A new professional body for information security
professionals launched today (Monday 27 February) will help raise
the standards of IT security across the UK, leading employers have
said.
The Institute for Information Security Professionals has won
backing from major UK firms, which plan to use it as a benchmark
for hiring IT security staff.
BT, BP, HBOS, Messagelabs, Barclays Bank, Standard Chartered
Bank and government departments including the Cabinet Office and
the Communications Electronic Security Group (CESG) are among the
organisations supporting the new body.
The institute will lay down minimum standards for IT security
professionals, including defining a common body of knowledge, a
career development programme, and a code of ethics.
"There is a huge demand for membership," said Nick Coleman,
interim CEO of the new organisation and head of security services
at IBM. "It is much bigger than I expected. From local authorities
to central government, to independent consultants, to police."
Martin Sadler, director of HP's trusted systems laboratory,
said, "Qualifications such as CISSP (Certified Information Systems
Security Professional) are the standards for knowledge. We want to
go beyond that and look for the soft skills, the judgements that
show people can do the job."
Chris Ensor, programme director at the CESG, said the institute
would provide employers with a way of benchmarking existing
security staff and new recruits.
Tony Neate, industrial liaison officer at the National High Tech
Crime Unit, said the move was "well overdue". He added, "It will
make it easier for law enforcement to obtain expert advice."
The institute grew from a collaboration between an informal
group of security professionals from industry and academia.
It plans to pilot a mentoring programme with the Royal Bank of
Scotland, BP, BT and Vodafone in the next six months. The programme
aims to help companies develop chief information security officers,
and to give security staff an insight into the way other
organisations manage security.
The institute is holding talks with other bodies, including the
British Computer Society and the Institute for Communications
Arbitration and Forensics, about possible collaboration.
IT directors welcome new institute
"I'm completely supportive of the need for a chartered security
professional qualification. I would hope that, over time, the
various different types of qualifications within the industry could
come together under one overall governing body. The Institute for
IT Security Professionals is a good start."
Adam Burstow, IS director at property management firm
Telereal
"The Institute for IT Security Professionals has got to be good
for the industry. Any industry standard for IT security is worth
pursuing."
Steve Hopson, county ICT officer at Cheshire County
Council
"At least you have got some way of knowing what you are getting.
We do insist our own security staff have a Cisco security
qualification."
Tony Wright, director of IT services at University of East
London