Security threats increase demand for protection

With internet security attacks on the increase and events such as the BT cabling tunnel fire in Manchester, IT security and...

With internet security attacks on the increase and events such as the BT cabling tunnel fire in Manchester, IT security and disaster recovery skills are in demand. There is now growing support for a British Standard on business continuity.

Such a standard would demonstrate to customers that their suppliers had an adequate business continuity plan and tested it regularly to make sure it will work when needed to ensure an uninterrupted service.

Meanwhile, high-powered groups such as the Security Alliance for the Internet (Saint) and the government's Information Insurance Initiative are discussing how best to improve training, standards and qualifications among IT security professionals.

And even those companies that have outsourced their IT overseas need staff to check that software developed offshore meets security standards.

David Lacy, director of security and risk management technology, services and innovation at the Royal Mail Group, said the organisation has had to develop "internal audits" to check offshore-developed software can meet "in-house quality standards."

Lacy has urged the industry to "raise the standard of professionalism" when it comes to security. But the problem with burgeoning security demands seems to have created a skills crisis and a lack a template for security training.

One of the main problems facing IT security professionals is that there is no central body overseeing the training of IT security professionals and no all-encompassing guidelines for companies to follow when it comes to business continuity and security.

"The most established standard for business continuity is BS7799, although it is very generalised and internet security requirements mean the standard does not fully address needs," said security consultant Chris Sundt.

In response, Sundt and other IT security figures and industry groups are considering setting up their own organisation to act as an authority to set standards or guidelines for IT security.

Other experts said that business directors needed to be educated about IT security to give better support to security specialists.

"Boards are very particular beasts and they do not like responsibility over things they do not understand, said Richard Starnes, Cable & Wireless European director of incident response for managed services.

"Boards tend to delegate business continuity to internal committees. The problem is that those individuals given the responsibility are often not given the resources to do the job unless they have a budget, adequate staff and authority in the company they should not take the role on."

Starnes also said companies were often too reactive with business continuity and security planning, and said that activity goes through peaks and troughs.

Security courses

Courses are available from Royal Holloway at the University of London, the University of Glamorgan, Westminster College and Exeter University. See also:

The Sans Institute


British Computer Society

Read more on IT architecture