IISP MEMBERSHIP APPLICATION FORM
Please use associated guidance notes when completing this form
Please indicate which level of membership you are applying for:
Full Membership - See Guidance Notes FMGN1
Full Membership (ITPC) – See Guidance Notes FMITPCGN1
Associate Membership - See Guidance Notes AMGN1
Associate Membership (ITPC) - See Guidance Notes – AMITPCGN1
I am applying for Full Membership
(If applying for Associate (ITPC) to support CLAS please confirm that you give permission for
the IISP to advise CESG/CLAS of the outcome of your application) Yes I give permission/No I
do not give permission (delete as appropriate)
APPLICATION PACKAGE - Part 1
SECTION A
Personal Information
see note 2
Please indicate your preferred surface mail and email address for communications.
Email: Home/Work. Surface Mail. Home/Work.
Family Name Smith_________________
Employment Address The HighStreet Bank,
Other Names John _________________
High Street, London, UK ____________
Honours/Title/ Qualifications BSc, MSc,
________________________________
MBCS, A.Inst.ISP ___________________
________________________________
Home Address 1 High Street, London ___
_____________ Postcode WC1A 1AA _
_________________________________
Tel 01234 567890 __________________
_________________________________
Mobile 07980 123456 _____________
Postcode WC1 1AA
Email [email protected] ________
DOB 25th Oct 1976
Membership No* CA00001 ___________
Tel 01234 567890 __________________
Preferred venue for interview**London _
Mobile 07890 123456 _____________
* If already a member at another grade
Email [email protected] _______
** If Full Membership application
SECTION B
Education & Training
Please provide details of all qualifications held that you consider relevant to your application.
Also put any details of formal or structured Professional Development Schemes. Please submit
copies of certificates with the application form. If you submit the form via royal mail please
also submit an electronic copy of your application to [email protected]. Please list most
recent first
Year of
Award
Educational establishment
Course title
Classification of
qualification
Mode of Study
01/06
The Open University
DMS – Diploma in Management
Studies (Technology
Management)
--
Part-time
09/96 –
06/98
Royal Holloway, University
of London
MSc Degree in Information
Security
Distinction
Part-time
09/93 –
09/96
Oxford Brookes University,
BSc, Computer Science with
Economics
2:1
Full-time
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals®
IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The Institute of Information Security Professionals and
may be used only with express permission of the Institute.
App Form V6 Pt 1
Page 1 of 16
IISP MEMBERSHIP APPLICATION FORM
10/04 05/05
Oxford Institute
Applications of Cryptography
09/02
Trust Us Ltd
Firewall-1 - Security
Administrator & Engineer
06/01
Security System Ltd
Windows NT Security
07/98 –
09/98
Royal Holloway, University
of London
Computational Number Theory /
Cryptography
08/98
Security System Ltd
Router and Firewall Security
05/97
Security System Ltd
Smart Card Security
12/97
Security System Ltd
Data Protection & Computer
Misuse
11/97
Computer Forensics Ltd.
Advanced Computer Forensics
09/96 –
05/07
Royal Holloway, University
of London
Cryptography for NonMathematicians
03/91
Trust Us Ltd
Computer Security for PCs &
LANs
06/90
Security System Ltd
Network Security
01/90
Security System Ltd
Data Security in Banking
06/89
Trust Us Ltd
Computer Security
Please Note: I have not followed a Professional Development Scheme (PDS). However, the above list details
the professional training that I have undertaken relevant to Information Security.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals®
IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The Institute of Information Security Professionals and
may be used only with express permission of the Institute.
App Form V6 Pt 1
Page 2 of 16
P
APPLICATION PACKAGE PART 2
ART 2 -
Candidate’s Surname _________________
Candidate’s Initials ___________________
PART 2 - SECTION A
Page No:
Experience History (see note 4)
Please list your relevant employment history, including employers, roles, dates and your responsibilities together with referees where possible.
Experience should be chronological, with the most recent coming first. Use continuation sheets as necessary. We will accept the submission of a
Curriculum Vitae instead of/as a supplement to this information, but please ensure there is sufficient detail here to support your claimed skills
levels (Part 3 – Section A).
From
Month/Year
To Month/
Year
01/03
01/00
01/96
01/03
01/00
01/91
01/88
09/93
08/91
Details
The HighStreet Bank, London
"
"
Principal Information Security Consultant.
Senior Information Security Consultant.
Information Security Consultant.
Orgez, Basingstoke
"
Senior Security Analyst.
Security Analyst
Please note: Between 1993 and 1996 I took two years out of work to study for a Degree in Computer Science with Economics at Oxford Books
University.
The HighStreet Bank
At The HighStreet Bank I am Principal Information Security Consultant, where my responsibilities included security architectures and policies,
and standards for financial sector security for the Bank’s IT systems.
I advise on information and technical security issues, and residual risk exposure, covering a wide range of technologies used in the financial
sector. I am tasked with identifying trends in information security and devise strategies and project work to match. I lead risk assessment
reviews and assist with investigations into fraud and misuse of the Bank’s IT resources, including the capture and retention of information that
may be used in a prosecution.
I am responsible for IS in the Bank’s subsidiary operations, including offshore, reporting directly to the Bank’s Director of Information Security
and Risk Management.
I establish company-wide IT security standards and am responsible for advising senior management on security procedures and practices
relating to existing and new IT developments. In this capacity I facilitate risk assessment workshops following recognised methodologies (e.g.
SPRINT, SARA), I advise on contingency / business continuity planning and I provide training in information security to employees throughout
the company, ranging from basic IS practice through to the application of cryptography.
I am involved in recruiting members of the security team and for subsequently supervising their professional development and training needs. I
have also supervised two Information Security MSc students who completed their projects with the Bank.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned
by The Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 2
Page 3 of 16
I represent HighStreet Bank on the APACS Integrated Smart Card (ICC) project, which became Chip & PIN. I am a member of the APACS
Security Standards Group (SSG), and represent the Bank at LINK on the ATM Security Group
Recently I have been involved in the design of the secure component of the bank’s Internet banking platform. I was also recently appointed by
APACS to represent the UK as Principle UK Expert on ISO standards committee ISO 12345 (Application of Cryptography to Financial Services).
Other responsibilities included:
 Advising on the application of cryptographic mechanisms and services
 Advising on tactical and strategic plans for IS across the Bank’s group of companies
 Advising executive management on IS exposure, including incident response
 Providing consultancy on strategic or high risk systems where impact on business of a security breach is significant
 Carrying out or coordinating system security reviews, penetration testing, and assessing effectiveness of proprietary protection
 Preparing and promoting strategies for the security of communications networks and branch-based cryptographic processing
I have advised and contributed at a detailed level to:
 Internet Banking (Access Control, Strong Authentication Techniques, Web Servers)
 Electronic Commerce (SSL, ‘Verified by Visa’, ‘MasterCard SecureCode’, Smart Card, Interactive Digital TV)
 Interbank Communications (Routers, Firewalls, Web and Security Servers)
 Trusted Third Parties (TTPs), Certification Authorities (CAs) and PKIs
I have a broad understanding of legislation pertaining to security in the financial services.
In





