREST, qualifications can be recognised internationally, promoting a recognised international standard," Roxon said.
While CREST Australia is an independent not-for-profit organisation it will "work closely with Government" — a fact reinforced by the media statement being tagged with an explanation of CERT Australia, Australia's official national computer emergency response team (CERT).
Alastair MacGibbon has been appointed as CREST Australia's first chief executive officer.
MacGibbon is well-known in the information security community. He was founding director of the Australian Federal Police's Australian High Tech Crime Centre, and director of trust and safety for eBay Australia & New Zealand.
He is currently director of the Centre of Internet Safety at the University of Canberra, as well as a consultant in the private sector through the Surete Group.
CREST is not the only certification body for penetration testers. Certifications are also offered by the Tiger Scheme, the SANS Institute and Offensive Security, amongst others.
Register Today. Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution, Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.