Security pros must improve, says new body
Qualifications not enough.
By Maxwell Cooter | Techworld | Published: 14:59, 27 February 2006
The IT security industry is ill-served by its existing accreditation procedure and needs more help in handling the increasing number of security threats. Thats the view of the newly-established Institute of Information Security Professionals (IISP) which has been set up to address the knowledge gap in this area.
Speaking at the London launch, the institutes chairman, Paul Dorey, said that the organisation had been formed for two reasons: one was to address the growing demand for information on security, and the second was to address the issue of professional accountability.
He said that existing qualifications such as degree level IT security courses and Cisco's CCSP were excellent in their own way but they were "knowledge qualifications". He said that security professionals needed more than just technical knowledge to do their jobs effectively, likening them to young doctors who needed mentoring after completing the formal part of their medical training.
The IISP has been backed by industry, academia and the UK government. The launch was held at the Department of Trade and Industry (DTI) which has already applied to be one of the founder members.
The organisations CEO, Nick Coleman said that the DTI was in good company. "We have more than 220 applications from individuals and 20 applications from corporates before the formal launch. Were already overwhelmed."
He said that there were three types of membership: full (to be launched in September this year), associate and affiliate. He said that associate members would have to demonstrate technical expertise and full members would be expected to meet even more rigorous criteria. We will carry out due diligence on all applicants, he said.
Coleman said that although the IISP had been set up as a UK organisation, it had already had applications from the U.S., Australia, France and South Korea. "It was our intention to go global at some point in the future," he said but he thought that the interest from other countries was an indication of the need for such an organisation.
The IISP is set to announce a series of initiatives at the forthcoming Infosec exhibition and conference to be held in London in April.