my previous role at The HighStreet Bank of Senior Information Security Consultant, I:
Developed an in-house training course
Carried out detailed security analysis of Bank’s computing systems under the guidance of a Principle Information Security Consultant
Represent the Bank as part of the APACS team that specified and rolled out the EMV chip initiative
Developed tools (PC applications) to facilitate the investigation of fraud including capture of information
Specified and rolled out a PC security product (providing access control, encryption, etc.) across all of the Bank’s sites (approx 10,000
installations).
As Information Security Consultant. I was responsible for developing and managing the security alert notification system for all in-house IT
operations, I Supervised penetration testing of all Bank and subsidiary companies external facing IT systems, and supported internal IS reviews.
Orgez
As Senior Security Analyst at Orgez, I led risk assessments for clients which included all of the top four banks and top five accounting firms. I
prepared training material on risk assessment, penetration testing and Internet banking security for Orgez’s highly regarded Information
Security training academy.
I also developed a programme for penetration testing high risk systems, including specifying skills and technologies necessary to carry out
external tests.
As Security Analyst I provided support to the risk assessment team leaders, supported the development of training material, and was involved in
the deployment of encryption hardware to protect banking networks.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned
by The Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 2
Page 4 of 16
PART 2 - SECTION B Papers Presented and/or Published, Public Activities Undertaken at Industry, National & International Level, etc.
Candidate’s Surname _________________
Candidate’s Initials __
Page No:
List here all activities that are relevant to and support your claimed competencies. Such activities may include:



Papers published in recognised Journals
In-house publications
Conference and seminar presentations
Any other contribution to Industry, national and international bodies
Evidence of direct contribution to development of the information security profession, for example through contributions to education or through
participation in candidate review or interview panels is welcomed.
From
Month/Year
To
Month/Year
02/89
04/06
01/92
10/05
01/04
04/03
04/06
03/05
12/07
Voluntary:

Secretary to the Basingstoke branch of the BCS.

