The government has introduced new cybersecurity regulations to strengthen digital security across the country. The initiative focuses on improving compliance and audit readiness.
The National Computer Emergency Response Team (NCERT) has outlined clear criteria for cybersecurity professionals. As a result, only qualified experts will provide consultancy services under the Pakistan Information Security Framework.
Focus on IT, Cloud, and OT Security
Under the new framework, consultants will work across three critical domains. These include IT security, Operational Technology security, and cloud security.
Their role will involve identifying system gaps and preparing implementation strategies. Moreover, they will assist organisations during audits and compliance assessments.
This structured approach aims to improve resilience against cyber threats. Therefore, organisations must align with updated security standards.
Consultants Divided Into Four Tiers
NCERT has categorised cybersecurity professionals into four levels. These include Expert, Senior, Junior, and domain-specific specialists.
Each tier comes with defined responsibilities and experience requirements. Consequently, organisations can select consultants based on their security needs.
Expert Consultants will handle complex environments and high-risk systems. Meanwhile, Junior Consultants will support basic assessments under supervision.
Risk-Based Classification for Organisations
The framework also classifies organisations into risk categories. These include CAT-I, CAT-II, CAT-III, and CAT-IV levels.
High-risk organisations must hire Expert Consultants due to system sensitivity. In contrast, lower-risk entities have more flexible requirements.
Senior or Expert Consultants may lead projects in moderate-risk environments. Additionally, Junior Consultants can assist with technical tasks.
Strict Qualification and Certification Requirements
Expert Consultants must meet strict eligibility criteria. They need at least 12 years of IT experience and six years in cybersecurity.
They must also have three years of experience in risk assessments and compliance audits. Furthermore, advanced certifications are mandatory.
These include CISSP, CISM, and domain-specific certifications. Examples include ISO 27001 for IT and ISO/IEC 27017 for cloud security.
For Operational Technology, certifications like ISA/IEC 62443 are required. Therefore, only highly qualified professionals will lead critical projects.
Senior Consultants must meet similar standards but with slightly lower experience. Meanwhile, Junior Consultants require at least three years of experience.
They must also hold certifications such as ISO 27001 or CEH. Their work will focus on foundational security tasks.
Competency Tests to Ensure Quality
NCERT plans to introduce a competency-based evaluation test. This step will verify the technical skills of registered consultants.
As a result, all professionals must meet minimum standards before offering services. This move aims to ensure consistency and reliability.
Conclusion
Pakistanโs new cybersecurity framework marks a significant shift toward stronger digital protection. It introduces clear roles, strict qualifications, and risk-based engagement.
By doing so, it aims to enhance organisational readiness and security compliance. Ultimately, these measures will help build a safer digital environment across the country.
