IT security pushes for professional status

Growth of compliance and business needs drive push for standards

(ISC)2, the global organisation dedicated to training and accrediting IT security staff, has launched an international drive to highlight the professionalism of information security.

What has been an ad hoc career with no universally accepted qualifications or standard career paths is on the verge of becoming an established profession, said Peter Berlich, board member of (ISC)2.

The growth of compliance regulations, the need to integrate business networks securely and the emergence of security as a business driver rather than a cost centre are driving demands to give security professionals the same status as engineers and accountants.

Members of (ISC)2, the International Information Systems Security Certification Consortium, which represents more than 30,000 security professionals worldwide, is working with some of the UK's leading security professionals to develop proposals for a new IT security body, dubbed the Institute for Information Security Professionals.

The body aims to become an organisation for IT security professionals, akin to the IEE for electrical engineers or the IMechE for mechanical engineers. It will accredit security qualifications, lay down minimum standards of knowledge and experience for and create formal continuing professional development programmes.

(ISC)2 is also taking its own steps to raise the standards of professionalism in IT security and has declared 2005 the year of the information security professional.

"The year is designed to highlight, evangelise and promote professionalism in the industry," said Berlich.

(ISC)2's research has shown that security has developed from a purely technical issue into a management issue as businesses have had to place renewed emphasis on corporate accountability and compliance.

Against this background, (ISC)2 believes it is time for information security to be treated as a recognised profession, with a formal career path and widely recognised qualifications and training programmes.

The first stage is to raise awareness of information security as a distinct profession. For (ISC)2 this means running a concerted publicity campaign to highlight the achievements, skills and expertise of IT security professionals.

The programme has won backing from a range of government organisations, users such as General Motors, and universities and IT suppliers.

Berlich said there was no conflict between (ISC)2's work and the work being done by prominent IT security professionals, including some of (ISC)2's own members, to develop a new body for security professionals.

"Anyone who promotes specialisation is an ally," he said. "(ISC)2 is watching this closely and working closely together with the working group."

BT develops formal career plan for security staff>>

Read more on IT risk management