I have contributed two articles to IISP newsletter: “Why bank customers can’t remember their PIN “and “Is Information Security really
a profession? Discuss.”
Professional:

ISO: I am the Principle UK Expert (PUKE) for ISO 12345 (Application of Cryptography to Financial Services)

APACS: I was a member of the Security Standards Group (SSG)

LINK: I represent The HighStreet Bank on the ATM Security Committee
Publications and Conferences:

Smith, J; Scarlet, C; White, D; “Why we should still fear the rogue trader”, InfoSecurity, 2006, London

Smith, J; Green, E; Peacock, F; “Profit or privacy?”, ISF Conference, 2005, Paris
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned
by The Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 2
Page 5 of 16
APPLICATION PACKAGE – PART 3 – SKILLS PROFORMA
Candidate’s Surname _________________
Candidate’s Initials ___________________
PART 3
This section lists the skills associated with the practice of information security. Nine key
security disciplines have been defined, with skills groups listed within each discipline. You
are asked to grade your experience and knowledge using the table on the following pages.
You are asked to add your claimed competence in the first column, and detail under the
evidence column. The level of detail required depends on the level applied for:
For Full Membership applications brief bullets should be added to justify your scoring and
enable your application to be evaluated.
For Associate & ITPC applications relevant example(s) should be added to justify your
scoring and enable your application to be evaluated. The examples should indicate the
situation, what you did, how and why you did it and what the outcome was.
Please use Appendix A and B of the guidance notes to view examples of skills to develop
these scores, which is relevant to both applications.
General guidance
While no one person is expected to demonstrate competence in every skill group defined,
there is an expectation that:
For Full Membership applicants will be familiar with the principles underlying most security
disciplines. Successful candidates will score highly on personal characteristics and
demonstrate broad knowledge or have some experience in at least six of the nine security
disciplines.
For Associate Membership applicants will have some knowledge or experience of most of
the security disciplines
Please see notes in appendices A and B of the guidance notes for competency levels.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals®
IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The Institute of Information Security Professionals and
may be used only with express permission of the Institute.
App Form V6 Pt 3
APPLICATION PACKAGE – PART 3 – Section A - SUMMARY OF SKILLS PROFORMA
Candidate’s Surname______________ Candidate’s Initials ________
Skills Group
A1 - Governance
A2 – Policy & Standards
A3 – Information Security
Strategy
A4 – Innovation & Business
Improvement
Competence
Level
2
3
3
3
Evidence
HighStreet Bank:

Reporting to Head of Information Security, I am in charge of the rollout of
corporate IS security policies and standards to subsidiary companies outside
the UK.

Review and analyse local needs of the organisation and resources, factors that
could make adoption of the corporate framework infeasible.

I lead discussions with business unit managers to agree understanding and
gain commitment.
HighStreet Bank:

I am responsible for, and directly involved in, researching, developing,
negotiating and maintaining a broad range of IS policies and derived
standards.

Deliver standards for PC Security, Key Management, Unix Security, Network
Security and High Risk EFT.

I provide on-going advice to the business to understand the requirements of
the policies/standards, and to interpret the needs of corner cases.
HighStreet Bank:

I serve on the APACS Security Standards Group (SSG) and LINK ATM Security
Committee.

I actively support standards and enhancements to technologies; banking
practices, and respond to incidents and developments that if left unchecked
might undermine integrity and trust.
HighStreet Bank:

Directly involved in the introduction of Internet Banking across the bank, in
particular, with customer authentication techniques and understanding the
risks associated with rolling out new products that Internet Banking made
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V5 Pt4
Page 7 of 16
possible.

