Introducing Penetration Testing Certifications

By   ISBuzz Team
Writer , Information Security Buzz | Oct 06, 2015 06:15 pm PST

Penetration Testing CertificationsCREST, CSA and AISP work together to introduce penetration testing certifications in Singapore

CREST has signed a Memorandum of Intent (MOI) with the Cyber Security Agency of Singapore (CSA) and the Association of Information Security Professionals (AISP) in Singapore to work together to introduce CREST certifications for penetration testing in Singapore. CREST, a UK-headquartered not for profit organisation, will work with AISP, a local body for information security professionals, with the support of CSA, to establish a CREST Singapore Chapter and offer penetration- testing certifications. This initiative was developed in collaboration with the Monetary Authority of Singapore (MAS), the Association of Banks in Singapore (ABS) and the Infocomm Development Authority of Singapore (IDA).

CREST  has a range of certifications that include Penetration Testing, Incident Response, Malware Analysis and wider Information Security Architecture in the UK. Penetration testing certifications will be introduced first in Singapore, with more certifications potentially being rolled out subsequently.

The certification will offer transparent and open standards that serve as a competency baseline for practicing professionals and service providers in Singapore. In the UK and Australia, CREST certifications are already the prevailing industry standards for penetration testing and are endorsed by the respective Governments. By introducing the certification in Singapore, the aim is to help grow local skills and capabilities and provide assurance for professionals and service providers that perform penetration tests.

Quotes :

Mr David Koh, Chief Executive of CSA, said, “The CREST certification will help to raise the quality of service providers and professionals in the penetration testing space. The setting up of the CREST Singapore Chapter next year will be a welcomed initiative, and we are confident that it will enhance the vibrancy of the cyber security ecosystem in Singapore.

CREST is delighted to work with the CSA and AISP to develop penetration testing standards in Singapore.  Through the provision of CREST accredited companies and CREST-certified professionals, we will be able to deliver increased levels of confidence to the buying community, the regulators and the Government.  CREST is working hard to professionalise the cyber security testing sector internationally and through development of a local chapter in Singapore, it will be possible to achieve consistently high standards across the region,” said Rowland Johnson, Director of CREST International.

“AISP is excited to embark on this journey together with CREST and CSA to uplift excellence and professionalism within the Cyber Security industry. AISP welcomes the opportunity to work collaboratively in supporting the development of CREST certifications in Singapore and aims to promote CREST through our Industry programme,” said Mr Wally Lee, President of AISP.

“CREST will provide financial institutions and outsourced service providers a better assurance on the quality of penetration testing services and in turn enhance the overall cyber security posture of banks in Singapore,” said Mrs Ong-Ang Ai Boon, Director of The Association of Banks in Singapore (ABS).

“Financial institutions face increasing cyber threats. It is therefore critical that they conduct robust penetration testing to identify and rectify system vulnerabilities promptly and effectively. CREST’s Singapore chapter will help deepen the pool of qualified penetration testing expertise in Singapore and the region, and strengthen our financial institutions’ cyber defences,” said Mr Wong Nai Seng, Assistant Managing Director of MAS, who welcomed the development.

About the AISP

The AISP is a Government and Industry collaboration which aims to transform Infocomm Security into a distinguished profession and build a critical pool of competent Infocomm security professionals who subscribe to the highest professional standards.  The AISP was registered with the assistance of the Singapore Computer Society (SCS) and the strong support of the Infocomm Development Authority of Singapore (iDA) in February 2008.

It was officially launched on 17 April 2008 by Dr Vivian Balakrishnan, the then Minister for Community Development, Youth and Sports.


Formed in 2006 and headquartered in the UK, CREST had helped to achieve a competency baseline across the penetration testing and other cyber assurance services in UK. CREST certifications and schemes now form the backbone of the UK technical cyber assurance market for both public and private sectors.  As of September 2015, there are more than 60 member companies, ranging from boutique SMEs to multinational companies operating across all major regions. CREST has also expanded beyond UK with a CREST chapter established in Australia under the full support of the Australian Government. The Australian CREST chapter has 18 members currently. In addition, CREST has member companies that are dedicated to serving markets in a number of mainland European countries from Holland to Greece. It also has members operating in South Africa, Singapore, Malaysia and the USA.