Government and industry back IT security professionalism plans

Proposals to create a professional institution that would set minimum standards of professionalism for IT security specialists...

Proposals to create a professional institution that would set minimum standards of professionalism for IT security specialists have won backing from the government and leading businesses.

The Department of Trade & Industry, the Cabinet Office and some of the UK's largest firms, including BP, BT and Royal Bank of Scotland, have agreed to fund development work for the proposed Institute for Information Security Professionals. The aim is for it to be up and running by the end of the year.

Support for the creation of the institute has grown since Computer Weekly first reported the proposals in January. Many IT directors view it as a way to demonstrate the professionalism of their IT security staff in the face of increasing compliance regulations.

"Where will the next generation of IT security professionals come from? This generation have built trust through personal relationships, like a club. How do we get new people in to this club, stand them up before regulators and prove that they are good?" asked Paul Dorey, vice-president for digital security at BP.

A meeting of nearly 100 IT security specialists last week revealed widespread support for a body to professionalise IT security, said Barrie Wyatt, secretary of the working group for the institute. "We have increased the scope of those involved. People know what we are doing. Feedback has been positive. There is momentum now. We are moving forward," he said.

Four working groups of IT security specialists from government and industry plan to create detailed blueprints for the institute within the next four to six weeks. They will produce papers covering the common body of knowledge that IT security professionals need, the skills and training required, a draft code of conduct, and the mechanics of setting up an institution.

The form the institute will take has yet to be decided. One of the options under consideration is the creation of a new body from the Institute for Communications Arbitration and Forensics, with assistance from the British Computer Society and other IT security bodies.

The proposals originated with a group of 15 leading IT security professionals, co-ordinated by Fred Piper, security professor at London University's Royal Holloway College. The group is now consulting on its proposals and aims to draw more support from the IT security profession.

Although support has grown quickly, Piper said the working groups need to win backing for their reports before the institute can move to the next stage.

Read more on IT risk management