A5 – Information Security
Awareness and Training
3
Similarly, I regularly contribute IS advice to other internal projects that use
technology to process high value information, e.g. the branch network,
investment management tools and funds transfer systems.
HighStreet Bank:

I design and deliver IS induction courses for all new starters.

Am also responsible for adapting the training material to the needs of the
Bank’s subsidiary companies for which I have responsibility.
Orgez:

A6 – Legal & Regulatory
Environment
2
A7 – Third Party
Management
3
B1 – Risk Assessment
3
I prepared training material on risk assessment, penetration testing and
Internet banking security for Orgez’s highly regarded Information Security
training academy.
HighStreet Bank:

Have a sound understanding of legislation that directly relates to IS (e.g. DPA,
CMA, CDPA),

I have a broader understanding of legislation and the legislative processes
(including Money Laundering and legislation concerning Investigatory Powers).

I use legal knowledge when investigating and recording incidents that may lead
to disciplinary action or prosecution of Bank employees.
HighStreet Bank:

I have lead many assessments of IS management in third-party organisations
that support the Bank’s businesses, principally looking at the technical security
surrounding information processing.
HighStreet Bank:

I have carried out in-house risk assessments using the ISF’s SPRINT and SARA
methodologies.

I have identified threats and vulnerabilities to value assets and implemented
appropriate risk management countermeasures.
Orgez:
I led risk assessments which involved:

preparing detailed briefs for clients,

identifying and agreeing areas of highest risk,
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 8 of 16
B2 – Risk Management
1

selecting team members with appropriate skill sets,

defining deliverables, monitoring performance and reporting.
HighStreet Bank:

C1 – Security Architecture
3
I have studied and have limited practical experience of risk management, but
no operational responsibility.
HighStreet Bank:

Responsible for IS standards covering Architectures.
 Focussing on telecommunications and internetworking requirements, existing
and predicted, of the Bank and its subsidiaries.
C2 – Secure Development
2
HighStreet Bank:
 Advise developers on IS requirements for EFT and Internet based applications
 Involvement in testing and rollout stages of development.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 9 of 16
D1 – Information Assurance
Methodologies
D2 – Security Testing
3
2
HighStreet Bank:

I advise on the section of products designed to provide communications
security, e.g. VPNs, VOIP Encryption, which are required to comply with
banking encryption standards.

I also lead reviews of EFT systems that implemented approved security services
in software, reviewing the effectiveness of the implementation.
HighStreet Bank:

I lead reviews of bespoke computer-based solutions, including EFT systems that
implemented approved security services in software, reviewing the
effectiveness of the implementation.
Orgez:
E1 – Secure Operations
Management
1
E2 – Secure Operations &
Service Delivery
1
E3 – Vulnerability
Assessment
1
F1 Incident Management
1
F2 - Investigation

I developed a methodology for penetration testing high risk systems, including
specifying skills and technologies necessary to carry out external tests.

I supported the deployment of encryption hardware to protect banking
networks. I carried out extensive security testing before and after deployment.
HighStreet Bank:

HighStreet Bank:

Education and limited practical experience, but no operational responsibility.
HighStreet Bank:

1
Education and limited practical experience, but no operational responsibility.
Education and limited practical experience, but no operational responsibility.
HighStreet Bank:

I prepare risk advisory notices and regular reports to help business managers
understand current risks and the likelihood of incidents occurring.

I coordinated the response to a virus outbreak:
o
assessing the scope of the outbreak
o
sourcing and directing resources
o
leading the subsequent analysis.
HighStreet Bank:

I provide technical support to in-house and external investigators in incidents
relating to abuse of technology, and storage and transmission of pornographic
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 10 of 16
material.
F3 - Forensics
1
HighStreet Bank:

G1 – Audit and & Review
H1 - Business Continuity
Planning
H2 - Business Continuity
Management
I1 - Research
I2 – Academic Research
3
2
1
2
0
I investigate and advised on the use of evidence gathering techniques
(including supporting investigation technologies) for use in in-house
investigations.
HighStreet Bank:

I provide expert guidance to Internal Audit and Computer Audit.

I lead and report on system auditing components of internal audit reviews

I define testing frameworks and provide detail step-by-step processes,

I apply the relevant standards and policies through an understanding of
business objectives.
HighStreet Bank:

Responsible for the Contingency Planning Standard of the IS Policy

Regularly carry out reviews and advise on risk and risk reduction.
HighStreet Bank:

I understand and have advised on business contingency planning.

