CREST Registered Technical Security Architect

The CREST Registered Technical Security Architect Examination (CRTSA) tests candidates’ knowledge and expertise in a common set of core skills and knowledge for systems architects.   In preparation for the role of Technical Security Architect, it is important that candidates understand its purpose which can typically be summarised as driving beneficial security change into a business through the development or review of architectures so that they:

  • Fit the business requirements for security
  • Mitigate the risks and conform to relevant security policies
  • Balance information risk against the cost of countermeasures

The exam is aimed at individuals seeking to align themselves with the role of a Senior Security Architect and looking to achieve CCP Architect certification (see below).  Successful candidates will have a strong technical ability aligned with experience to recommend high level solutions.  The exam assumes that without adequate technical understanding it is not possible to perform a satisfactory and meaningful risk assessment of the implications of a particular architecture.  Success will confer CREST Registered status to the individual.

Candidates should be able to:

  • Design and implement secure IS architectures
  • Understand the responsibilities of a Security Architect
  • Identify information risks that arise from potential solution architectures
  • Design alternate solutions to mitigate identified information risks
  • Ensure that alternate solutions or countermeasures mitigate identified information risks
  • Apply ‘standard’ security techniques and architectures to mitigate security risks
  • Develop new architectures that mitigate the risks posed by new technologies and business practices
  • Provide consultancy and advice to customers on intrusion analysis and architectural problems
  • Supervise Security Architects reporting to them and understand the difficulties that they may face

Examination Format
The examination is assessed in both Written Multiple Choice and Written Long Form (scenario).  The multiple choice section measures breadth of technical knowledge;  the scenario paper focuses on design and analysis skills.

Candidates are required to achieve a pass in both the multiple choice and written sections to be awarded the qualification.

You can download the following documents from the links below:

Syllabus for the Registered Technical Security Architect examination (previously known as CCIAS)
A generic Guide to the Examination

The Registered Technical Security Architect examination costs £395 + VAT

Recommended Preparation Material
The following material and media has been cited as helpful preparation for this examination by previous candidates:

NCSC Published Guidance

Practitioner Certificate in Information Assurance Architecture (PCIAA)
Certified Information Systems Security Professional (CISSP)
Any Information Security Masters Course from a reputable University

It is also recommended that candidates consider common architectures and try to document possible weaknesses and countermeasures.  Candidates should also familiarise themselves with common security solution components and how they can be used.

Useful Information for Candidates

Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue)
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)

You can read the CREST Privacy Policy on our website regarding personal data we hold.

CESG Certified Professional Scheme

Successful completion of this examination will enable candidates to be considered for the CESG Certified Professional Information Assurance (IA) Architect at Senior/Lead level.

As part of the Government’s investment in cyber security, a consortium has been appointed by the NCSC (formerly CESG) to provide certification for UK Government Information Assurance (IA) professionals.  The consortium has been awarded a licence to issue the CESG Certified Professional (CCP) Mark based on the IISP Skills Framework, as part of a certification scheme driven by the NCSC, the IA arm of GCHQ.

The consortium comprises CREST, the Institute of Information Security Professionals (IISP) and Royal Holloway’s Information Security Group (RHUL), with CREST providing examination for the more technical roles, the IISP certifying competency and RHUL supporting with their experience in setting rigorous and consistent assessment processes.

The certification process is designed to increase levels of professionalism in Information Assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by world-renowned academics and security experts, the Framework has been adopted by GCHQ as the basis for its Certified Professional specification.

This builds on the IISP’s existing competency-based membership programmes, so not only will an individual be certified, but their areas of specialism will be recognised, offering the individual and their customers greater confidence that an individual has the right skills and experience for a role.

For the IA Architect role at Senior/Lead level, candidates will need to have passed the CREST Registered Technical Security Architecture (CR TSA) examination from CREST.  After successfully passing the CREST examination candidates will be called for interview by the IISP.

Applicants can gain certification in one or more of the following roles:

  • Accreditor
  • IA Auditor
  • Communications Security Officer / Crypto Custodian
  • Information Security Officer
  • Security & Information Risk Advisor
  • IA Architect

Details of the application process and the requirements for this role can be found on the IISP website