The investigation, by the Department of Trade & Industry (DTI), aims to assess whether IT users are happy with the service or whether action is needed to improve confidence in the sector.
"Trust is essential to the new economy and providers of security services have a special responsibility to establish trust. The DTI sees this exercise as an opportunity to take stock," said study co-ordinator Geoff Smith.
The investigation follows a series of conflicting claims by government ministers about the impact of a new piece of legislation, the Private Security Industry Act on security consultants.
Although the Act was intended to regulate the physical security industry, including security guards, and nightclub bouncers, ministers have refused to rule out its use to regulate the IT security industry.
The study, which is being compiled by security consultant Chris Sundt, aims to establish how IT users can satisfy themselves that the consultants they use are trustworthy and competent, and whether any initiatives are needed to improve confidence in the sector.
"We are trying to answer basic questions. What do people think the information security industry encompasses? What skills are relevant? Should it include organisations that offer managed services?" said Sundt.
Tell the DTI what you think of security consultants and service providers
1. How do you ensure that security consultants you hire or contract out are competent?
2. How do users address these questions when selecting an information security service provider directly or as part of an outsourced service?
3. Are you aware of any qualifications or accreditation schemes that could help you identify the competence of service providers?
4. Would additional qualifications give you greater confidence?
5. What range of skills do you consider information security to cover, from high-level policy and risk assessment through to configuring products?
6. What initiatives could be introduced to create greater confidence in IT security consultants and service providers?
7. Have you ever suffered loss or damage through the incompetence of IT security consultants or service providers or from rogue security consultants or providers ?
Send your comments, name, contact details, position and the name of your organisation to: firstname.lastname@example.org
This was first published in August 2001