I produced the Contingency Planning standard that supports the Bank’s IS
policies.
HighStreet Bank:

I implement thorough research of the topic areas to fully understand the risks
that need to be managed in developing standards and policies.

I consider the problem from the perspective of both the attacker and the
defender.

I frequently discover that I am dealing with leading edge technologies and
unrealised vulnerabilities for which no solutions currently exist.

I present my finding to colleagues in the Bank, and to partner organisation, and
where possible publish publicly, e.g. conference, journal.
HighStreet Bank:
I am not involved in any academic IS research.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 11 of 16
I3 – Applied Research
J1 – Teamwork and
Leadership
J2 – Delivering
1
2
2
HighStreet Bank:

I am involved in developing a risk assessment methodology specifically aimed
at home banking.

Focussed research topics on the risks associated with accessing Internet based
account from locations such as Internet cafés, work and home.
HighStreet Bank:

I lead a team when performing risk assessments and developing standards and
policies.

I set realistic objectives, monitor performance, encourage and ‘leading be
example’, mentor and encouraging support personal development outside of the
immediate role.
HighStreet Bank:
I have delivered results against pre-agreed objectives in situations where
dependency on others presents risks and challenges, where the task is complex
and has no precedence. Examples include:
J3 – Managing Customer
Relationships
2

While undertaking risk assessments at all levels, I negotiate and agree scope,
timely delivery (which includes prioritisation, planning, speedy dispute
resolution, showing initiative and planning for unforeseen obstacles) and
identifying personal limitations.

In support of tactical and strategic planning for the Bank’s IS future need,
which are by definition time/objective based, I demonstrate a clear
understanding of capabilities available to me, recognise contention with other
planning processes including those of related business units, apply fine-grained
planning and a implement processes for identifying and responding to
unexpected events.
HighStreet Bank:

My customers are the business units that I interact with on a daily basis.

Am also responsible for managing a successful and long-lasting relationship
between Group Information Security and the off-shore business units, where
dynamic, fast changing business objectives make relationships difficult to
maintain.

In many situations the relationship is at peer level, so an attitude of negotiation
is important. Nevertheless, the relationship may be grounded in business
objectives, which can lead to differing personal objectives.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 12 of 16

J4 – Corporate Behaviour
J5 – Change and Innovation
J6 – Analysis and Decision
Making
2
2
3
Frequent, regular communications and shared planning and a shared
understanding of expectations, limitations (personal and organisational) and
priorities have proved to be effective.
HighStreet Bank:

I understand the value of IS to the Bank, reflecting this in the standards and
policies I develop, the professional advice that I give to others, and through the
training and awareness I am responsible for.

I represent the Bank on external committees where sometimes my views are at
odd with those of others, simply because the Bank had slightly different values
or operating practices.

Recognise that building cross-organisational relationships is essential, as is
respecting the values of those business units, but remaining firm when these
values are not aligned with the core values of the Bank.

Continually looking for opportunities to share good practices, either those
developed by the IS team or those discovered in business units saves time and
cost while strengthening the community. These behavioural characteristics are
clearly demonstrated in the cross-company team of IS Coordinators that I am
currently setting up.
HighStreet Bank:

I was responsible for changing the way the Bank managed its EFT systems,
introducing dual and triple control using Smart Card and cryptographic
processes.

Implemented the goal of reducing the risk while eliminating a complex and
unpopular manual process, to improve security and reduced cost.

Skills in identifying problems, designing and proposing solutions, persuading
those not directly affected and seeking funding were successfully demonstrated.
HighStreet Bank:

I develop IS policies and standards starting with detailed analysis, taking into
account ideals, practicalities, best practices, business needs and the overall IS
framework. In leading the introduction of new standards and policies,

I effectively apply analysis and decision making skills to support effective IS
management.

