Recent discussion and engagement with the information
security industry has shown there is a pressing need to formalise
information security as a profession.
With this in mind, a group of respected leaders in academia,
government and the private sector are now trying to lay the
foundations for the creation of a professional body for information
security specialists.
There are several pressures demanding greater
professionalisation. Information security is now seen as
mission-critical to many companies where accurate, timely and
confidential information underpins the success of valuable business
processes.
Information security is also essential to the proper working of
government and, indeed, society as a whole is dependent on critical
IT infrastructures.
Regulators are increasingly asking directors and senior managers
of organisations to make personal attestations over the state of
their security to enforce accountability.
These directors and managers need to trust that those who are
responsible for the information security of the organisation are
competent and will behave in an ethical manner.
Across business and government there is a need for an
organisation to set standards for professionalism in information
security, and to speak with an independent and authoritative voice
on the subject.
The principal aims of the planned institute will be to advance
the professionalisation of information security, initially within
the UK but in time globally, and to ensure standards of
professionalism of individuals, courses, qualifications and
operating practices.
Those behind the plan believe the institute will act as the
credible and definitive expert voice for the profession to
regulators, auditors, business and government. In so doing, the
institute will improve communications within the information
security profession and between the members of the profession and
government, industry and academia.
It will also enable government and industry to have ready access
to highly professional practitioners in the field of information
assurance and security by providing a vehicle for members to
demonstrate levels of judgement, skill and competence to their own
companies, peers, clients and regulators. It is hoped the institute
will become the vehicle for propagating best practice.
The Cabinet Office Central Sponsor for Information Assurance has
said it believes that the creation of a high-quality professional
body will not only encourage an increase in the number of
individuals entering the industry, but will also raise the standard
of those already in the industry as it introduces entrance
requirements, linked to high-level academic and practical
qualifications and a standard for continuous professional
development.
These are important goals for government, both for its own
information security staff and for the beneficial effect on the UK
economy.
The creation of the institute would be a substantial
contribution to government's national strategy for information
assurance.
And the Communications Electronic Security Group, as the
national technical authority for information assurance, sees this
initiative as a "significant step towards raising the quality of
information security and assurance within the UK", and is looking
at it carefully as a potential basis for the development of
information assurance practitioners within government.
This initiative is not only backed by government, but it is also
supported by the leading professionals in the corporate world.
Organisations backing the initiative include BP, BT, HBOS,
Hewlett-Packard, IBM, RBS, Royal Mail, Vodafone, and the University
of London.
It is this broad backing of government, industry and academia,
as well as the status of the founder members, that will give the
institute initial credibility. And the level of support from these
institutions is high.
BT, for example, has given the institute its unequivocal
support. "The growth of the digital network economy makes it
essential that those securing business and consumer services are
accredited to the highest professional standards," it said.
It is clear that business and the economy as a whole will
benefit from improved professionalism. Members of the profession
will also benefit since the institute will provide a comprehensive
development framework and ongoing support to its members to enable
them to operate at the highest levels.
One of the fundamental principles behind this initiative is that
the institute should be independent.
Although the backing of government and the corporate world is
critical, such a body cannot be subservient to them; it must have a
voice untainted by association with others that may have vested
interests.
The founders recognise that there are other bodies in this field
and are seeking to establish constructive and mutually beneficial
relationships with them. There is no intention to re-invent wheels,
but there is a real need for an authoritative body to equip
information security professionals for the 21st century.
Barrie Wyatt is on secondment from the Communications
Electronic Security Group to Nottingham Policy Centre, University
of Nottingham