Recognise that on occasions these decisions can be unpopular, because
sometimes security cannot effectively address the risks of business innovation,
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 13 of 16
so a consistent and justifiable approach is required.
J7 – Communication and
Knowledge Sharing
3
HighStreet Bank:
Examples of communicating and knowledge sharing include:

researching and writing standards and policies,

delivering corporate IS awareness courses,

mentoring team members and university placement students.

communicating with appropriately chosen language, with technology developers
and senior management when advising on new developments, briefing on
incidents and exposure or providing risk assessments.
In a more formal setting, I occasionally chair the APACS SSG, and have facilitated
risk assessment workshops.
K1 – Contributions to the
community
K2 – Professional
Contributions
K3 – Professional
Development
3
2
2
HighStreet Bank:

I serve as Principle UK Expert to the UK Standards committee (ISO 12345 Application of Cryptography to Financial Services).

I am involved with the ISF working group, testing the successors to the popular
SPRINT and SARA risk assessment methodologies. I am also involved in
analysing the results of the benchmarking exercise that is run every two years.

I represented HighStreet Bank at the Royal Holloway Identity Management
Club.

I regularly contribute articles to the IISP website and newsletter, and to
discussions on the Online Forum.

I have volunteered to be a Mentor for the IISP and am hoping to be assigned a
Mentee in the coming months.
HighStreet Bank:

Education: MSc in Information Security.

Various in-house courses covering presentation skill, team leadership, finance
and project management.

I am currently studying for a Diploma in Management Studies (DMS), with
emphasis on technology management, with The Open University.

BSc (Oxford Brookes) included two security modules: Risk Management, Basic
Cryptography.
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 14 of 16
Other: Are there any skills that you think should have been included above? If so please add the category, input your score, and
justification for this level.
When assessing your application is there any other information that you think should be considered?
MBCS
Member of the British Computer Society
A.Inst.ISP Associate Member of the Institute of Information Security Professionals
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals® IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The
Institute of Information Security Professionals and may be used only with express permission of the Institute.
App Form V6 Pt 3
Page 15 of 16
APPLICATION PACKAGE Part 4
Candidate’s Surname Smith ____________
SECTION A
Candidate’s Initials JS _________________
Obligations and Certificate
I, the undersigned, agree that, in the event of my election to membership of any category in
the IISP, I will be governed by the Charter, Byelaws and Rules of Conduct of the IISP as they
now are, or as they may hereafter be altered; and that I will advance the objects of the IISP
as far as shall be in my power; provided that, whenever I shall signify in writing to the Chief
Executive that I wish to withdraw from the IISP, I shall after the payment of any arrears which
may be due by me at that period be free from this obligation.
I declare the statements I have made on this form are, to the best of my knowledge, true. I
confirm that I have not committed any offence of which the IISP would require me to give
notice under its Code of Conduct. I understand that the information provided on this form will
be processed by the IISP for its use and that of the IISP’s subsidiary companies for the
purpose of providing goods and services ordered by me and for billing, accounts and sending
me information.
I declare that I am conversant with the Concepts, Definitions and Principles that underpin the
Information Security profession, and am fully aware of the need for and benefits of information
security. I further declare that I am cognisant of those informatics, legal and other disciplines
that are a pre-requisite to my ability to discharge those competencies claimed.
Signature of Candidate
SECTION B
__________________
Date ___________________________________
Details of Sponsors and Referees
Please supply details of at least 2 sponsors or referees
(see Note 4 for definitions).
Sponsor/Referee 1
Name Professor Plum _________________________________________________________
Address for communication Oxford Brookes University, Headington, Oxford, OX1 1AA ______
IISP Membership Number (if applicable)FM00001 ___________________________________
Tel Number 01234 567890 ___________
E-Mail Address [email protected] ____
Sponsor/Referee 2
Name Colonel B Mustard _______________________________________________________
Address for communication MOD, Whitehall, London, WC1 1AA ________________________
IISP Membership Number
(if applicable)FM00002___________________________________
Tel Number 01234567890 ____________
SECTION C
E-Mail Address [email protected] ___
Special Needs for Interview (N/A for Associate/Associate (ITPC) applications)
It is anticipated that some applicants will have special needs for interview. If this applies to
you please note requirements here: (Please note that this may extend the time taken to
arrange interviews) None
SECTION D
Years in the industry
How many years have you worked in the information security industry? 20 Years
Questions? Contact [email protected]
Copyright © The Institute of Information Security Professionals. All rights reserved. The Institute of Information Security Professionals®
IISP®, M.Inst.ISP® and various IISP graphic logos are trademarks owned by The Institute of Information Security Professionals and
may be used only with express permission of the Institute.
App Form V5 Pt4